* @package AgileBill
* @version 1.4.93
*/
class account
{
var $parent_id;
# Open the constructor for this mod
function account_construct()
{
# name of this module:
$this->module = "account";
# location of the construct XML file:
$this->xml_construct = PATH_MODULES . "" . $this->module . "/" . $this->module . "_construct.xml";
# open the construct file for parsing
$C_xml = new CORE_xml;
$construct = $C_xml->xml_to_array($this->xml_construct);
$this->method = $construct["construct"]["method"];
$this->trigger = $construct["construct"]["trigger"];
$this->field = $construct["construct"]["field"];
$this->table = $construct["construct"]["table"];
$this->module = $construct["construct"]["module"];
$this->cache = $construct["construct"]["cache"];
$this->order_by = $construct["construct"]["order_by"];
$this->limit = $construct["construct"]["limit"];
}
/** add sub account */
function sub_account_add($VAR) {
if(!SESS_LOGGED) return false;
$this->parent_id=SESS_ACCOUNT;
if($this->add($VAR, $this)) {
// add any additional groups
if(!empty($VAR['groups']) && is_array($VAR['groups'])) {
global $C_auth;
$db=&DB();
foreach($VAR['groups'] as $key => $gid) {
if($C_auth->auth_group_by_id($gid)) {
$fields=Array('account_id'=>$this->account_id, 'active'=>1, 'group_id'=>$gid, 'date_orig'=>time());
$db->Execute($sql=sqlInsert($db,"account_group",$fields));
}
}
}
define('FORCE_PAGE', 'account:account');
global $C_debug;
$C_debug->alert("The sub-account has been added");
}
}
/** delete sub account */
function sub_delete($VAR) {
// return false;
// verify perms
if(empty($VAR['id']) || !$this->isParentAccount($VAR['id'])) {
return false;
}
// ok, do deletion
include_once(PATH_MODULES.'account_admin/account_admin.inc.php');
$aa = new account_admin;
$VAR['account_admin_id'] = $VAR['id'];
$aa->delete($VAR);
}
/* check if sub account auth */
function isParentAccount($sub_account_id) {
$db=&DB();
$rs = $db->Execute(sqlSelect($db,"account","parent_id","id=". $db->qstr($sub_account_id)."
AND parent_id != 0 AND parent_id IS NOT NULL AND parent_id != ''
AND parent_id = ". $db->qstr(SESS_ACCOUNT)));
if($rs && $rs->RecordCount()) {
return true;
}
return false;
}
/** Get authorized groups */
function get_auth_groups($VAR) {
$groups = false;
global $smarty, $C_auth;
$db=&DB();
/* get groups for this account */
$authgrp=array();
if(!empty($VAR['id'])) {
$grs = $db->Execute(sqlSelect($db,"account_group","group_id","group_id>2 and active=1 and account_id=". $db->qstr($VAR['id'])));
if($grs && $grs->RecordCount()) {
while(!$grs->EOF) {
$authgrp["{$grs->fields['group_id']}"] = true;
$grs->MoveNext();
}
}
}
$ids = implode(",", $C_auth->group);
$rs = $db->Execute($sql=sqlSelect($db,"group","id,name","id in ($ids) and id > 2"));
if($rs && $rs->RecordCount()) {
while(!$rs->EOF) {
$gid = $rs->fields['id'];
if ( (!empty($VAR['groups']) && is_array($VAR['groups']) && !empty($VAR['groups'][$gid]))
|| (!empty($authgrp["$gid"])) )
$rs->fields['checked']=true;
$groups[] = $rs->fields;
$rs->MoveNext();
}
}
$smarty->assign("groups", $groups);
}
/**
* Check account limitations
*/
function checkLimits() {
if(!defined('AGILE_RST_ACCOUNT') || AGILE_RST_ACCOUNT <= 0) return true;
$sql="SELECT count(*) as totalacct from ".AGILE_DB_PREFIX."account WHERE site_id=".DEFAULT_SITE;
$db=&DB();
$rs=$db->Execute($sql);
if($rs && $rs->RecordCount() && $rs->fields['totalacct'] <= AGILE_RST_ACCOUNT) {
return true;
} else {
global $C_debug;
$C_debug->alert("Licensed user limit of ".AGILE_RST_ACCOUNT." exceeded, operation failed.");
return false;
}
return true;
}
##############################
## ADD ##
##############################
function add($VAR)
{
if(!$this->checkLimits()) return false; // check account limits
$this->account_construct();
global $C_list, $C_translate, $C_debug, $VAR, $smarty;
$this->validated = true;
### Set the hidden values:
$VAR['account_date_orig'] = time();
$VAR['account_date_last'] = time();
if(defined("SESS_LANGUAGE"))
@$VAR['account_language_id'] = SESS_LANGUAGE;
else
@$VAR['account_language_id'] = DEFAULT_LANGUAGE;
if(defined("SESS_AFFILIATE"))
@$VAR['account_affiliate_id']= SESS_AFFILIATE;
else
@$VAR['account_affiliate_id']= DEFAULT_AFFILIATE;
if(defined("SESS_RESELLER"))
@$VAR['account_reseller_id'] = SESS_RESELLER;
else
@$VAR['account_reseller_id'] = DEFAULT_RESELLER;
if(defined("SESS_CURRENCY"))
@$VAR['account_currency_id'] = SESS_CURRENCY;
else
@$VAR['account_currency_id'] = DEFAULT_CURRENCY;
if(defined("SESS_THEME"))
@$VAR['account_theme_id'] = SESS_THEME;
else
@$VAR['account_theme_id'] = DEFAULT_THEME;
if(defined("SESS_CAMPAIGN"))
@$VAR['account_campaign_id'] = SESS_CAMPAIGN;
else
@$VAR['account_campaign_id'] = 0;
if(!isset($VAR['account_email_type']) && @$VAR['account_email_type'] != "1")
@$VAR['account_email_type'] = '0';
