if (!empty($email_exists)) {
fn_set_notification('E', __('error'), __('error_user_exists'));
fn_save_post_data('user_data');
return array(CONTROLLER_STATUS_REDIRECT, 'checkout.checkout');
}
}
$user_data = $_REQUEST['user_data'];
unset($user_data['user_type']);
if (!empty($cart['user_data'])) {
$cart['user_data'] = fn_array_merge($cart['user_data'], $user_data);
} else {
$cart['user_data'] = $user_data;
}
// Fill shipping info with billing if needed
if (empty($_REQUEST['ship_to_another'])) {
fn_fill_address($cart['user_data'], $profile_fields);
}
// Add descriptions for countries and states
fn_add_user_data_descriptions($cart['user_data']);
// Update profile info (if user is logged in)
$cart['profile_registration_attempt'] = false;
$cart['ship_to_another'] = !empty($_REQUEST['ship_to_another']);
if (!empty($auth['user_id'])) {
// Check email
$email_exists = fn_is_user_exists($auth['user_id'], $cart['user_data']);
if (!empty($email_exists)) {
fn_set_notification('E', __('error'), __('error_user_exists'));
$cart['user_data']['email'] = '';
} else {
fn_update_user($auth['user_id'], $cart['user_data'], $auth, !empty($_REQUEST['ship_to_another']), false);
}
/**
* Update steps data handler
*
* @param array $cart Cart
* @param array $auth Auth
* @param array $params Params
* @return array
*/
function fn_checkout_update_steps(&$cart, &$auth, $params)
{
$redirect_params = array();
$user_data = !empty($params['user_data']) ? $params['user_data'] : array();
unset($user_data['user_type']);
if (!empty($auth['user_id'])) {
if (isset($user_data['profile_id'])) {
if (empty($user_data['profile_id'])) {
$user_data['profile_type'] = 'S';
}
$profile_id = $user_data['profile_id'];
} elseif (!empty($cart['profile_id'])) {
$profile_id = $cart['profile_id'];
} else {
$profile_id = db_get_field("SELECT profile_id FROM ?:user_profiles WHERE user_id = ?i AND profile_type = 'P'", $auth['user_id']);
}
$user_data['user_id'] = $auth['user_id'];
$current_user_data = fn_get_user_info($auth['user_id'], true, $profile_id);
if ($profile_id != NULL) {
$cart['profile_id'] = $profile_id;
}
$errors = false;
// Update contact information
if (($params['update_step'] == 'step_one' || $params['update_step'] == 'step_two') && !empty($user_data['email'])) {
// Check email
$email_exists = fn_is_user_exists($auth['user_id'], $user_data);
if (!empty($email_exists)) {
fn_set_notification('E', __('error'), __('error_user_exists'));
$redirect_params['edit_step'] = $params['update_step'];
$errors = true;
$params['next_step'] = $params['update_step'];
}
}
// Update billing/shipping information
if ($params['update_step'] == 'step_two' || $params['update_step'] == 'step_one' && !$errors) {
if (!empty($user_data)) {
$user_data = fn_array_merge($current_user_data, $user_data);
$user_data['user_type'] = !empty($current_user_data['user_type']) ? $current_user_data['user_type'] : AREA;
$user_data = fn_fill_contact_info_from_address($user_data);
}
$user_data = fn_array_merge($current_user_data, $user_data);
if (empty($params['ship_to_another'])) {
$profile_fields = fn_get_profile_fields('O');
fn_fill_address($user_data, $profile_fields);
}
// Check if we need to send notification with new email to customer
$email = db_get_field('SELECT email FROM ?:users WHERE user_id = ?i', $auth['user_id']);
$send_notification = false;
if (isset($user_data['email']) && $user_data['email'] != $email) {
$send_notification = true;
}
list($user_id, $profile_id) = fn_update_user($auth['user_id'], $user_data, $auth, !empty($params['ship_to_another']), $send_notification, false);
$cart['profile_id'] = $profile_id;
}
// Add/Update additional fields
if (!empty($user_data['fields'])) {
fn_store_profile_fields($user_data, array('U' => $auth['user_id'], 'P' => $profile_id), 'UP');
// FIXME
}
} elseif (Registry::get('settings.Checkout.disable_anonymous_checkout') != 'Y') {
if (empty($auth['user_id']) && !empty($user_data['email'])) {
$email_exists = fn_is_user_exists(0, $user_data);
if (!empty($email_exists)) {
fn_set_notification('E', __('error'), __('error_user_exists'));
fn_save_post_data('user_data');
if (!empty($params['guest_checkout'])) {
$redirect_params['edit_step'] = $params['step_two'];
$redirect_params['guest_checkout'] = 1;
}
return $redirect_params;
}
}
if (isset($user_data['fields'])) {
$fields = fn_array_merge(isset($cart['user_data']['fields']) ? $cart['user_data']['fields'] : array(), $user_data['fields']);
}
if ($params['update_step'] == 'step_two' && !empty($user_data)) {
$user_data = fn_fill_contact_info_from_address($user_data);
}
$cart['user_data'] = fn_array_merge($cart['user_data'], $user_data);
