/**
* Updates the password in a customers account
*
* @param string $password The new password
* @param integer $customer_id The ID of the customer account to update
* @access public
* @return boolean
*/
public static function savePassword($password, $customer_id = null)
{
global $lC_Database, $lC_Customer;
if (!is_numeric($customer_id)) {
$customer_id = $lC_Customer->getID();
}
$Qcustomer = $lC_Database->query('update :table_customers set customers_password = :customers_password, date_account_last_modified = :date_account_last_modified where customers_id = :customers_id');
$Qcustomer->bindTable(':table_customers', TABLE_CUSTOMERS);
$Qcustomer->bindValue(':customers_password', lc_encrypt_string($password));
$Qcustomer->bindRaw(':date_account_last_modified', 'now()');
$Qcustomer->bindInt(':customers_id', $customer_id);
$Qcustomer->execute();
return $Qcustomer->affectedRows() === 1;
}
public static function save($id = null, $data, $send_email = true)
{
global $lC_Database, $lC_Language, $lC_DateTime;
$lC_Language->loadIniFile('customers.php');
$error = false;
$result = array();
if (!is_numeric($id) || is_numeric($id)) {
// check that email doesnt exist
$Qcheck = $lC_Database->query('select customers_id from :table_customers where customers_email_address = :customers_email_address');
if (isset($id) && is_numeric($id)) {
$Qcheck->appendQuery('and customers_id != :customers_id');
$Qcheck->bindInt(':customers_id', $id);
}
$Qcheck->appendQuery('limit 1');
$Qcheck->bindTable(':table_customers', TABLE_CUSTOMERS);
$Qcheck->bindValue(':customers_email_address', $data['email_address']);
$Qcheck->execute();
if ($Qcheck->numberOfRows() > 0) {
$error = true;
$result['rpcStatus'] = -2;
}
$Qcheck->freeResult();
if (trim($data['password']) != null) {
// check that passwords match
if (trim($data['password']) != trim($data['confirmation'])) {
$error = true;
$result['rpcStatus'] = -3;
}
}
} else {
// check that passwords match
if (trim($data['password']) != trim($data['confirmation'])) {
$error = true;
$result['rpcStatus'] = -3;
}
}
if ($error === false) {
$lC_Database->startTransaction();
if (is_numeric($id)) {
$Qcustomer = $lC_Database->query('update :table_customers set customers_group_id = :customers_group_id, customers_gender = :customers_gender, customers_firstname = :customers_firstname, customers_lastname = :customers_lastname, customers_email_address = :customers_email_address, customers_dob = :customers_dob, customers_newsletter = :customers_newsletter, customers_status = :customers_status, date_account_last_modified = :date_account_last_modified where customers_id = :customers_id');
$Qcustomer->bindRaw(':date_account_last_modified', 'now()');
$Qcustomer->bindInt(':customers_id', $id);
} else {
$Qcustomer = $lC_Database->query('insert into :table_customers (customers_group_id, customers_gender, customers_firstname, customers_lastname, customers_email_address, customers_dob, customers_newsletter, customers_status, number_of_logons, date_account_created) values (:customers_group_id, :customers_gender, :customers_firstname, :customers_lastname, :customers_email_address, :customers_dob, :customers_newsletter, :customers_status, :number_of_logons, :date_account_created)');
$Qcustomer->bindInt(':number_of_logons', 0);
$Qcustomer->bindRaw(':date_account_created', 'now()');
}
$dob = isset($data['dob']) && !empty($data['dob']) ? lC_DateTime::toDateTime($data['dob']) : '0000-00-00 00:00:00';
$Qcustomer->bindTable(':table_customers', TABLE_CUSTOMERS);
$Qcustomer->bindValue(':customers_gender', $data['gender']);
$Qcustomer->bindValue(':customers_firstname', $data['firstname']);
$Qcustomer->bindValue(':customers_lastname', $data['lastname']);
$Qcustomer->bindValue(':customers_email_address', $data['email_address']);
$Qcustomer->bindValue(':customers_dob', $dob);
$Qcustomer->bindInt(':customers_newsletter', $data['newsletter']);
$Qcustomer->bindInt(':customers_status', $data['status']);
$Qcustomer->bindInt(':customers_group_id', $data['group']);
$Qcustomer->setLogging($_SESSION['module'], $id);
$Qcustomer->execute();
if (!$lC_Database->isError()) {
if (!empty($data['password'])) {