### Determine the proper account status:
if(DEFAULT_ACCOUNT_STATUS != '1')
$status = '1';
else
$status = '0';
## Single field login:
if(defined('SINGLE_FIELD_LOGIN') && SINGLE_FIELD_LOGIN==true && empty($VAR['account_password'])) {
$VAR['account_password']='none';
$VAR['confirm_password']='none';
}
####################################################################
### loop through the field list to validate the required fields
####################################################################
$type = 'add';
$this->method["$type"] = preg_split("/,/", $this->method["$type"]);
$arr = $this->method["$type"];
include_once(PATH_CORE . 'validate.inc.php');
$validate = new CORE_validate;
$this->validated = true;
while (list ($key, $value) = each ($arr))
{
# get the field value
$field_var = $this->module . '_' . $value;
$field_name = $value;
####################################################################
### perform any field validation...
####################################################################
# check if this value is unique
if(isset($this->field["$value"]["unique"]) && isset($VAR["$field_var"]))
{
if(!$validate->validate_unique($this->table, $field_name, "record_id", $VAR["$field_var"]))
{
$this->validated = false;
$this->val_error[] = array('field' => $this->table . '_' . $field_name,
'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), # translate
'error' => $C_translate->translate('validate_unique',"", ""));
}
}
# check if the submitted value meets the specifed requirements
if(isset($this->field["$value"]["validate"]))
{
if(isset($VAR["$field_var"]))
{
if($VAR["$field_var"] != '')
{
if(!$validate->validate($field_name, $this->field["$value"], $VAR["$field_var"], $this->field["$value"]["validate"]))
{
$this->validated = false;
$this->val_error[] = array('field' => $this->module . '_' . $field_name,
'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""),
'error' => $validate->error["$field_name"] );
}
}
else
{
$this->validated = false;
$this->val_error[] = array('field' => $this->module . '_' . $field_name,
'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""),
'error' => $C_translate->translate('validate_any',"", ""));
}
}
else
{
$this->validated = false;
$this->val_error[] = array('field' => $this->module . '_' . $field_name,
'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""),
'error' => $C_translate->translate('validate_any',"", ""));
}
}
}
####################################################################
### Validate the password
####################################################################
if(isset($VAR['account_password']) && $VAR['account_password'] != "")
{
if(isset($VAR['confirm_password']) && $VAR['account_password'] == $VAR['confirm_password'])
{
$password = $VAR['account_password'];
$smarty->assign('confirm_account_password', $VAR["account_password"]);
}
else
{
### ERROR: The passwords provided do not match!
$smarty->assign('confirm_account_password', '');
$this->validated = false;
$this->val_error[] = array('field' => 'account_confirm_password',
'field_trans' => $C_translate->translate('field_confirm_password', $this->module, ""), # translate
'error' => $C_translate->translate('password_change_match',"account", ""));
}
}
else
{
$smarty->assign('confirm_account_password', '');
}
####################################################################
### Validate that the user's IP & E-mail are not banned!
####################################################################
if($this->validated)
{
require_once(PATH_MODULES . 'blocked_email/blocked_email.inc.php');
$blocked_email = new blocked_email;
if(!$blocked_email->is_blocked($VAR['account_email']))
$this->val_error[] = array(
'field' => 'account_email',
'field_trans' => $C_translate->translate('field_email', $this->module, ""),
'error' => $C_translate->translate('validate_banned_email',"", ""));
require_once(PATH_MODULES . 'blocked_ip/blocked_ip.inc.php');
$blocked_ip = new blocked_ip;
if(!$blocked_ip->is_blocked(USER_IP))
$this->val_error[] = array(
'field' => 'IP Address',
'field_trans' => $C_translate->translate('ip_address', $this->module, ""),
'error' => $C_translate->translate('validate_banned_ip',"", ""));
}
// validate the tax_id
require_once(PATH_MODULES.'tax/tax.inc.php');
$taxObj=new tax;
$tax_arr = @$VAR['account_tax_id'];
if(is_array($tax_arr)) {
foreach($tax_arr as $country_id => $tax_id) {
if ($country_id == $VAR['account_country_id']) {
$exempt = @$VAR["account_tax_id_exempt"][$country_id];
if(!$taxObj->TaxIdsValidate($country_id, $tax_id, $exempt)) {
$this->validated = false;
$this->val_error[] = array(
'field' => 'account_tax_id',
'field_trans' => $taxObj->errField,
'error' => $C_translate->translate('validate_general', "", ""));
}
if($exempt)
$VAR['account_tax_id']=false;
else
$VAR['account_tax_id']=$tax_id;