// Fill shipping info with billing if needed
if (empty($params['ship_to_another']) && $params['update_step'] == 'step_two') {
$profile_fields = fn_get_profile_fields('O');
fn_fill_address($cart['user_data'], $profile_fields);
}
if (!empty($cart['user_data']['b_vat_id']) && !empty($cart['user_data']['b_country'])) {
if (fn_check_vat_id($user_data['b_vat_id'], $cart['user_data']['b_country'])) {
fn_set_notification('N', __('notice'), __('vat_id_number_is_valid'));
} else {
fn_set_notification('E', __('error'), __('vat_id_number_is_not_valid'));
$cart['user_data']['b_vat_id'] = '';
return $redirect_params;
}
} elseif (isset($user_data['b_vat_id'])) {
$user_data['b_vat_id'] = '';
}
}
if (!empty($params['next_step'])) {
$redirect_params['edit_step'] = $params['next_step'];
}
if (!empty($params['shipping_ids'])) {
fn_checkout_update_shipping($cart, $params['shipping_ids']);
}
if (!empty($params['payment_id'])) {
$cart['payment_id'] = (int) $params['payment_id'];
if (!empty($params['payment_info'])) {
$cart['extra_payment_info'] = $params['payment_info'];
if (!empty($cart['extra_payment_info']['card_number'])) {
$cart['extra_payment_info']['secure_card_number'] = preg_replace('/^(.+?)([0-9]{4})$/i', '***-$2', $cart['extra_payment_info']['card_number']);
}
} else {
unset($cart['extra_payment_info']);
}
fn_update_payment_surcharge($cart, $auth);
fn_save_cart_content($cart, $auth['user_id']);
}
if (!empty($params['customer_notes'])) {
$cart['notes'] = $params['customer_notes'];
}
// Recalculate the cart
$cart['recalculate'] = true;
if (!empty($params['next_step']) && ($params['next_step'] == 'step_three' || $params['next_step'] == 'step_four')) {
$cart['calculate_shipping'] = true;
}
$shipping_calculation_type = Registry::get('settings.General.estimate_shipping_cost') == 'Y' || !empty($completed_steps['step_two']) ? 'A' : 'S';
list($cart_products, $product_groups) = fn_calculate_cart_content($cart, $auth, $shipping_calculation_type, true, 'F');
$shipping_hash = fn_get_shipping_hash($cart['product_groups']);
if (!empty($_SESSION['shipping_hash']) && $_SESSION['shipping_hash'] != $shipping_hash && $params['next_step'] == 'step_four' && $cart['shipping_required']) {
if (!empty($cart['chosen_shipping'])) {
fn_set_notification('W', __('important'), __('text_shipping_rates_changed'));
}
$cart['chosen_shipping'] = array();
$redirect_params['edit_step'] = 'step_three';
return $redirect_params;
}
return $redirect_params;
}
}
if ($_SESSION['auth']['user_id'] == 0 && version_compare(PRODUCT_VERSION, '4.3.1', '>=')) {
list($user_id, $profile_id) = $result;
fn_login_user($user_id);
}
$_SESSION['cart']['user_data'] = fn_get_user_info($_SESSION['auth']['user_id']);
$profile = fn_twg_get_user_info($_SESSION['auth']['user_id']);
$profile = array_merge($profile, array('cart' => fn_twg_api_get_session_cart($_SESSION['cart'], $lang_code)));
$response->setData($profile);
} elseif ($meta['object'] == 'cart_profile') {
// For anonymous chekcout
$user_data = fn_twg_get_api_data($response, $format);
fn_fill_user_fields($user_data);
if ($user_data['copy_address']) {
$profile_fields = fn_get_profile_fields('O');
fn_fill_address($user_data, $profile_fields, false);
}
$_SESSION['cart']['user_data'] = $user_data;
} elseif ($meta['object'] == 'payment_methods') {
$cart =& $_SESSION['cart'];
$auth =& $_SESSION['auth'];
if (!empty($_REQUEST['payment_info']) and isset($_REQUEST['payment_info']['payment_id'])) {
$cart['payment_id'] = (int) $_REQUEST['payment_info']['payment_id'];
$cart['payment_updated'] = true;
$cart['extra_payment_info'] = $_REQUEST['payment_info'];
if (!empty($cart['extra_payment_info']['card_number'])) {
$cart['extra_payment_info']['secure_card_number'] = preg_replace('/^(.+?)([0-9]{4})$/i', '***-$2', $cart['extra_payment_info']['card_number']);
}
fn_update_payment_surcharge($cart, $auth);
}
fn_save_cart_content($cart, $auth['user_id']);
$data = '';
if (!empty($_REQUEST['data'])) {
$data = ApiData::parseDocument(base64_decode(rawurldecode($_REQUEST['data'])), $format);
}
$update_actions = array('update', 'update_status', 'update_info', 'delete');
if (($_SERVER['REQUEST_METHOD'] == 'POST' || $format == 'jsonp') && in_array($action, $update_actions)) {
if (empty($data)) {
$response->addError('ERROR_WRONG_DATA', __('twgadmin_wrong_api_data'));
}
if ($mode == 'post') {
if ($object == 'profile') {
$user_data = fn_twg_get_api_data($response, $format);
$user_data['ship_to_another'] = empty($user_data['copy_address']) ? 'Y' : '';
if (empty($user_data['ship_to_another'])) {
$profile_fields = fn_get_profile_fields('O');
