/** * Fucntion changes company status. Allowed statuses are A(ctive) and D(isabled) * * @param int $company_id * @param string $status_to A or D * @param string $reason The reason of the change * @param string $status_from Previous status * @param boolean $skip_query By default false. Update query might be skipped if status is already changed. * @return boolean True on success or false on failure */ function fn_companies_change_status($company_id, $status_to, $reason = '', &$status_from = '', $skip_query = false, $notify = true) { if (empty($status_from)) { $status_from = db_get_field("SELECT status FROM ?:companies WHERE company_id = ?i", $company_id); } if (!in_array($status_to, array('A', 'P', 'D')) || $status_from == $status_to) { return false; } $result = $skip_query ? true : db_query("UPDATE ?:companies SET status = ?s WHERE company_id = ?i", $status_to, $company_id); if (!$result) { return false; } $company_data = fn_get_company_data($company_id); $account = $username = ''; if ($status_from == 'N' && ($status_to == 'A' || $status_to == 'P')) { if (Registry::get('settings.Vendors.create_vendor_administrator_account') == 'Y') { if (!empty($company_data['request_user_id'])) { $password_change_timestamp = db_get_field("SELECT password_change_timestamp FROM ?:users WHERE user_id = ?i", $company_data['request_user_id']); $_set = ''; if (empty($password_change_timestamp)) { $_set = ", password_change_timestamp = 1 "; } db_query("UPDATE ?:users SET company_id = ?i, user_type = 'V'{$_set} WHERE user_id = ?i", $company_id, $company_data['request_user_id']); $username = fn_get_user_name($company_data['request_user_id']); $account = 'updated'; $msg = __('new_administrator_account_created') . '<a href="' . fn_url('profiles.update?user_id=' . $company_data['request_user_id']) . '">' . __('you_can_edit_account_details') . '</a>'; fn_set_notification('N', __('notice'), $msg, 'K'); } else { $user_data = array(); if (!empty($company_data['request_account_name'])) { $user_data['user_login'] = $company_data['request_account_name']; } else { $user_data['user_login'] = $company_data['email']; } $request_account_data = unserialize($company_data['request_account_data']); $user_data['fields'] = $request_account_data['fields']; $user_data['firstname'] = $user_data['b_firstname'] = $user_data['s_firstname'] = $request_account_data['admin_firstname']; $user_data['lastname'] = $user_data['b_lastname'] = $user_data['s_lastname'] = $request_account_data['admin_lastname']; $user_data['user_type'] = 'V'; $user_data['password1'] = fn_generate_password(); $user_data['password2'] = $user_data['password1']; $user_data['status'] = 'A'; $user_data['company_id'] = $company_id; $user_data['email'] = $company_data['email']; $user_data['company'] = $company_data['company']; $user_data['last_login'] = 0; $user_data['lang_code'] = $company_data['lang_code']; $user_data['password_change_timestamp'] = 0; // Copy vendor admin billing and shipping addresses from the company's credentials $user_data['b_address'] = $user_data['s_address'] = $company_data['address']; $user_data['b_city'] = $user_data['s_city'] = $company_data['city']; $user_data['b_country'] = $user_data['s_country'] = $company_data['country']; $user_data['b_state'] = $user_data['s_state'] = $company_data['state']; $user_data['b_zipcode'] = $user_data['s_zipcode'] = $company_data['zipcode']; list($added_user_id, $null) = fn_update_user(0, $user_data, $null, false, false); if ($added_user_id) { $msg = __('new_administrator_account_created') . '<a href="' . fn_url('profiles.update?user_id=' . $added_user_id) . '">' . __('you_can_edit_account_details') . '</a>'; fn_set_notification('N', __('notice'), $msg, 'K'); $username = $user_data['user_login']; $account = 'new'; } } } } if (empty($user_data)) { $user_id = db_get_field("SELECT user_id FROM ?:users WHERE company_id = ?i AND is_root = 'Y' AND user_type = 'V'", $company_id); $user_data = fn_get_user_info($user_id); } if ($notify && !empty($company_data['email'])) { $e_username = ''; $e_account = ''; $e_password = ''; if ($status_from == 'N' && ($status_to == 'A' || $status_to == 'P')) { $e_username = $username; $e_account = $account; if ($account == 'new') { $e_password = $user_data['password1']; } } $mail_template = fn_strtolower($status_from . '_' . $status_to); Mailer::sendMail(array('to' => $company_data['email'], 'from' => 'default_company_support_department', 'data' => array('user_data' => $user_data, 'reason' => $reason, 'status' => __($status_to == 'A' ? 'active' : 'disabled'), 'e_username' => $e_username, 'e_account' => $e_account, 'e_password' => $e_password), 'company_id' => $company_id, 'tpl' => 'companies/status_' . $mail_template . '_notification.tpl'), 'A'); } return $result; }
