* @package AgileBill * @version 1.4.93 */ class account_admin { # Open the constructor for this mod function account_admin() { # name of this module: $this->module = "account_admin"; if(!defined('AJAX')) { # location of the construct XML file: $this->xml_construct = PATH_MODULES . "" . $this->module . "/" . $this->module . "_construct.xml"; # open the construct file for parsing $C_xml = new CORE_xml; $construct = $C_xml->xml_to_array($this->xml_construct); $this->method = $construct["construct"]["method"]; $this->trigger = $construct["construct"]["trigger"]; $this->field = $construct["construct"]["field"]; $this->table = $construct["construct"]["table"]; $this->module = $construct["construct"]["module"]; $this->cache = $construct["construct"]["cache"]; $this->order_by = $construct["construct"]["order_by"]; $this->limit = $construct["construct"]["limit"]; } } /** * Check account limitations */ function checkLimits() { if(!defined('AGILE_RST_ACCOUNT') || AGILE_RST_ACCOUNT <= 0) return true; $sql="SELECT count(*) as totalacct from ".AGILE_DB_PREFIX."account WHERE site_id=".DEFAULT_SITE; $db=&DB(); $rs=$db->Execute($sql); if($rs && $rs->RecordCount() && $rs->fields['totalacct'] <= AGILE_RST_ACCOUNT) { return true; } else { echo "Licensed user limit of ".AGILE_RST_ACCOUNT." exceeded, operation failed."; return false; } return true; } /* BEGIN: custom product/group searching method */ function group_search($VAR) { $sql = ''; echo "
"; 

		// get date ranges:
		foreach($VAR['dates']['val'] as $cond => $val) 
		{
			if($val > 0) {
				$exp = $VAR['dates']['expr'][$cond]; 
				$val = $this->convert_date($val,false);

				if(!empty($sql)) $sql .= " AND "; else $sql = " ";
				$sql .= " A.date_orig $exp $val ";
			} 
		}        
		if(!empty($sql)) $sql = " ( $sql ) ";	

		// get group(s)
		if(!empty($VAR['groups'])) {
			foreach($VAR['groups'] as $group ) 
			{  
				if($group != 0) {
					if(!empty($sql2)) $sql2 .= " OR "; else $sql2 = " ";
					$sql2 .= " B.group_id = $group ";  
				}
			}
		}
		if(!empty($sql2)) {
			if(!empty($sql)) $sql .= " AND \r\n";
			$sql .= " ( $sql2 ) AND ( A.id = B.account_id AND B.active = 1 ) ";
		}

		// Assemble SQL:
		$q = "SELECT DISTINCT A.* FROM 
			". AGILE_DB_PREFIX ."account as A,
			". AGILE_DB_PREFIX ."account_group as B
			WHERE (
			A.site_id = ". DEFAULT_SITE ." AND
			B.site_id = ". DEFAULT_SITE ." ) ";        	
		if(!empty($sql)) $q .= " AND " . $sql;
		$db = &DB();
		$rs = $db->Execute($q);	 

		// print results in text format      	
		if($rs && $rs->RecordCount() > 0) {
			while(!$rs->EOF) {        			
				echo $rs->fields['first_name'] .', '.$rs->fields['last_name'] .', '.$rs->fields['email'] .', '.$rs->fields['company'] .",\r\n";        		
				$rs->MoveNext();
			}
		} else {
			echo "No matches!";
		}
		echo "
"; } function product_search($VAR) { $sql = ''; echo "
"; 

		// get date ranges:
		if(!empty($VAR["dates"]))
		{
			foreach($VAR['dates']['val'] as $cond => $val) 
			{
				if($val > 0) {
					$exp = $VAR['dates']['expr'][$cond]; 
					$val = $this->convert_date($val,false);

					if(!empty($sql)) $sql .= " AND "; else $sql = " ";
					$sql .= " B.date_orig $exp $val ";
				} 
			}
		}        
		if(!empty($sql)) $sql = " ( $sql ) ";	