}
}
}
####################################################################
### Get required static_Vars and validate them... return an array
### w/ ALL errors...
####################################################################
require_once(PATH_CORE . 'static_var.inc.php');
$static_var = new CORE_static_var;
if(!isset($this->val_error)) $this->val_error = false;
$all_error = $static_var->validate_form($this->module, $this->val_error);
if($all_error != false && gettype($all_error) == 'array')
$this->validated = false;
else
$this->validated = true;
####################################################################
### If validation was failed, skip the db insert &
### set the errors & origonal fields as Smarty objects,
### and change the page to be loaded.
####################################################################
if(!$this->validated)
{
global $smarty;
# set the errors as a Smarty Object
$smarty->assign('form_validation', $all_error);
# set the page to be loaded
if(!defined("FORCE_PAGE"))
{
define('FORCE_PAGE', $VAR['_page_current']);
}
# Stripslashes
global $C_vars;
$C_vars->strip_slashes_all();
return;
}
# Get default invoice options
$db=&DB();
$invopt=$db->Execute(sqlSelect($db,"setup_invoice","*",""));
if($invopt && $invopt->RecordCount()) {
$invoice_delivery=$invopt->fields['invoice_delivery'];
$invoice_format=$invopt->fields['invoice_show_itemized'];
}
/* hash the password */
if(defined('PASSWORD_ENCODING_SHA'))
$password_encoded = sha1($password);
else
$password_encoded = md5($password);
####################################################################
### Insert the account record
####################################################################
$this->account_id = $db->GenID(AGILE_DB_PREFIX . 'account_id');
$validation_str = time();
/** get parent id */
$this->account_id;
if(empty($this->parent_id)) $this->parent_id = $this->account_id;
$sql = '
INSERT INTO ' . AGILE_DB_PREFIX . 'account SET
id = ' . $db->qstr ( $this->account_id ) . ',
site_id = ' . $db->qstr ( DEFAULT_SITE ) . ',
date_orig = ' . $db->qstr ( $validation_str ) . ',
date_last = ' . $db->qstr ( time()) . ',
language_id = ' . $db->qstr ( $VAR["account_language_id"] ) . ',
country_id = ' . $db->qstr ( $VAR["account_country_id"] ) . ',
parent_id = ' . $db->qstr ( $this->parent_id ) . ',
affiliate_id = ' . $db->qstr ( @$VAR["account_affiliate_id"] ) . ',
campaign_id = ' . $db->qstr ( @$VAR["account_campaign_id"] ) . ',
reseller_id = ' . $db->qstr ( @$VAR["account_reseller_id"] ) . ',
currency_id = ' . $db->qstr ( $VAR["account_currency_id"] ) . ',
theme_id = ' . $db->qstr ( $VAR["account_theme_id"] ) . ',
username = ' . $db->qstr ( $VAR["account_username"] , get_magic_quotes_gpc()) . ',
password = ' . $db->qstr ( $password_encoded ) . ',
status = ' . $db->qstr ( $status ) . ',
first_name = ' . $db->qstr ( $VAR["account_first_name"] , get_magic_quotes_gpc()) . ',
middle_name = ' . $db->qstr ( $VAR["account_middle_name"], get_magic_quotes_gpc()) . ',
last_name = ' . $db->qstr ( $VAR["account_last_name"] , get_magic_quotes_gpc()) . ',
company = ' . $db->qstr ( $VAR["account_company"] , get_magic_quotes_gpc()) . ',
title = ' . $db->qstr ( $VAR["account_title"] , get_magic_quotes_gpc()) . ',
email = ' . $db->qstr ( $VAR["account_email"] , get_magic_quotes_gpc()) . ',
address1 = ' . $db->qstr ( $VAR["account_address1"] , get_magic_quotes_gpc()) . ',
address2 = ' . $db->qstr ( $VAR["account_address2"] , get_magic_quotes_gpc()) . ',
city = ' . $db->qstr ( $VAR["account_city"] , get_magic_quotes_gpc()) . ',
state = ' . $db->qstr ( $VAR["account_state"] , get_magic_quotes_gpc()) . ',
zip = ' . $db->qstr ( $VAR["account_zip"] , get_magic_quotes_gpc()) . ',
email_type = ' . $db->qstr ( $VAR["account_email_type"] , get_magic_quotes_gpc()). ',
invoice_delivery= ' . $db->qstr ( @$invoice_delivery ) . ',
invoice_show_itemized=' . $db->qstr ( @$invoice_format) . ',
invoice_advance_gen = ' . $db->qstr ( MAX_INV_GEN_PERIOD ) . ',
invoice_grace = ' . $db->qstr ( GRACE_PERIOD ) . ',
tax_id = ' . $db->qstr ( @$VAR['account_tax_id'] );
$result = $db->Execute($sql);
####################################################################
### error reporting:
####################################################################
if ($result === false)
{
global $C_debug;
$C_debug->error('account.inc.php','add', $db->ErrorMsg());
if(isset($this->trigger["$type"])) {