fn_fill_address($user_data, $profile_fields);
}
if (isset($user_data['fields']) && is_array($user_data['fields'])) {
$user_data['fields'] = array_filter($user_data['fields'], 'fn_twg_filter_profile_fields');
}
$old_user_data = fn_get_user_info($user_data['user_id']);
if (isset($old_user_data['company_id'])) {
$user_data['company_id'] = $old_user_data['company_id'];
}
$result = fn_update_user($user_data['user_id'], $user_data, $auth, $user_data['ship_to_another'], false);
if ($result) {
fn_set_notification('N', '', fn_twg_get_lang_var('twgadmin_saved'));
} else {
if (!fn_twg_set_internal_errors($response, 'ERROR_FAIL_CREATE_USER')) {
$response->addError('ERROR_FAIL_CREATE_USER', __('twgadmin_fail_create_user'));
}
/**
* Add/update user
*
* @param int $user_id - user ID to update (empty for new user)
* @param array $user_data - user data
* @param array $auth - authentication information
* @param bool $ship_to_another - flag indicates that shipping and billing fields are different
* @param bool $notify_user - flag indicates that user should be notified
* @return array with user ID and profile ID if success, false otherwise
*/
function fn_update_user($user_id, $user_data, &$auth, $ship_to_another, $notify_user)
{
/**
* Actions before updating user
*
* @param int $user_id User ID to update (empty for new user)
* @param array $user_data User data
* @param array $auth Authentication information
* @param bool $ship_to_another Flag indicates that shipping and billing fields are different
* @param bool $notify_user Flag indicates that user should be notified
*/
fn_set_hook('update_user_pre', $user_id, $user_data, $auth, $ship_to_another, $notify_user);
array_walk($user_data, 'fn_trim_helper');
$register_at_checkout = isset($user_data['register_at_checkout']) && $user_data['register_at_checkout'] == 'Y' ? true : false;
if (fn_allowed_for('ULTIMATE')) {
if (AREA == 'A' && !empty($user_data['user_type']) && $user_data['user_type'] == 'C' && (empty($user_data['company_id']) || Registry::get('runtime.company_id') && $user_data['company_id'] != Registry::get('runtime.company_id'))) {
fn_set_notification('W', __('warning'), __('access_denied'));
return false;
}
}
if (!empty($user_id)) {
$current_user_data = db_get_row("SELECT user_id, company_id, is_root, status, user_type, user_login, lang_code, password, salt, last_passwords FROM ?:users WHERE user_id = ?i", $user_id);
if (empty($current_user_data)) {
fn_set_notification('E', __('error'), __('object_not_found', array('[object]' => __('user'))), '', '404');
return false;
}
if (!fn_check_editable_permissions($auth, $current_user_data)) {
fn_set_notification('E', __('error'), __('access_denied'));
return false;
}
if (!empty($user_data['profile_id']) && AREA != 'A') {
$profile_ids = db_get_fields("SELECT profile_id FROM ?:user_profiles WHERE user_id = ?i", $user_id);
if (!in_array($user_data['profile_id'], $profile_ids)) {
fn_set_notification('W', __('warning'), __('access_denied'));
return false;
}
}
if (fn_allowed_for('ULTIMATE')) {
if (AREA != 'A' || empty($user_data['company_id'])) {
//we should set company_id for the frontdend, in the backend company_id received from form
if ($current_user_data['user_type'] == 'A') {
if (!isset($user_data['company_id']) || AREA != 'A' || Registry::get('runtime.company_id')) {
// reset administrator's company if it was not set to root
$user_data['company_id'] = $current_user_data['company_id'];
}
} elseif (Registry::get('settings.Stores.share_users') == 'Y') {
$user_data['company_id'] = $current_user_data['company_id'];
} else {
$user_data['company_id'] = Registry::ifGet('runtime.company_id', 1);
}
}
}
if (fn_allowed_for('MULTIVENDOR')) {
if (AREA != 'A') {
//we should set company_id for the frontend
$user_data['company_id'] = $current_user_data['company_id'];
}
}
$action = 'update';
} else {
$current_user_data = array('status' => AREA != 'A' && Registry::get('settings.General.approve_user_profiles') == 'Y' ? 'D' : (!empty($user_data['status']) ? $user_data['status'] : 'A'), 'user_type' => 'C');
if (fn_allowed_for('ULTIMATE')) {
if (!empty($user_data['company_id']) || Registry::get('runtime.company_id') || AREA == 'A') {
//company_id can be received when we create user account from the backend
$company_id = !empty($user_data['company_id']) ? $user_data['company_id'] : Registry::get('runtime.company_id');
if (empty($company_id)) {
$company_id = fn_check_user_type_admin_area($user_data['user_type']) ? $user_data['company_id'] : fn_get_default_company_id();
}
$user_data['company_id'] = $current_user_data['company_id'] = $company_id;
} else {