		// get group(s)
		if(!empty($VAR['products'])) {
			foreach($VAR['products'] as $prod ) 
			{  
				if($prod != 0) {
					if(!empty($sql2)) $sql2 .= " OR "; else $sql2 = " ";
					$sql2 .= " B.product_id = $prod ";  
				}
			}
		}
		if(!empty($sql2)) {
			if(!empty($sql)) $sql .= " AND \r\n";
			$sql .= " ( $sql2 ) AND ( A.id = C.account_id AND C.id =  B.invoice_id ) ";
		}

		// Assemble SQL:
		$q = "SELECT DISTINCT A.* FROM 
			". AGILE_DB_PREFIX ."account as A,
			". AGILE_DB_PREFIX ."invoice_item as B,
			". AGILE_DB_PREFIX ."invoice as C
			WHERE (
			A.site_id = ". DEFAULT_SITE ." AND
			C.site_id = ". DEFAULT_SITE ." AND
			B.site_id = ". DEFAULT_SITE ." ) ";        	
		if(!empty($sql)) $q .= " AND " . $sql;
		$db = &DB();
		$rs = $db->Execute($q);	 


		// print results in text format      	
		if($rs && $rs->RecordCount() > 0) {
			while(!$rs->EOF) {        			
				echo $rs->fields['first_name'] .', '.$rs->fields['last_name'] .', '.$rs->fields['email'] .', '.$rs->fields['company'] .",\r\n";        		
				$rs->MoveNext();
			}
		} else {
			echo "No matches!";
		}
		echo "
"; } function convert_date ($date,$field) { if($date == '0' || $date == '') return ''; $Arr_format = split(DEFAULT_DATE_DIVIDER, UNIX_DATE_FORMAT); $Arr_date = split(DEFAULT_DATE_DIVIDER, $date); for($i=0; $i<3; $i++) { if($Arr_format[$i] == 'd') $day = $Arr_date[$i]; if($Arr_format[$i] == 'm') $month = $Arr_date[$i]; if($Arr_format[$i] == 'Y') $year = $Arr_date[$i]; } $timestamp = mktime(0, 0, 0, $month, $day, $year); return $timestamp; } /* END: custom product/group searching method */ ########################################### ### AJAX Auto-selector ########################################### function autoselect($VAR) { if(!$this->checkLimits()) return false; // check account limits $db = &DB(); $p = AGILE_DB_PREFIX; if (empty($VAR['account_search'])) { $where = "id > 0"; $type = 1; } elseif (is_numeric($VAR['account_search'])) { $where = "id LIKE ".$db->qstr($VAR['account_search']."%"); $type = 1; } elseif (eregi(" ", $VAR['account_search'])) { $arr = split(" ", $VAR['account_search']); $where = "first_name = ".$db->qstr($arr[0])." AND ". "last_name LIKE ".$db->qstr($arr[1].'%') ; $type = 2; } elseif (eregi("@", $VAR['account_search'])) { $where = "email LIKE ".$db->qstr('%'.$VAR['account_search'].'%') ; $type = 3; } else { $where = "username LIKE ".$db->qstr($VAR['account_search'].'%')." OR ". "first_name LIKE ".$db->qstr($VAR['account_search'].'%')." OR ". "last_name LIKE ".$db->qstr($VAR['account_search'].'%') ; $type = 4; } $q = "SELECT id,email,first_name,last_name,username FROM {$p}account WHERE ( $where ) AND site_id = " . DEFAULT_SITE." ORDER BY first_name,last_name"; $result = $db->SelectLimit($q,10); # Create the alert for no records found echo '"; } ########################################### ### Login as user ########################################### function login($VAR) { global $C_auth; # Check for target user $display_this=false; if(!empty($VAR['account_id'])) { ### Get any authorized groups of the target account $dba = &DB(); $sql = 'SELECT group_id FROM ' . AGILE_DB_PREFIX . 'account_group WHERE site_id = ' . $dba->qstr(DEFAULT_SITE) . ' AND account_id = ' . $dba->qstr($VAR['account_id']) . ' AND active = ' . $dba->qstr("1") . ' ORDER BY group_id'; $groups = $dba->Execute($sql); while (!