include_once(PATH_CORE . 'trigger.inc.php');
$trigger = new CORE_trigger;
$trigger->trigger($this->trigger["$type"], 0, $VAR);
}
return;
}
/* password logging class */
if($C_list->is_installed('account_password_history')) {
include_once(PATH_MODULES.'account_password_history/account_password_history.inc.php');
$accountHistory = new account_password_history();
$accountHistory->setNewPassword($this->account_id, $password_encoded);
}
####################################################################
### Add the account to the default group:
####################################################################
$group_id = $db->GenID(AGILE_DB_PREFIX . 'account_group_id');
$sql = '
INSERT INTO ' . AGILE_DB_PREFIX . 'account_group SET
id = ' . $db->qstr ( $group_id ) . ',
site_id = ' . $db->qstr ( DEFAULT_SITE ) . ',
date_orig = ' . $db->qstr ( time() ) . ',
group_id = ' . $db->qstr ( DEFAULT_GROUP ) . ',
account_id = ' . $db->qstr ( $this->account_id ) . ',
active = ' . $db->qstr ('1');
$db->Execute($sql);
####################################################################
### Insert the static vars:
####################################################################
$static_var->add($VAR, $this->module, $this->account_id);
####################################################################
### Mail the user the new_account email template
####################################################################
require_once(PATH_MODULES . 'email_template/email_template.inc.php');
$my = new email_template;
if($status == "1")
{
$my->send('account_registration_active', $this->account_id, $this->account_id, '', '');
} else {
$validation_str = strtoupper($validation_str. ':' .$this->account_id);
$my->send('account_registration_inactive', $this->account_id, '', '', $validation_str);
}
####################################################################
### Add the newsletters
####################################################################
if(NEWSLETTER_REGISTRATION == "1")
{
@$VAR['newsletter_html'] = $VAR['account_email_type'];
$VAR['newsletter_email'] = $VAR['account_email'];
$VAR['newsletter_first_name'] = $VAR['account_first_name'];
$VAR['newsletter_last_name'] = $VAR['account_last_name'];
require_once(PATH_MODULES . '/newsletter/newsletter.inc.php');
$newsletter = new newsletter;
$newsletter->subscribe($VAR, $this);
}
####################################################################
### Log in the user & display the welcome message
####################################################################
if($status == "1")
{
if($this->parent_id == $this->account_id || empty($this->parent_id))
{
$C_debug->alert($C_translate->translate("user_add_active_welcome","account",""));
if(SESSION_EXPIRE == 0) $exp = 99999;
else $exp = SESSION_EXPIRE;
$date_expire = (time() + (SESSION_EXPIRE * 60));
# update the session
$db = &DB();
$q = "UPDATE " . AGILE_DB_PREFIX . "session
SET
ip= " . $db->qstr(USER_IP) .",
date_expire = " . $db->qstr($date_expire) . ",
logged = " . $db->qstr('1').",
account_id = " . $db->qstr($this->account_id) . "
WHERE
id = " . $db->qstr(SESS) . "
AND
site_id = " . $db->qstr(DEFAULT_SITE);
$result = $db->Execute($q);
### constants
define('FORCE_SESS_ACCOUNT', $this->account_id);
define('FORCE_SESS_LOGGED', 1);
### Reload the session auth cache
if(CACHE_SESSIONS == '1') {
$force = true;
$C_auth = new CORE_auth($force);
global $C_auth2;
$C_auth2 = $C_auth;
}
if(isset($VAR['_page_next']))
define('REDIRECT_PAGE', '?_page='.$VAR['_page_next']);
elseif(isset($VAR['_page']))
define('REDIRECT_PAGE', '?_page='.$VAR['_page']);
}
####################################################################
### Do any db_mapping
####################################################################
if($C_list->is_installed('db_mapping'))
{
include_once ( PATH_MODULES . 'db_mapping/db_mapping.inc.php' );
$db_map = new db_mapping;
if(!empty($password))
$db_map->plaintext_password = $password;
else
$db_map->plaintext_password = false;
$db_map->account_add ( $this->account_id );
$db_map = new db_mapping;
$db_map->login ( $this->account_id );
}
####################################################################
### Affiliate Auto Creation
####################################################################
if(AUTO_AFFILIATE == 1 && $C_list->is_installed("affiliate"))
{
$VAR['affiliate_account_id'] = $this->account_id;