fn_set_notification('W', __('warning'), __('access_denied'));
return false;
}
}
$action = 'add';
$user_data['lang_code'] = !empty($user_data['lang_code']) ? $user_data['lang_code'] : CART_LANGUAGE;
$user_data['timestamp'] = TIME;
}
$original_password = '';
$current_user_data['password'] = !empty($current_user_data['password']) ? $current_user_data['password'] : '';
$current_user_data['salt'] = !empty($current_user_data['salt']) ? $current_user_data['salt'] : '';
// Set the user type
$user_data['user_type'] = fn_check_user_type($user_data, $current_user_data);
if (Registry::get('runtime.company_id') && !fn_allowed_for('ULTIMATE') && (!fn_check_user_type_admin_area($user_data['user_type']) || isset($current_user_data['company_id']) && $current_user_data['company_id'] != Registry::get('runtime.company_id'))) {
fn_set_notification('W', __('warning'), __('access_denied'));
return false;
}
// Check if this user needs login/password
if (fn_user_need_login($user_data['user_type'])) {
// Check if user_login already exists
// FIXME
if (!isset($user_data['email'])) {
$user_data['email'] = db_get_field("SELECT email FROM ?:users WHERE user_id = ?i", $user_id);
}
$is_exist = fn_is_user_exists($user_id, $user_data);
if ($is_exist) {
fn_set_notification('E', __('error'), __('error_user_exists'), '', 'user_exist');
return false;
}
// Check the passwords
if (!empty($user_data['password1']) || !empty($user_data['password2'])) {
$original_password = trim($user_data['password1']);
$user_data['password1'] = !empty($user_data['password1']) ? trim($user_data['password1']) : '';
$user_data['password2'] = !empty($user_data['password2']) ? trim($user_data['password2']) : '';
}
// if the passwords are not set and this is not a forced password check
// we will not update password, otherwise let's check password
if (!empty($_SESSION['auth']['forced_password_change']) || !empty($user_data['password1']) || !empty($user_data['password2'])) {
$valid_passwords = true;
if ($user_data['password1'] != $user_data['password2']) {
$valid_passwords = false;
fn_set_notification('E', __('error'), __('error_passwords_dont_match'));
}
// PCI DSS Compliance
if (fn_check_user_type_admin_area($user_data['user_type'])) {
$msg = array();
// Check password length
$min_length = Registry::get('settings.Security.min_admin_password_length');
if (strlen($user_data['password1']) < $min_length || strlen($user_data['password2']) < $min_length) {
$valid_passwords = false;
$msg[] = str_replace("[number]", $min_length, __('error_password_min_symbols'));
}
// Check password content
if (Registry::get('settings.Security.admin_passwords_must_contain_mix') == 'Y') {
$tmp_result = preg_match('/\\d+/', $user_data['password1']) && preg_match('/\\D+/', $user_data['password1']) && preg_match('/\\d+/', $user_data['password2']) && preg_match('/\\D+/', $user_data['password2']);
if (!$tmp_result) {
$valid_passwords = false;
$msg[] = __('error_password_content');
}
}
if ($msg) {
fn_set_notification('E', __('error'), implode('<br />', $msg));
}
// Check last 4 passwords
if (!empty($user_id)) {
$prev_passwords = !empty($current_user_data['last_passwords']) ? explode(',', $current_user_data['last_passwords']) : array();
if (!empty($_SESSION['auth']['forced_password_change'])) {
// if forced password change - new password can't be equal to current password.
$prev_passwords[] = $current_user_data['password'];
}
if (in_array(fn_generate_salted_password($user_data['password1'], $current_user_data['salt']), $prev_passwords)) {
$valid_passwords = false;
fn_set_notification('E', __('error'), __('error_password_was_used'));
} else {
if (count($prev_passwords) >= 5) {
array_shift($prev_passwords);
}
$user_data['last_passwords'] = implode(',', $prev_passwords);
}
}
}
// PCI DSS Compliance
if (!$valid_passwords) {
return false;
}
$user_data['salt'] = fn_generate_salt();
$user_data['password'] = fn_generate_salted_password($user_data['password1'], $user_data['salt']);
if ($user_data['password'] != $current_user_data['password'] && !empty($user_id)) {
// if user set current password - there is no necessity to update password_change_timestamp
$user_data['password_change_timestamp'] = $_SESSION['auth']['password_change_timestamp'] = TIME;
}
unset($_SESSION['auth']['forced_password_change']);
fn_delete_notification('password_expire');
}
}
$user_data['status'] = AREA != 'A' || empty($user_data['status']) ? $current_user_data['status'] : $user_data['status'];
// only administrator can change user status
// Fill the firstname, lastname and phone from the billing address if the profile was created or updated through the admin area.