function fn_ult_check_store_permission($params, &$redirect_controller) { $result = true; $controller = Registry::get('runtime.controller'); $redirect_controller = $controller; // FIXME: move in schema switch ($controller) { case 'products': if (!empty($params['product_id'])) { $key = 'product_id'; $key_id = $params[$key]; $table = 'products'; $object_name = fn_get_product_name($key_id, DESCR_SL); $object_type = __('product'); $check_store_permission = array('func' => 'fn_ult_check_store_permission_product', 'args' => array('$table', '$key', '$key_id')); } break; case 'categories': if (!empty($params['category_id'])) { $key = 'category_id'; $key_id = $params[$key]; $table = 'categories'; $object_name = fn_get_category_name($key_id, DESCR_SL); $object_type = __('category'); } break; case 'orders': if (!empty($params['order_id'])) { $key = 'order_id'; $key_id = $params[$key]; $table = 'orders'; $object_name = '#' . $key_id; $object_type = __('order'); } break; case 'shippings': if (!empty($params['shipping_id'])) { $key = 'shipping_id'; $key_id = $params[$key]; $table = 'shippings'; $object_name = fn_get_shipping_name($key_id, DESCR_SL); $object_type = __('shipping'); } break; case 'promotions': if (!empty($params['promotion_id'])) { $key = 'promotion_id'; $key_id = $params[$key]; $table = 'promotions'; $object_name = fn_get_promotion_name($key_id, DESCR_SL); $object_type = __('promotion'); } break; case 'pages': if (!empty($params['page_id'])) { $key = 'page_id'; $key_id = $params[$key]; $table = 'pages'; $object_name = fn_get_page_name($key_id, DESCR_SL); $object_type = __('content'); } break; case 'profiles': if (!empty($params['user_id'])) { $key = 'user_id'; $key_id = $params[$key]; $table = 'users'; $object_name = fn_get_user_name($key_id, DESCR_SL); $object_type = __('user'); $check_store_permission = array('func' => 'fn_ult_check_store_permission_profiles', 'args' => array('$params', '$table', '$key', '$key_id')); } break; case 'settings': if (!empty($params['section_id'])) { $object_name = $params['section_id']; $object_type = __('section'); $table = 'settings'; $check_store_permission = array('func' => 'fn_ult_check_store_permission_settings', 'args' => array('$object_name')); } break; case 'shipments': if (!empty($params['shipment_id'])) { $key = 'shipment_id'; $key_id = $params[$key]; $table = 'shipments'; $object_name = '#' . $key_id; $object_type = __('shipment'); $check_store_permission = array('func' => 'fn_ult_check_store_permission_shipments', 'args' => array('$key_id')); } break; case 'static_data': if (!empty($params['menu_id'])) { $key = 'menu_id'; $key_id = $params[$key]; $table = 'menus'; $object_name = fn_get_menu_name($key_id); $object_type = __('menu'); $redirect_controller = 'menus'; } break; case 'companies': if (!empty($params['company_id'])) { $key = 'company_id'; $key_id = $params[$key]; $table = 'companies'; $object_name = fn_get_company_name($key_id); $object_type = __('company'); } break; } fn_set_hook('ult_check_store_permission', $params, $object_type, $object_name, $table, $key, $key_id); if (!empty($object_name)) { if (!empty($check_store_permission)) { $args = array(); foreach ($check_store_permission['args'] as $arg) { if ($arg[0] == '$') { $arg = ltrim($arg, "\$"); $args[] = ${$arg}; } } $result = call_user_func_array($check_store_permission['func'], $args); } else { $result = fn_check_company_id($table, $key, $key_id) || fn_check_shared_company_id($table, $key_id); } } fn_set_hook('ult_check_store_permission_post', $params, $object_type, $object_name, $result); if ($result == false) { fn_set_notification('W', __('warning'), __('store_object_denied', array('[object_type]' => $object_type, '[object_name]' => fn_truncate_chars($object_name, 20))), '', 'store_object_denied'); } return $result; }
/** * Fucntion changes company status. Allowed statuses are A(ctive) and D(isabled) * * @param int $company_id * @param string $status_to A or D * @param string $reason The reason of the change * @param string $status_from Previous status * @param boolean $skip_query By default false. Update query might be skipped if status is already changed. * @return boolean True on success or false on failure */ function fn_change_company_status($company_id, $status_to, $reason = '', &$status_from = '', $skip_query = false, $notify = true) { /** * Actions before change company status * * @param int $company_id Company ID * @param string $status_to Status to letter * @param string $reason Reason text * @param string $status_from Status from letter * @param bool $skip_query Skip query flag * @param bool $notify Notify flag */ fn_set_hook('change_company_status_pre', $company_id, $status_to, $reason, $status_from, $skip_query, $notify); if (empty($status_from)) { $status_from = db_get_field("SELECT status FROM ?:companies WHERE company_id = ?i", $company_id); } if (!in_array($status_to, array('A', 'P', 'D')) || $status_from == $status_to) { return false; } $result = $skip_query ? true : db_query("UPDATE ?:companies SET status = ?s WHERE company_id = ?i", $status_to, $company_id); if (!