$VAR['affiliate_template_id'] = DEFAULT_AFFILIATE_TEMPLATE;
include_once(PATH_MODULES . 'affiliate/affiliate.inc.php');
$affiliate = new affiliate;
$affiliate->add($VAR, $affiliate);
}
} else {
$C_debug->alert($C_translate->translate("user_add_inactive_welcome","account",""));
define('FORCE_PAGE', 'core:blank');
}
}
##############################
## VIEW ##
##############################
function view($VAR)
{
### Check that user is logged in:
if(SESS_LOGGED != '1') {
echo "Sorry, you must be logged in!";
return false;
}
$this->account_construct();
/* check for sub account */
if(!empty($VAR['id']) && $VAR['id'] != SESS_ACCOUNT) {
if($this->isParentAccount($VAR['id'])) {
$VAR['account_id'] = $VAR['id'];
global $smarty;
$smarty->assign('issubaccount', true);
} else {
return false;
}
} else {
$VAR['id'] = SESS_ACCOUNT;
$VAR['account_id'] = SESS_ACCOUNT;
}
### Retrieve the record:
$type = "view";
$this->method["$type"] = explode(",", $this->method["$type"]);
$db = new CORE_database;
$db->view($VAR, $this, $type);
### Get the static vars:
global $smarty;
require_once(PATH_CORE . 'static_var.inc.php');
$static_var = new CORE_static_var;
$arr = $static_var->update_form('account', 'update', SESS_ACCOUNT);
if(gettype($arr) == 'array') {
$smarty->assign('static_var', $arr);
} else {
$smarty->assign('static_var', false);
}
/* get child accounts */
if(empty($smarty->_tpl_vars['account'][0]['parent_id']) || $smarty->_tpl_vars['account'][0]['parent_id']==$smarty->_tpl_vars['account'][0]['id']) {
$db=&DB();
$rs = $db->Execute(sqlSelect($db,"account","id,first_name,last_name,email,username","parent_id=". $db->qstr(SESS_ACCOUNT)));
if($rs && $rs->RecordCount()) {
while(!$rs->EOF) {
$smart[] = $rs->fields;
$rs->MoveNext();
}
$smarty->assign('subaccount', $smart);
}
}
}
##############################
## UPDATE ##
##############################
function update($VAR)
{
global $VAR;
### Check that user is logged in:
if(SESS_LOGGED != '1')
echo "Sorry, you must be logged in!";
/* check for sub account */
$issubaccount=false;
if(!empty($VAR['account_id']) && $VAR['account_id'] != SESS_ACCOUNT) {
if($this->isParentAccount($VAR['account_id'])) {
$VAR['id'] = $VAR['account_id'];
global $smarty;
$issubaccount=true;
} else {
return false;
}
} else {
$VAR['id'] = SESS_ACCOUNT;
$VAR['account_id'] = SESS_ACCOUNT;
}
$VAR['account_date_last']=time();
// validate the tax_id
require_once(PATH_MODULES.'tax/tax.inc.php');
$taxObj=new tax;
$tax_arr = @$VAR['account_tax_id'];
if(is_array($tax_arr)) {
foreach($tax_arr as $country_id => $tax_id) {
if ($country_id == $VAR['cid']) {
$exempt = @$VAR["account_tax_id_exempt"][$country_id];
if(!$txRs=$taxObj->TaxIdsValidate($country_id, $tax_id, $exempt)) {
$this->validated = false;
global $C_translate;
$this->val_error[] = array(
'field' => 'account_tax_id',
'field_trans' => $taxObj->errField,
'error' => $C_translate->translate('validate_general', "", ""));
}
if($exempt)
$VAR['account_tax_id']=false;
else
$VAR['account_tax_id']=$tax_id;
}
}
}
####################################################################
### Get required static_Vars and validate them... return an array
### w/ ALL errors...
####################################################################
require_once(PATH_CORE . 'static_var.inc.php');
$static_var = new CORE_static_var;
if(!isset($this->val_error)) $this->val_error = false;
$all_error = $static_var->validate_form('account', $this->val_error);
if($all_error != false && gettype($all_error) == 'array')
$this->validated = false;
else
$this->validated = true;
####################################################################
# If validation was failed, skip the db insert &
# set the errors & origonal fields as Smarty objects,
# and change the page to be loaded.
####################################################################
if(!$this->validated)
{
global $smarty;
# set the errors as a Smarty Object
$smarty->assign('form_validation', $all_error);
# set the page to be loaded
if(!defined("FORCE_PAGE"))
{
define('FORCE_PAGE', $VAR['_page_current']);
}
return;
}
### Change password
$password_changed = false;
if(isset($VAR['account_password']) && $VAR['account_password'] != "")
{
if(isset($VAR['confirm_password']) && $VAR['account_password'] == $VAR['confirm_password'])
{
$password = $VAR['account_password'];
unset($VAR['account_password']);
@$VAR["account_password"] = $password;