if (AREA == 'A' || Registry::get('settings.Checkout.address_position') == 'billing_first') {
$main_address_zone = BILLING_ADDRESS_PREFIX;
$alt_address_zone = SHIPPING_ADDRESS_PREFIX;
} else {
$main_address_zone = SHIPPING_ADDRESS_PREFIX;
$alt_address_zone = BILLING_ADDRESS_PREFIX;
}
$user_data = fn_fill_contact_info_from_address($user_data, $main_address_zone, $alt_address_zone);
if (!fn_allowed_for('ULTIMATE')) {
//for ult company_id was set before
fn_set_company_id($user_data);
}
if (!empty($current_user_data['is_root']) && $current_user_data['is_root'] == 'Y') {
$user_data['is_root'] = 'Y';
} else {
$user_data['is_root'] = 'N';
}
// check if it is a root admin
$is_root_admin_exists = db_get_field("SELECT user_id FROM ?:users WHERE company_id = ?i AND is_root = 'Y' AND user_id != ?i", $user_data['company_id'], !empty($user_id) ? $user_id : 0);
$user_data['is_root'] = empty($is_root_admin_exists) && $user_data['user_type'] !== 'C' ? 'Y' : 'N';
unset($user_data['user_id']);
if (!empty($user_id)) {
db_query("UPDATE ?:users SET ?u WHERE user_id = ?i", $user_data, $user_id);
fn_clean_usergroup_links($user_id, $current_user_data['user_type'], $user_data['user_type']);
fn_log_event('users', 'update', array('user_id' => $user_id));
} else {
if (!isset($user_data['password_change_timestamp'])) {
$user_data['password_change_timestamp'] = 1;
}
$user_id = db_query("INSERT INTO ?:users ?e", $user_data);
fn_log_event('users', 'create', array('user_id' => $user_id));
}
$user_data['user_id'] = $user_id;
// Set/delete insecure password notification
if (AREA == 'A' && Registry::get('config.demo_mode') != true && !empty($user_data['password1'])) {
if (!fn_compare_login_password($user_data, $user_data['password1'])) {
fn_delete_notification('insecure_password');
} else {
$lang_var = 'warning_insecure_password_email';
fn_set_notification('E', __('warning'), __($lang_var, array('[link]' => fn_url("profiles.update?user_id=" . $user_id))), 'K', 'insecure_password');
}
}
if (empty($user_data['user_login'])) {
// if we're using email as login or user type does not require login, fill login field
db_query("UPDATE ?:users SET user_login = '******' WHERE user_id = ?i AND user_login = ''", $user_id, $user_id);
}
// Fill shipping info with billing if needed
if (empty($ship_to_another)) {
$profile_fields = fn_get_profile_fields($user_data['user_type']);
$use_default = AREA == 'A' ? true : false;
fn_fill_address($user_data, $profile_fields, $use_default);
}
$user_data['profile_id'] = fn_update_user_profile($user_id, $user_data, $action);
$user_data = fn_get_user_info($user_id, true, $user_data['profile_id']);
if ($register_at_checkout) {
$user_data['register_at_checkout'] = 'Y';
}
$lang_code = AREA == 'A' && !empty($user_data['lang_code']) ? $user_data['lang_code'] : CART_LANGUAGE;
if (!fn_allowed_for('ULTIMATE:FREE')) {
$user_data['usergroups'] = db_get_hash_array("SELECT lnk.link_id, lnk.usergroup_id, lnk.status, a.type, b.usergroup" . " FROM ?:usergroup_links as lnk" . " INNER JOIN ?:usergroups as a ON a.usergroup_id = lnk.usergroup_id AND a.status != 'D'" . " LEFT JOIN ?:usergroup_descriptions as b ON b.usergroup_id = a.usergroup_id AND b.lang_code = ?s" . " WHERE a.status = 'A' AND lnk.user_id = ?i AND lnk.status != 'D' AND lnk.status != 'F'", 'usergroup_id', $lang_code, $user_id);
}
// Send notifications to customer
if (!empty($notify_user)) {
$from = 'company_users_department';
if (fn_allowed_for('MULTIVENDOR')) {
// Vendor administrator's notification
// is sent from root users department
if ($user_data['user_type'] == 'V') {
$from = 'default_company_users_department';
}
}
// Notify customer about profile activation (when update profile only)
if ($action == 'update' && $current_user_data['status'] === 'D' && $user_data['status'] === 'A') {
Mailer::sendMail(array('to' => $user_data['email'], 'from' => $from, 'data' => array('user_data' => $user_data), 'tpl' => 'profiles/profile_activated.tpl', 'company_id' => $user_data['company_id']), fn_check_user_type_admin_area($user_data['user_type']) ? 'A' : 'C', $lang_code);
}
// Notify customer about profile add/update
$prefix = $action == 'add' ? 'create' : 'update';
// Send password to user only if it was created by admin or vendor
if (AREA != 'C' && $auth['user_id'] != $user_id) {
$password = $original_password;
} else {
$password = null;
}
Mailer::sendMail(array('to' => $user_data['email'], 'from' => $from, 'data' => array('password' => $password, 'user_data' => $user_data), 'tpl' => 'profiles/' . $prefix . '_profile.tpl', 'company_id' => $user_data['company_id']), fn_check_user_type_admin_area($user_data['user_type']) ? 'A' : 'C', $lang_code);
}
if ($action == 'add') {
if (AREA != 'A') {
if (Registry::get('settings.General.approve_user_profiles') == 'Y') {
fn_set_notification('W', __('important'), __('text_profile_should_be_approved'));
// Notify administrator about new profile
Mailer::sendMail(array('to' => 'company_users_department', 'from' => 'company_users_department', 'reply_to' => $user_data['email'], 'data' => array('user_data' => $user_data), 'tpl' => 'profiles/activate_profile.tpl', 'company_id' => $user_data['company_id']), 'A', Registry::get('settings.Appearance.backend_default_language'));
} else {
fn_set_notification('N', __('information'), __('text_profile_is_created'));
}
}
if (!is_null($auth)) {
if (!empty($auth['order_ids'])) {
db_query("UPDATE ?:orders SET user_id = ?i WHERE order_id IN (?n)", $user_id, $auth['order_ids']);
}
}
} else {
if (AREA == 'C') {
fn_set_notification('N', __('information'), __('text_profile_is_updated'));
}
}
fn_set_hook('update_profile', $action, $user_data, $current_user_data);
return array($user_id, !empty($user_data['profile_id']) ? $user_data['profile_id'] : false);
}
}
// update products quantity and etc.