$groups->EOF) { $group[] = $groups->fields['group_id']; $groups->MoveNext(); } ### Verify the user has access to view this account: if(SESS_ACCOUNT != $VAR['account_id']) { $display_this = true; for($ix=0; $ixauth_group_by_id($group[$ix])) $display_this = false; } } else { return false; } } else { return false; } # Logout current user and login as the target user if($display_this) { $db = &DB(); $sql = 'SELECT username,password FROM ' . AGILE_DB_PREFIX . 'account WHERE site_id = ' . $dba->qstr(DEFAULT_SITE) . ' AND id = ' . $dba->qstr($VAR['account_id']); $acct = $db->Execute($sql); $arr['_username'] = $acct->fields['username']; $arr['_password'] = $acct->fields['password']; include_once(PATH_CORE.'login.inc.php'); $login = new CORE_login_handler; $login->logout($VAR); $login->login($arr, $md5=false); define('REDIRECT_PAGE', '?_page=account:account&tid='.DEFAULT_THEME); } #################################################################### ### Do any db_mapping #################################################################### $db = &DB(); $sql = 'SELECT id FROM ' . AGILE_DB_PREFIX . 'module WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND name = ' . $db->qstr('db_mapping') . ' AND status = ' . $db->qstr("1"); $result = $db->Execute($sql); if($result->RecordCount() > 0) { include_once ( PATH_MODULES . 'db_mapping/db_mapping.inc.php' ); $db_map = new db_mapping; $db_map->login ( $VAR['account_id'] ); } } ########################################### ### Account selector list search ########################################### function popup_search($VAR) { $db = &DB(); if (empty($VAR['search'])) { $where = ''; } elseif (eregi(" ", $VAR['search'])) { $arr = split(" ", $VAR['search']); $where = "first_name = ".$db->qstr($arr[0])." AND ". "last_name LIKE ".$db->qstr('%'.$arr[1].'%')." AND "; } else { $where = "username LIKE ".$db->qstr('%'.$VAR['search'].'%')." OR ". "first_name LIKE ".$db->qstr('%'.$VAR['search'].'%')." OR ". "first_name LIKE ".$db->qstr('%'.$VAR['search'].'%')." OR ". "company LIKE ". $db->qstr('%'.$VAR['search'].'%')." AND "; } $q = "SELECT id,first_name,last_name FROM ".AGILE_DB_PREFIX."account WHERE $where site_id = '" . DEFAULT_SITE . "'"; $q_save = "SELECT * FROM ".AGILE_DB_PREFIX."account WHERE $where %%whereList%% "; $result = $db->Execute($q); /// DEBUG //// // echo "
$q
"; # get the result count: $results = $result->RecordCount(); # Create the alert for no records found if ($results == 0) { $id = $result->fields['id']; $name = $result->fields['first_name'].' '.$result->fields['last_name']; $val = $id.'|'.$name; $res = ' '; echo $res; } else if ($results == 1) { $id = $result->fields['id']; $name = $result->fields['first_name'].' '.$result->fields['last_name']; $val = $id.'|'.$name; $res = ' '; echo $res; } else { # create the search record include_once(PATH_CORE . 'search.inc.php'); $search = new CORE_search; $arr['module'] = $this->module; $arr['sql'] = $q_save; $arr['limit'] = '30'; $arr['order_by'] = 'last_name'; $arr['results'] = $results; $search->add($arr); global $smarty; $smarty->assign('search_id', $search->id); $smarty->assign('page', '1'); $smarty->assign('limit', $limit); $smarty->assign('order_by', $order_by); $smarty->assign('results', $results); $res = ' '; echo $res; } } ########################################### ### Top Accounts Graph: ########################################### function top($VAR) { global $smarty, $C_translate, $C_auth; # Get the period type, default to month if (empty($VAR['period'])) $p = 'm'; else $p = $VAR['period']; # Load the jpgraph class include (PATH_GRAPH."jpgraph.php"); include (PATH_GRAPH."jpgraph_bar.php"); # check the validation for this function if(!