### Alert: the password has been changed!
global $C_debug, $C_translate;
$C_debug->alert($C_translate->translate('password_changed','account',''));
$password_changed=true;
/* check if new password is ok */
global $C_list;
if($C_list->is_installed('account_password_history')) {
include_once(PATH_MODULES.'account_password_history/account_password_history.inc.php');
$accountHistory = new account_password_history();
if(!$accountHistory->getIsPasswordOk(SESS_ACCOUNT, $VAR['account_password'], false)) {
$C_debug->alert("The password you have selected has been used recently and cannot be used again at this time for security purposes.");
unset($VAR["account_password"]);
$password_changed=false;
}
}
}
else
{
### ERROR: The passwords provided do not match!
global $C_debug, $C_translate;
$C_debug->alert($C_translate->translate('password_change_match','account',''));
unset($VAR["account_password"]);
}
}
else
{
unset($VAR["account_password"]);
}
### Change theme
if(isset($VAR['tid']) && $VAR['tid'] != "")
@$VAR["account_theme_id"] = $VAR['tid'];
### Change Language
if(isset($VAR['lid']) && $VAR['lid'] != "")
@$VAR["account_language_id"] = $VAR['lid'];
### Change country
if(isset($VAR['cid']) && $VAR['cid'] != "")
@$VAR["account_country_id"] = $VAR['cid'];
### Change currency
if(isset($VAR['cyid']) && $VAR['cyid'] != "")
@$VAR["account_currency_id"] = $VAR['cyid'];
### Get the old username ( for db mapping )
$db = &DB();
$sql = 'SELECT username FROM ' . AGILE_DB_PREFIX . 'account WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr(SESS_ACCOUNT);
$result = $db->Execute($sql);
if($result->RecordCount() > 0)
{
$old_username = $result->fields['username'];
}
### Update the record
$this->account_construct();
$type = "update";
$this->method["$type"] = explode(",", $this->method["$type"]);
$db = new CORE_database;
$db->update($VAR, $this, $type);
/* password logging class */
if($password_changed && is_object($accountHistory)) $accountHistory->setNewPassword(SESS_ACCOUNT, $VAR['account_password'], false);
### Update the static vars:
$static_var->update($VAR, 'account', SESS_ACCOUNT);
### Do any db_mapping
global $C_list;
if($C_list->is_installed('db_mapping'))
{
include_once ( PATH_MODULES . 'db_mapping/db_mapping.inc.php' );
$db_map = new db_mapping;
if(!empty($password))
$db_map->plaintext_password = $password;
else
$db_map->plaintext_password = false;
$db_map->account_edit ( SESS_ACCOUNT, $old_username );
}
/* update groups for subaccount */
if($issubaccount) {
$db=&DB();
$db->Execute(sqlDelete($db,"account_group","group_id>2 and
(service_id is null or service_id=0 or service_id='')
and account_id=".$db->qstr($VAR['account_id'])));
if(!empty($VAR['groups']))
{
global $C_auth;
foreach($VAR['groups'] as $gid=>$val) {
if($gid==$val && $C_auth->auth_group_by_id($gid)) {
$fields=Array('account_id'=>$VAR['account_id'], 'group_id'=>$gid, 'active'=>1, 'date_orig'=>time() );
$db->Execute(sqlInsert($db,"account_group",$fields));
}
}
}
}
}
##############################
## PASSWORD ##
##############################
function password($VAR)
{
### Set the max time between password requests:
$LIMIT_SECONDS = 120;
global $C_translate, $C_debug;
### Is the username & email both set?
if(!isset($VAR["account_email"]) && !isset($VAR["account_username"]) )
{
#### ERROR: You must enter either your username or e-mail address!
$C_debug->alert($C_translate->translate('password_reset_req','account',''));
return;
}
else if($VAR["account_email"] == "" && $VAR["account_username"] == "")
{
#### ERROR: You must enter either your username or e-mail address!
$C_debug->alert($C_translate->translate('password_reset_req','account',''));
return;
}
$db = &DB();
if(isset($VAR["account_email"]) && $VAR["account_email"] != "")
{
$sql = ' email = '. $db->qstr($VAR["account_email"], get_magic_quotes_gpc());
}
else if(isset($VAR["account_username"]) && $VAR["account_username"] != "")
{
$sql = ' username = '. $db->qstr($VAR["account_username"], get_magic_quotes_gpc());
}
$q = 'SELECT id,email,first_name,last_name FROM ' . AGILE_DB_PREFIX . 'account
WHERE '. $sql . ' AND
site_id = ' . $db->qstr(DEFAULT_SITE);
$result = $db->Execute($q);
if($result->RecordCount() == 0)