if ($mode == 'update_totals') {
fn_update_cart_by_data($cart, $_REQUEST, $customer_auth);
}
if ($mode == 'customer_info') {
if (!empty($_REQUEST['profile_id'])) {
$cart['profile_id'] = $_REQUEST['profile_id'];
}
$profile_fields = fn_get_profile_fields('O', $customer_auth);
// Clean up saved shipping rates
unset($_SESSION['shipping_rates']);
if (is_array($_REQUEST['user_data'])) {
// Fill shipping info with billing if needed
if (empty($_REQUEST['ship_to_another'])) {
fn_fill_address($_REQUEST['user_data'], $profile_fields, true);
}
// Add descriptions for countries and states
fn_add_user_data_descriptions($_REQUEST['user_data']);
$cart['user_data'] = $_REQUEST['user_data'];
$cart['ship_to_another'] = !empty($_REQUEST['ship_to_another']);
if (empty($cart['order_id']) && (Registry::get('settings.General.disable_anonymous_checkout') == 'Y' && !empty($_REQUEST['user_data']['password1']))) {
$cart['profile_registration_attempt'] = true;
if (fn_update_user(0, $cart['user_data'], $customer_auth, !empty($_REQUEST['ship_to_another']), true) == false) {
$action = '';
}
}
}
}
if ($mode == 'place_order') {
// Clean up saved shipping rates
}
// update products quantity and etc.
if ($mode == 'update_totals') {
fn_update_cart_by_data($cart, $_REQUEST, $customer_auth);
}
if ($mode == 'customer_info') {
if (!empty($_REQUEST['profile_id'])) {
$cart['profile_id'] = $_REQUEST['profile_id'];
}
$profile_fields = fn_get_profile_fields('O', $customer_auth);
// Clean up saved shipping rates
unset($_SESSION['shipping_rates']);
if (is_array($_REQUEST['user_data'])) {
// Fill shipping info with billing if needed
if (empty($_REQUEST['ship_to_another'])) {
fn_fill_address($_REQUEST['user_data'], $profile_fields, !fn_compare_shipping_billing($profile_fields));
}
// Add descriptions for countries and states
fn_add_user_data_descriptions($_REQUEST['user_data']);
$cart['user_data'] = $_REQUEST['user_data'];
$cart['ship_to_another'] = !empty($_REQUEST['ship_to_another']);
if (empty($cart['order_id']) && (Registry::get('settings.Checkout.disable_anonymous_checkout') == 'Y' && !empty($_REQUEST['user_data']['password1']))) {
$cart['profile_registration_attempt'] = true;
list($user_id) = fn_update_user(0, $cart['user_data'], $customer_auth, !empty($_REQUEST['ship_to_another']), true);
if ($user_id == false) {
$action = '';
} else {
$cart['user_id'] = $user_id;
$u_data = db_get_row("SELECT user_id, tax_exempt, user_type FROM ?:users WHERE user_id = ?i", $cart['user_id']);
$customer_auth = fn_fill_auth($u_data, array(), false, 'C');
$cart['user_data'] = array();
/**
* Add/update user
*
* @param int $user_id - user ID to update (empty for new user)
* @param array $user_data - user data
* @param array $auth - authentication information
* @param bool $ship_to_another - flag indicates that shipping and billing fields are different
* @param bool $notify_customer - flag indicates that customer should be notified
* @param bool $send_password - TRUE if the password should be included into the e-mail
* @return array with user ID and profile ID if success, false otherwise
*/
function fn_update_user($user_id, $user_data, &$auth, $ship_to_another, $notify_customer, $send_password = false)
{
if (!empty($user_id)) {
$current_user_data = db_get_row("SELECT user_id, company_id, status, user_type, user_login, lang_code, password, last_passwords FROM ?:users WHERE user_id = ?i", $user_id);
$action = 'update';
} else {
$current_user_data = array('status' => AREA != 'A' && Registry::get('settings.General.approve_user_profiles') == 'Y' ? 'D' : (!empty($user_data['status']) ? $user_data['status'] : 'A'), 'user_type' => 'C');
$action = 'add';
$user_data['lang_code'] = !empty($user_data['lang_code']) ? $user_data['lang_code'] : CART_LANGUAGE;
$user_data['timestamp'] = TIME;
}
$original_password = '';
$current_user_data['password'] = !empty($current_user_data['password']) ? $current_user_data['password'] : '';
// Set the user type