$customer_id = !empty($id) ? $id : $lC_Database->nextID();
$result['new_customer_id'] = $customer_id;
$Qpassword = $lC_Database->query('update :table_customers set customers_password = :customers_password where customers_id = :customers_id');
$Qpassword->bindTable(':table_customers', TABLE_CUSTOMERS);
$Qpassword->bindValue(':customers_password', lc_encrypt_string(trim($data['password'])));
$Qpassword->bindInt(':customers_id', $customer_id);
$Qpassword->setLogging($_SESSION['module'], $customer_id);
$Qpassword->execute();
if ($lC_Database->isError()) {
$error = true;
$result['rpcStatus'] = -1;
}
}
}
}
if ($error === false) {
$lC_Database->commitTransaction();
if ($send_email === true) {
if (empty($id)) {
$full_name = trim($data['firstname'] . ' ' . $data['lastname']);
$email_text = '';
if (ACCOUNT_GENDER > -1) {
if ($data['gender'] == 'm') {
$email_text .= sprintf($lC_Language->get('email_greet_mr'), trim($data['lastname'])) . "\n\n";
} else {
$email_text .= sprintf($lC_Language->get('email_greet_ms'), trim($data['lastname'])) . "\n\n";
}
} else {
$email_text .= sprintf($lC_Language->get('email_greet_general'), $full_name) . "\n\n";
}
$email_text .= sprintf($lC_Language->get('email_text'), STORE_NAME, STORE_OWNER_EMAIL_ADDRESS, trim($data['password']));
$email_subject = sprintf($lC_Language->get('email_subject'), STORE_NAME);
lc_email($full_name, $data['email_address'], $email_subject, $email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
}
}
return $result;
}
$lC_Database->rollbackTransaction();
return $result;
}
/**
* Saves the administrator information
*
* @param integer $id The administrator id used on update, null on insert
* @param array $data An array containing the administrator information
* @access public
* @return array
*/
public static function save($id = null, $data)
{
global $lC_Database;
$error = false;
$result = array();
$Qcheck = $lC_Database->query('select id, language_id from :table_administrators where user_name = :user_name');
if (isset($id) && $id != null) {
$Qcheck->appendQuery('and id != :id');
$Qcheck->bindInt(':id', $id);
}
$Qcheck->appendQuery('limit 1');
$Qcheck->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
$Qcheck->bindValue(':user_name', $data['user_name']);
$Qcheck->execute();
if ($Qcheck->numberOfRows() < 1) {
$lC_Database->startTransaction();
if (isset($id) && $id != null) {
$Qadmin = $lC_Database->query('update :table_administrators set user_name = :user_name, first_name = :first_name, last_name = :last_name, image = :image, access_group_id = :access_group_id, language_id = :language_id, verify_key = :verify_key');
if (isset($data['user_password']) && !empty($data['user_password'])) {
$Qadmin->appendQuery(', user_password = :user_password');
$Qadmin->bindValue(':user_password', lc_encrypt_string(trim($data['user_password'])));
}
$Qadmin->appendQuery('where id = :id');
$Qadmin->bindInt(':id', $id);
} else {
$Qadmin = $lC_Database->query('insert into :table_administrators (user_name, user_password, first_name, last_name, image, access_group_id, language_id, verify_key) values (:user_name, :user_password, :first_name, :last_name, :image, :access_group_id,:language_id, :verify_key)');
$Qadmin->bindValue(':user_password', lc_encrypt_string(trim($data['user_password'])));
}
$Qadmin->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
$Qadmin->bindValue(':user_name', $data['user_name']);
$Qadmin->bindValue(':first_name', $data['first_name']);
$Qadmin->bindValue(':last_name', $data['last_name']);
$Qadmin->bindValue(':image', $data['avatar']);
$Qadmin->bindInt(':access_group_id', $data['access_group_id']);
$Qadmin->bindInt(':language_id', $data['language_id']);
$Qadmin->bindValue(':verify_key', '');
$Qadmin->setLogging($_SESSION['module'], $id);
$Qadmin->execute();
if (!$lC_Database->isError()) {
if (!is_numeric($id)) {
$id = $lC_Database->nextID();
$new = 1;
}
} else {
$error = true;
}
if ($error === false) {
$lC_Database->commitTransaction();
if (!$new) {
// check for language changes and set session accordingly
if ($data['language_id'] != $Qcheck->value('language_id')) {
$_SESSION['admin']['language_id'] = $data['language_id'];