{
### ERROR: No matches found!
$C_debug->alert($C_translate->translate('password_reset_no_match','account',''));
return;
}
$account = $result->fields["id"];
###################################################################
### Check that this email has not been requested already
### In the last 60 seconds
$db = &DB();
$sql = 'SELECT * FROM ' . AGILE_DB_PREFIX . 'temporary_data WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
field1 = ' . $db->qstr($account);
$result = $db->Execute($sql);
if($result->RecordCount() > 0)
{
$limit = $result->fields['date_orig'] + $LIMIT_SECONDS;
if($limit > time())
{
$error1 = $C_translate->translate("password_reset_spam_limit","account","");
$error = ereg_replace('%limit%', "$LIMIT_SECONDS", $error1);
$C_debug->alert( $error );
return;
}
else
{
### Delete the old request
$sql = 'DELETE FROM ' . AGILE_DB_PREFIX . 'temporary_data WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
field1 = ' . $db->qstr($account);
$db->Execute($sql);
}
}
###################################################################
### Ok to continue:
$now = md5(microtime());
$expire = time() + (15*60); // expires in 15 minutes
#####################################################
### Create the temporary DB Record:
$db = &DB();
$id = $db->GenID(AGILE_DB_PREFIX . "" . 'temporary_data_id');
$sql = 'INSERT INTO ' . AGILE_DB_PREFIX . 'temporary_data SET
site_id = ' . $db->qstr(DEFAULT_SITE) . ',
id = ' . $db->qstr($id) . ',
date_orig = ' . $db->qstr(time()) . ',
date_expire = ' . $db->qstr($expire) . ',
field1 = ' . $db->qstr($account) . ',
field2 = ' . $db->qstr($now);
$result = $db->Execute($sql);
#####################################################
### Send the password reset email template:
require_once(PATH_MODULES . 'email_template/email_template.inc.php');
$my = new email_template;
$my->send('account_reset_password', $account, '', '', $now);
### ALERT: we have sent an email to you....
$C_debug->alert($C_translate->translate('password_reset_sent','account',''));
}
##############################
## PASSWORD RESET ##
##############################
function password_reset($VAR)
{
global $C_translate, $C_debug, $smarty;
### Validate that the password is set... && confirm password is set...
if(!isset($VAR['account_password']) || !isset($VAR['confirm_password']))
{
### ERROR:
$message = $C_translate->translate('password_reset_reqq','account','');
$C_debug->alert($message);
return;
}
else if ($VAR['account_password'] == "")
{
### ERROR:
$message = $C_translate->translate('password_reset_reqq','account','');
$C_debug->alert($message);
return;
}
else if ($VAR['account_password'] != $VAR['confirm_password'])
{
### ERROR:
$message = $C_translate->translate('password_change_match','account','');
$C_debug->alert($message);
return;
}
else
{
$plaintext_password = $VAR['account_password'];
/* hash the password */
if(defined('PASSWORD_ENCODING_SHA'))
$password = sha1($VAR['account_password']);
else
$password = md5($VAR['account_password']);
}
if(!isset($VAR['validate']) || $VAR['validate'] == "")
{
### ERROR: bad link....
$url = '
' . $C_translate->translate('submit','CORE','') . '';
$message = $C_translate->translate('password_reset_bad_url','account','');
$C_debug->alert($message . '' . $url);
return;
}
### Get the temporary record from the database
$validate = @$VAR['validate'];
$db = &DB();
$sql = 'SELECT field1,field2 FROM ' . AGILE_DB_PREFIX . 'temporary_data WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
date_expire >= '. $db->qstr(time()) . ' AND
field2 = ' . $db->qstr($validate);
$result = $db->Execute($sql);
if($result->RecordCount() == 0)
{
### ERROR: no match for submitted link, invalid or expired.
$url = '
' . $C_translate->translate('submit','CORE','') . '';
$message = $C_translate->translate('password_reset_bad_url','account','');
$C_debug->alert($message . '' . $url);
return;
}
$account_id = $result->fields['field1'];
/* check if new password is ok */
global $C_list;
if($C_list->is_installed('account_password_history')) {
include_once(PATH_MODULES.'account_password_history/account_password_history.inc.php');
$accountHistory = new account_password_history();
if(!$accountHistory->getIsPasswordOk($account_id, $password)) {
$C_debug->alert("The password you have selected has been used recently and cannot be used again at this time for security purposes.");
return;
}
}
###############################################################
### Delete the temporary record
$sql = 'DELETE FROM ' . AGILE_DB_PREFIX . 'temporary_data WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
field2 = ' . $db->qstr($validate);
$db->Execute($sql);
###############################################################
### Update the password record:
$db = &DB();
$sql = 'UPDATE ' . AGILE_DB_PREFIX . 'account
SET
date_last = ' . $db->qstr(time()) . ',
password = ' . $db->qstr($password) . '
WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($account_id);
$db->Execute($sql);
/* password logging class */
if(!empty($accountHistory) && is_object($accountHistory)) $accountHistory->setNewPassword($account_id, $password);
####################################################################
### Get the old username ( for db mapping )
$db = &DB();
$sql = 'SELECT username FROM ' . AGILE_DB_PREFIX . 'account WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr($account_id);
$result = $db->Execute($sql);
if($result->RecordCount() > 0)
{
$old_username = $result->fields['username'];
}
####################################################################
### Do any db_mapping
####################################################################
global $C_list;
if($C_list->is_installed('db_mapping'))
{
include_once ( PATH_MODULES . 'db_mapping/db_mapping.inc.php' );
$db_map = new db_mapping;
$db_map->plaintext_password = $plaintext_password;
$db_map->account_edit ( $account_id, $old_username );
}
### Return the success message:
$C_debug->alert($C_translate->translate('password_update_success','account',''));
$smarty->assign('pw_changed', true);
}
##############################
## VERIFY ACCOUNT ##
##############################
function verify($VAR)
{
global $C_debug, $C_translate, $smarty;
### Validate $verify is set...
if(!isset($VAR['verify']) || $VAR['verify'] == "")