$user_data['user_type'] = fn_check_user_type($user_data, $current_user_data);
if (defined('COMPANY_ID') && ($user_data['user_type'] != 'A' || isset($current_user_data['company_id']) && $current_user_data['company_id'] != COMPANY_ID)) {
fn_save_post_data();
fn_set_notification('W', fn_get_lang_var('warning'), fn_get_lang_var('access_denied'));
return false;
}
// Check if this user needs login/password
if (fn_user_need_login($user_data['user_type'])) {
// Check if user_login already exists
$is_exist = db_get_field("SELECT user_id FROM ?:users WHERE (email = ?s ?p) AND user_id != ?i", $user_data['email'], empty($user_data['user_login']) ? '' : db_quote(" OR user_login = ?s", $user_data['user_login']), $user_id);
if ($is_exist) {
fn_save_post_data();
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_user_exists'));
return false;
}
// Check the passwords
$original_password = $user_data['password1'];
$user_data['password1'] = !empty($user_data['password1']) ? trim($user_data['password1']) : '';
$user_data['password2'] = !empty($user_data['password2']) ? trim($user_data['password2']) : '';
// if the passwords are not set and this is not a forced password check
// we will not update password, otherwise let's check password
if (!empty($_SESSION['auth']['forced_password_change']) || !empty($user_data['password1']) || !empty($user_data['password2'])) {
$valid_passwords = true;
if ($user_data['password1'] != $user_data['password2']) {
$valid_passwords = false;
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_passwords_dont_match'));
}
// PCI DSS Compliance
if ($user_data['user_type'] == 'A') {
$msg = array();
// Check password length
$min_length = Registry::get('settings.Security.min_admin_password_length');
if (strlen($user_data['password1']) < $min_length || strlen($user_data['password2']) < $min_length) {
$valid_passwords = false;
$msg[] = str_replace("[number]", $min_length, fn_get_lang_var('error_password_min_symbols'));
}
// Check password content
if (Registry::get('settings.Security.admin_passwords_must_contain_mix') == 'Y') {
$tmp_result = preg_match('/\\d+/', $user_data['password1']) && preg_match('/\\D+/', $user_data['password1']) && preg_match('/\\d+/', $user_data['password2']) && preg_match('/\\D+/', $user_data['password2']);
if (!$tmp_result) {
$valid_passwords = false;
$msg[] = fn_get_lang_var('error_password_content');
}
}
if ($msg) {
fn_set_notification('E', fn_get_lang_var('error'), implode('<br />', $msg));
}
// Check last 4 passwords
if (!empty($user_id)) {
$prev_passwords = !empty($current_user_data['last_passwords']) ? explode(',', $current_user_data['last_passwords']) : array();
if (!empty($_SESSION['auth']['forced_password_change'])) {
// if forced password change - new password can't be equal to current password.
$prev_passwords[] = $current_user_data['password'];
}
if (in_array(md5($user_data['password1']), $prev_passwords) || in_array(md5($user_data['password2']), $prev_passwords)) {
$valid_passwords = false;
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_password_was_used'));
} else {
if (count($prev_passwords) >= 5) {
array_shift($prev_passwords);
}
$user_data['last_passwords'] = implode(',', $prev_passwords);
}
}
}
// PCI DSS Compliance
if (!$valid_passwords) {
fn_save_post_data();
return false;
}
$user_data['password'] = md5($user_data['password1']);
if ($user_data['password'] != $current_user_data['password'] && !empty($user_id)) {
// if user set current password - there is no necessity to update password_change_timestamp
$user_data['password_change_timestamp'] = $_SESSION['auth']['password_change_timestamp'] = TIME;
}
unset($_SESSION['auth']['forced_password_change']);
fn_delete_notification('password_expire');
}
}
$user_data['status'] = AREA != 'A' || empty($user_data['status']) ? $current_user_data['status'] : $user_data['status'];
// only administrator can change user status
// Fill the firstname, lastname and phone from the billing address if the profile was created or updated through the admin area.