$C_auth->auth_method_by_name($this->module,'search')) { $error = $C_translate->translate('module_non_auth','',''); include (PATH_GRAPH."jpgraph_canvas.php"); $graph = new CanvasGraph(460,55,"auto"); $t1 = new Text($error); $t1->Pos(0.2,0.5); $t1->SetOrientation("h"); $t1->SetBox("white","black",'gray'); $t1->SetFont(FF_FONT1,FS_NORMAL); $t1->SetColor("black"); $graph->AddText($t1); $graph->Stroke(); exit; } # Get the period start & end switch ($p) { # By Weeks: case 'w': $interval = "1"; $width = ".9"; $title = 'Top Accounts for Last Last Week'; $dow = date('w'); $start_str = mktime(0,0,0,date('m'), date('d')-$dow, date('y')); $end_str = mktime(23,59,59,date('m'), date('d'), date('y')); break; # By Months: case 'm': $interval = "3"; $width = ".6"; $title = 'Top Accounts for Last Last Month'; $start_str = mktime(0,0,0,date('m'), 1, date('y')); $end_str = mktime(23,59,59,date('m'), date('d'), date('y')); break; # By Years: case 'y': $interval = "1"; $width = ".8"; $title = 'Top Accounts for Last Last Year'; $start_str = mktime(0,0,0,1,1, date('y')); $end_str = mktime(23,59,59, date('m'), date('d'), date('y')); break; } ##############################@@@@@@@@ # Get accounts & sales for this period ##############################@@@@@@@@ $db = &DB(); $sql = 'SELECT account_id,total_amt FROM ' . AGILE_DB_PREFIX . 'invoice WHERE date_orig >= ' . $db->qstr( $start_str ) . ' AND date_orig <= ' . $db->qstr( $end_str ) . ' AND site_id = ' . $db->qstr(DEFAULT_SITE); $result = $db->Execute($sql); if(@$result->RecordCount() == 0) { $file = fopen( PATH_THEMES.'default_admin/images/invisible.gif', 'r'); fpassthru($file); exit; } while(!$result->EOF) { $amt = $result->fields['total_amt']; $acct = $result->fields['account_id']; if(!isset( $arr[$acct] )) $arr[$acct] = 0; $arr[$acct] += $amt; $result->MoveNext(); } $i = 0; while(list($key, $var) = each(@$arr)) { # Get the user name $sql = 'SELECT first_name,last_name FROM ' . AGILE_DB_PREFIX . 'account WHERE id = ' . $db->qstr( $key ) . ' AND site_id = ' . $db->qstr(DEFAULT_SITE); $rs = $db->Execute($sql); $_lbl[] = strtoupper(substr($rs->fields['first_name'],0,1)) . ". " . $rs->fields['last_name']; $_datay[] = $var; $i++; } ### Sort the arrays array_multisort($_datay,SORT_DESC, SORT_NUMERIC, $_lbl); ### Limit the results to 10 or less for($i=0; $i=9) $i = count($_lbl); } $i = count($lbl); # Get the Currency $sql = 'SELECT symbol FROM ' . AGILE_DB_PREFIX . 'currency WHERE id = ' . $db->qstr( DEFAULT_CURRENCY ) . ' AND site_id = ' . $db->qstr(DEFAULT_SITE); $rs = $db->Execute($sql); $currency_iso = $rs->fields['symbol']; // Size of graph $width=265; $height=75 + ($i*15); // Set the basic parameters of the graph $graph = new Graph($width,$height,'auto'); $graph->SetScale("textlin"); $graph->yaxis->scale->SetGrace(50); $graph->SetMarginColor('#F9F9F9'); $graph->SetFrame(true,'#CCCCCC',1); $graph->SetColor('#FFFFFF'); $top = 45; $bottom = 10; $left = 95; $right = 15; $graph->Set90AndMargin($left,$right,$top,$bottom); // Label align for X-axis $graph->xaxis->SetLabelAlign('right','center','right'); // Label align for Y-axis $graph->yaxis->SetLabelAlign('center','bottom'); $graph->xaxis->SetTickLabels($lbl); // Titles $graph->title->SetFont(FF_FONT1,FS_BOLD,9.5); $title = $C_translate->translate('graph_top','account_admin',''); $graph->title->Set($title); // Create a bar pot $bplot = new BarPlot($datay); $bplot->SetFillColor("#506DC7"); $bplot->SetWidth(0.2); // Show the values $bplot->value->Show(); $bplot->value->SetFont(FF_FONT1,FS_NORMAL,8); $bplot->value->SetAlign('center','center'); $bplot->value->SetColor("black","darkred"); $bplot->value->SetFormat($currency_iso.'