$result) { return false; } $company_data = fn_get_company_data($company_id); $account = $username = ''; if ($status_from == 'N' && ($status_to == 'A' || $status_to == 'P')) { if (Registry::get('settings.Vendors.create_vendor_administrator_account') == 'Y') { if (!empty($company_data['request_user_id'])) { $password_change_timestamp = db_get_field("SELECT password_change_timestamp FROM ?:users WHERE user_id = ?i", $company_data['request_user_id']); $_set = ''; if (empty($password_change_timestamp)) { $_set = ", password_change_timestamp = 1 "; } db_query("UPDATE ?:users SET company_id = ?i, user_type = 'V'{$_set} WHERE user_id = ?i", $company_id, $company_data['request_user_id']); $username = fn_get_user_name($company_data['request_user_id']); $account = 'updated'; $msg = __('new_administrator_account_created') . '<a href="' . fn_url('profiles.update?user_id=' . $company_data['request_user_id']) . '">' . __('you_can_edit_account_details') . '</a>'; fn_set_notification('N', __('notice'), $msg, 'K'); } else { $_company_data = $company_data + unserialize($company_data['request_account_data']); $_company_data['status'] = 'A'; if (!empty($_company_data['request_account_name'])) { $_company_data['admin_username'] = $_company_data['request_account_name']; } $user_data = fn_create_company_admin($_company_data, $_company_data['fields'], false); if (!empty($user_data['user_id'])) { $username = $user_data['user_login']; $account = 'new'; } } } } if (empty($user_data)) { $user_id = db_get_field("SELECT user_id FROM ?:users WHERE company_id = ?i AND is_root = 'Y' AND user_type = 'V'", $company_id); $user_data = fn_get_user_info($user_id); } /** * Actions between change company status and send mail * * @param int $company_id Company ID * @param string $status_to Status to letter * @param string $reason Reason text * @param string $status_from Status from letter * @param bool $skip_query Skip query flag * @param bool $notify Notify flag * @param array $company_data Company data * @param array $user_data User data * @param bool $result Updated flag */ fn_set_hook('change_company_status_before_mail', $company_id, $status_to, $reason, $status_from, $skip_query, $notify, $company_data, $user_data, $result); if ($notify && !empty($company_data['email'])) { $e_username = ''; $e_account = ''; $e_password = ''; if ($status_from == 'N' && ($status_to == 'A' || $status_to == 'P')) { $e_username = $username; $e_account = $account; if ($account == 'new') { $e_password = $user_data['password1']; } } $mail_template = fn_strtolower($status_from . '_' . $status_to); Mailer::sendMail(array('to' => $company_data['email'], 'from' => 'default_company_support_department', 'data' => array('user_data' => $user_data, 'reason' => $reason, 'status' => __($status_to == 'A' ? 'active' : 'disabled'), 'e_username' => $e_username, 'e_account' => $e_account, 'e_password' => $e_password), 'company_id' => $company_id, 'tpl' => 'companies/status_' . $mail_template . '_notification.tpl'), 'A'); } return $result; }
<?php /*************************************************************************** * * * (c) 2004 Vladimir V. Kalynyak, Alexey V. Vinokurov, Ilya M. Shalnev * * * * This is commercial software, only users who have purchased a valid * * license and accept to the terms of the License Agreement can install * * and use this program. * * * **************************************************************************** * PLEASE READ THE FULL TEXT OF THE SOFTWARE LICENSE AGREEMENT IN THE * * "copyright.txt" FILE PROVIDED WITH THIS DISTRIBUTION PACKAGE. * ****************************************************************************/ if (!defined('BOOTSTRAP')) { die('Access denied'); } use Tygh\Registry; $viewed_categories = db_get_array('SELECT * FROM ?:advanced_addon_data'); if (!empty($viewed_categories)) { foreach ($viewed_categories as $key => $category_data) { $category_data['user_name'] = fn_get_user_name($category_data['user_id']); $category_data['categories'] = unserialize($category_data['categories']); $category_data['categories'] = fn_get_category_name(array_keys($category_data['categories'])); $viewed_categories[$key] = $category_data; } Registry::get('view')->assign('viewed_categories', $viewed_categories); }