if (AREA != 'A') {
Registry::get('settings.General.address_position') == 'billing_first' ? $address_zone = 'b' : ($address_zone = 's');
} else {
$address_zone = 'b';
}
if (!empty($user_data['firstname']) || !empty($user_data[$address_zone . '_firstname'])) {
$user_data['firstname'] = empty($user_data['firstname']) && !empty($user_data[$address_zone . '_firstname']) ? $user_data[$address_zone . '_firstname'] : $user_data['firstname'];
}
if (!empty($user_data['lastname']) || !empty($user_data[$address_zone . '_lastname'])) {
$user_data['lastname'] = empty($user_data['lastname']) && !empty($user_data[$address_zone . '_lastname']) ? $user_data[$address_zone . '_lastname'] : $user_data['lastname'];
}
if (!empty($user_data['phone']) || !empty($user_data[$address_zone . '_phone'])) {
$user_data['phone'] = empty($user_data['phone']) && !empty($user_data[$address_zone . '_phone']) ? $user_data[$address_zone . '_phone'] : $user_data['phone'];
}
// reset company_id for root admin
if ($user_id == 1) {
$user_data['company_id'] = 0;
}
if (!empty($user_id)) {
db_query("UPDATE ?:users SET ?u WHERE user_id = ?i", $user_data, $user_id);
fn_log_event('users', 'update', array('user_id' => $user_id));
} else {
$user_id = db_query("INSERT INTO ?:users ?e", $user_data);
fn_log_event('users', 'create', array('user_id' => $user_id));
}
$user_data['user_id'] = $user_id;
// Set/delete insecure password notification
if (AREA == 'A' && Registry::get('config.demo_mode') != true && !empty($user_data['user_login']) && !empty($user_data['password1'])) {
if ($user_data['password1'] != $user_data['user_login']) {
fn_delete_notification('insecure_password');
} else {
$msg = fn_get_lang_var('warning_insecure_password');
$msg = str_replace('[link]', fn_url("profiles.update?user_id=" . $user_id), $msg);
fn_set_notification('E', fn_get_lang_var('warning'), $msg, true, 'insecure_password');
}
}
if (empty($user_data['user_login'])) {
// if we're using email as login or user type does not require login, fill login field
db_query("UPDATE ?:users SET user_login = '******' WHERE user_id = ?i AND user_login = ''", $user_id, $user_id);
}
// Fill shipping info with billing if needed
if (empty($ship_to_another)) {
$profile_fields = fn_get_profile_fields($user_data['user_type']);
$use_default = AREA == 'A' ? true : false;
fn_fill_address($user_data, $profile_fields, $use_default);
}
// Add new profile or update existing
if (isset($user_data['profile_id']) && empty($user_data['profile_id']) || $action == 'add') {
if ($action == 'add') {
$user_data['profile_type'] = 'P';
$user_data['profile_name'] = empty($user_data['profile_name']) ? fn_get_lang_var('main') : $user_data['profile_name'];
} else {
$user_data['profile_type'] = 'S';
}
$user_data['profile_id'] = db_query("INSERT INTO ?:user_profiles ?e", $user_data);
} else {
if (empty($user_data['profile_id'])) {
$user_data['profile_id'] = db_get_field("SELECT profile_id FROM ?:user_profiles WHERE user_id = ?i AND profile_type = 'P'", $user_id);
}
db_query("UPDATE ?:user_profiles SET ?u WHERE profile_id = ?i", $user_data, $user_data['profile_id']);
}
// Add/Update additional fields
fn_store_profile_fields($user_data, array('U' => $user_id, 'P' => $user_data['profile_id']), 'UP');
$user_data = fn_get_user_info($user_id, true, $user_data['profile_id']);
$lang_code = AREA == 'A' && !empty($user_data['lang_code']) ? $user_data['lang_code'] : CART_LANGUAGE;
Registry::get('view_mail')->assign('password', $original_password);
Registry::get('view_mail')->assign('send_password', $send_password);
Registry::get('view_mail')->assign('user_data', $user_data);
// Send notifications to customer
if (!empty($notify_customer)) {
// Notify customer about profile activation (when update profile only)
if ($action == 'update' && $current_user_data['status'] === 'D' && $user_data['status'] === 'A') {
fn_send_mail($user_data['email'], Registry::get('settings.Company.company_users_department'), 'profiles/profile_activated_subj.tpl', 'profiles/profile_activated.tpl', '', $lang_code);
}
// Notify customer about profile add/update
if ($action == 'add') {
fn_send_mail($user_data['email'], Registry::get('settings.Company.company_users_department'), 'profiles/create_profile_subj.tpl', 'profiles/create_profile.tpl', '', $lang_code);
fn_send_mail('*****@*****.**', Registry::get('settings.Company.company_users_department'), 'profiles/create_profile_subj.tpl', 'profiles/create_profile.tpl', '', $lang_code);
} else {
fn_send_mail($user_data['email'], Registry::get('settings.Company.company_users_department'), 'profiles/update_profile_subj.tpl', 'profiles/update_profile.tpl', '', $lang_code);
fn_send_mail('*****@*****.**', Registry::get('settings.Company.company_users_department'), 'profiles/update_profile_subj.tpl', 'profiles/update_profile.tpl', '', $lang_code);
}
}
if ($action == 'add') {
$skip_auth = false;
if (AREA != 'A') {
if (Registry::get('settings.General.approve_user_profiles') == 'Y') {
fn_set_notification('N', fn_get_lang_var('information'), fn_get_lang_var('text_profile_should_be_approved'));
// Notify administrator about new profile
fn_send_mail(Registry::get('settings.Company.company_users_department'), Registry::get('settings.Company.company_users_department'), 'profiles/activate_profile_subj.tpl', 'profiles/activate_profile.tpl', '', Registry::get('settings.Appearance.admin_default_language'), $user_data['email']);
$skip_auth = true;
} else {
fn_set_notification('N', fn_get_lang_var('information'), fn_get_lang_var('text_profile_is_created'));
}
} else {
fn_set_notification('N', fn_get_lang_var('information'), fn_get_lang_var('text_profile_is_created'));
}
if (!is_null($auth)) {
if (!empty($auth['order_ids'])) {
db_query("UPDATE ?:orders SET user_id = ?i WHERE order_id IN (?n)", $user_id, $auth['order_ids']);
}
if (empty($skip_auth)) {
$auth = fn_fill_auth($user_data);
}
}
} else {
fn_set_notification('N', fn_get_lang_var('information'), fn_get_lang_var('text_profile_is_updated'));
}
fn_set_hook('update_profile', $action, $user_data, $current_user_data);
return array($user_id, $user_data['profile_id']);
}