{
### Error: please use the form below ...
$smarty->assign('verify_results', false);
return;
}
@$verify = explode(':', $VAR['verify']);
### Validate the $verify string....
$db = &DB();
$sql = 'SELECT id,username,status FROM ' . AGILE_DB_PREFIX . 'account WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr(@$verify[1]) . ' AND
date_orig = ' . $db->qstr(@$verify[0]);
$result = $db->Execute($sql);
if($result->RecordCount() == 0)
{
### Error: please use the form below ...
$smarty->assign('verify_results', false);
return;
}
### Check the status:
$status = $result->fields['status'];
$username = $result->fields['username'];
if($status == "1")
{
### Account already active!
$smarty->assign('verify_results', true);
return;
}
### Update the account status
$sql = 'UPDATE ' . AGILE_DB_PREFIX . 'account SET
status = ' . $db->qstr("1") . '
WHERE
site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND
id = ' . $db->qstr(@$verify[1]);
$result = $db->Execute($sql);
### Account now active!
$smarty->assign('verify_results', true);
### Return the success message:
$C_debug->alert($C_translate->translate('password_update_success','account',''));
####################################################################
### Do any db_mapping
####################################################################
global $C_list;
/*
if($C_list->is_installed('db_mapping'))
{
include_once ( PATH_MODULES . 'db_mapping/db_mapping.inc.php' );
$db_map = new db_mapping;
$db_map->account_edit ( $VAR['verify'], $username );
}
*/
if($C_list->is_installed('db_mapping') )
{
include_once ( PATH_MODULES . 'db_mapping/db_mapping.inc.php' );
$db_map = new db_mapping;
$db_map->plaintext_password = false;
$db_map->account_add ( $verify[1] );
}
}
##############################
## VERIFY ACCOUNT ##
##############################
function verify_resend($VAR)
{
global $C_translate, $C_debug;
### Is the username & email both set?
if(!isset($VAR["account_email"]) && !isset($VAR["account_username"]) )
{
#### ERROR: You must enter either your username or e-mail address!
$C_debug->alert($C_translate->translate('verify_resend_req','account',''));
return;
}
else if($VAR["account_email"] == "" && $VAR["account_username"] == "")
{
#### ERROR: You must enter either your username or e-mail address!
$C_debug->alert($C_translate->translate('verify_resend_req','account',''));
return;
}
$db = &DB();
if(isset($VAR["account_email"]) && $VAR["account_email"] != "")
{
$sql = ' email = '. $db->qstr($VAR["account_email"], get_magic_quotes_gpc());
}
else if(isset($VAR["account_username"]) && $VAR["account_username"] != "")
{
$sql = ' username = '. $db->qstr($VAR["account_username"], get_magic_quotes_gpc());
}
$q = 'SELECT id,date_orig,status,email,first_name,last_name FROM ' . AGILE_DB_PREFIX . 'account
WHERE '. $sql . ' AND
site_id = ' . $db->qstr(DEFAULT_SITE);
$result = $db->Execute($q);
if($result->RecordCount() == 0)
{
### ERROR: No matches found!
$C_debug->alert($C_translate->translate('password_reset_no_match','account',''));
return;
}
$account = $result->fields["id"];
$status = $result->fields["status"];
$validation_str = strtoupper($result->fields['date_orig']. ':' . $result->fields['id']);
if($status == "1")
{
### ERROR: This account is already active!
$C_debug->alert($C_translate->translate('verify_resend_active','account',''));
return;
}
### Resend the pending email:
require_once(PATH_MODULES . 'email_template/email_template.inc.php');
$my = new email_template;
$my->send('account_registration_inactive', $account, $account, '', $validation_str);
### Notice that the email is sent:
$C_debug->alert($C_translate->translate("user_add_inactive_welcome","account",""));
}
##############################
## STATIC VARS ##
##############################
function static_var($VAR)
{
global $smarty;
require_once(PATH_CORE . 'static_var.inc.php');
$static_var = new CORE_static_var;
if(ereg('search', $VAR['_page']))
$arr = $static_var->generate_form('account', 'add', 'search');
else
$arr = $static_var->generate_form('account', 'add', 'update');
if(gettype($arr) == 'array')
{
### Set everything as a smarty array, and return:
$smarty->assign('show_static_var', true);
$smarty->assign('static_var', $arr);
return true;
}
else
{
### Or if no results:
$smarty->assign('show_static_var', false);
return false;
}
}
}
?>