}
$_SESSION['admin']['username'] = $data['user_name'];
$_SESSION['admin']['firstname'] = $data['first_name'];
$_SESSION['admin']['lastname'] = $data['last_name'];
}
} else {
$lC_Database->rollbackTransaction();
$result['rpcStatus'] = -1;
}
} else {
$result['rpcStatus'] = -2;
}
return $result;
}
public static function passwordChange($pass, $email)
{
global $lC_Database;
$lC_Database->startTransaction();
// update the password
$Qpass = $lC_Database->query('update :table_administrators set user_password = :user_password where user_name = :user_name');
$Qpass->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
$Qpass->bindValue(':user_password', lc_encrypt_string(trim($pass)));
$Qpass->bindValue(':user_name', $email);
$Qpass->setLogging($_SESSION['module'], $email);
$Qpass->execute();
// successful password update, move on
if (!$lC_Database->isError()) {
// get user info
$Qadmin = $lC_Database->query('select * from :table_administrators where user_name = :user_name');
$Qadmin->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
$Qadmin->bindValue(':user_name', $email);
$Qadmin->execute();
// set session info
$_SESSION['admin'] = array('id' => $Qadmin->valueInt('id'), 'firstname' => $Qadmin->value('first_name'), 'lastname' => $Qadmin->value('last_name'), 'username' => $Qadmin->value('user_name'), 'password' => $Qadmin->value('user_pasword'), 'access' => lC_Access::getUserLevels($Qadmin->valueInt('access_group_id')));
// remove key to stop further changes with this key
$Qkeyremove = $lC_Database->query('update :table_administrators set verify_key = :verify_key where user_name = :user_name');
$Qkeyremove->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
$Qkeyremove->bindValue(':user_name', $email);
$Qkeyremove->bindValue(':verify_key', null);
$Qkeyremove->execute();
$lC_Database->commitTransaction();
$_SESSION['user_confirmed_email'] = null;
$_SESSION['user_not_exists'] = null;
return true;
} else {
$lC_Database->rollbackTransaction();
return false;
}
}
$Qupdate->bindTable(':table_configuration', TABLE_CONFIGURATION);
$Qupdate->bindValue(':configuration_value', '"' . $_POST['CFG_STORE_OWNER_NAME'] . '" <' . $_POST['CFG_STORE_OWNER_EMAIL_ADDRESS'] . '>');
$Qupdate->bindValue(':configuration_key', 'EMAIL_FROM');
$Qupdate->execute();
}
$Qcheck = $lC_Database->query('select user_name from :table_administrators where user_name = :user_name');
$Qcheck->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
$Qcheck->bindValue(':user_name', $_POST['CFG_ADMINISTRATOR_USERNAME']);
$Qcheck->execute();
if ($Qcheck->numberOfRows()) {
$Qadmin = $lC_Database->query('update :table_administrators set user_password = :user_password, first_name = :first_name, last_name = :last_name, access_group_id = :access_group_id where user_name = :user_name');
} else {
$Qadmin = $lC_Database->query('insert into :table_administrators (user_name, user_password, first_name, last_name, access_group_id) values (:user_name, :user_password, :first_name, :last_name, :access_group_id)');
}
$Qadmin->bindTable(':table_administrators', TABLE_ADMINISTRATORS);
$Qadmin->bindValue(':user_password', lc_encrypt_string(trim($_POST['CFG_ADMINISTRATOR_PASSWORD'])));
$Qadmin->bindValue(':user_name', $_POST['CFG_ADMINISTRATOR_USERNAME']);
$Qadmin->bindValue(':first_name', $_POST['CFG_STORE_OWNER_FIRST_NAME']);
$Qadmin->bindValue(':last_name', $_POST['CFG_STORE_OWNER_LAST_NAME']);
$Qadmin->bindInt(':access_group_id', 1);
$Qadmin->execute();
?>
<form name="upgrade" id="upgradeForm" action="upgrade.php?step=7" method="post" class="block wizard-enabled">
<span style="width:48%;" class="with-small-padding" style="padding: 10px 0 10px 0;" id="image"><img src="templates/img/logo.png" border="0"></span>
<span class="with-small-padding float-right hide-on-mobile" id="logoContainer"><img style="padding-right:10px;" src="templates/img/new_version.png" border="0"></span>
<ul class="wizard-steps">
<li class="completed hide-on-mobile"><span class="wizard-step">1</span><?php
echo $lC_Language->get('upgrade_nav_text_1');
?>
</li>
<li class="completed hide-on-mobile"><span class="wizard-step">2</span><?php