%.2f'); $graph->Add($bplot); $graph->Stroke(); return; } ############################## ## MAIL ONE ACCOUNT ## ############################## function mail_one($VAR) { global $C_translate, $C_debug; ## Validate the required vars (account_id, message, subject) if(@$VAR['mail_account_id'] != "" && @$VAR['mail_subject'] != "" && @$VAR['mail_message'] != "") { ## Verify the specified account: $db = &DB(); $sql = 'SELECT email,first_name,last_name FROM ' . AGILE_DB_PREFIX . 'account WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr($VAR['mail_account_id']); $account = $db->Execute($sql); if($account->RecordCount() == 0) { ## Error message: $C_debug->alert($C_translate->translate('account_non_exist','account_admin','')); return; } ################################################################ ## OK to send the email: $db = &DB(); $q = "SELECT * FROM ".AGILE_DB_PREFIX."setup_email WHERE site_id = ".$db->qstr(DEFAULT_SITE)." AND id = ".$db->qstr($VAR['mail_email_id']); $setup_email = $db->Execute($q); $E['priority'] = $VAR['mail_priority']; $E['html'] = '0'; $E['subject'] = $VAR['mail_subject']; $E['body_text'] = $VAR['mail_message']; $E['to_email'] = $account->fields['email']; $E['to_name'] = $account->fields['first_name'] . ' ' . $account->fields['last_name']; if($setup_email->fields['type'] == 0) { $type = 0; } else { $type = 1; $E['server'] = $setup_email->fields['server']; $E['account'] = $setup_email->fields['username']; $E['password'] = $setup_email->fields['password']; } $E['from_name'] = $setup_email->fields['from_name']; $E['from_email'] = $setup_email->fields['from_email']; if($setup_email->fields['cc_list'] != '') $E['cc_list'] = split(',', $setup_email->fields['cc_list']); if($setup_email->fields['bcc_list'] != '') $E['bcc_list'] = split(',', $setup_email->fields['bcc_list']); ### Call the mail class require_once(PATH_CORE . 'email.inc.php'); $email = new CORE_email; if($type == 0) $email->PHP_Mail($E); else $email->SMTP_Mail($E); } else { ## Error message: $C_debug->alert($C_translate->translate('validate_any','','')); ## Stripslashes global $C_vars; $C_vars->strip_slashes_all(); return; } ## Success message: $C_debug->alert($C_translate->translate('mail_sent','account_admin','')); ## Stripslashes global $C_vars; $C_vars->strip_slashes_all(); } ############################## ## MAIL MULTI ACCOUNTS ## ############################## function mail_multi($VAR) { if(!$this->checkLimits()) return false; // check account limits global $C_translate, $C_debug; ## Validate the required vars (account_id, message, subject) if(@$VAR['search_id'] != "" && @$VAR['mail_subject'] != "" && @$VAR['mail_message'] != "") { ## Get the specified accounts: # get the search details: if(isset($VAR['search_id'])) { include_once(PATH_CORE . 'search.inc.php'); $search = new CORE_search; $search->get($VAR['search_id']); } else { # invalid search! echo '
The search terms submitted were invalid!'; # translate... # alert return; } # generate the full query $field_list = AGILE_DB_PREFIX."account.email, ". AGILE_DB_PREFIX."account.first_name, ". AGILE_DB_PREFIX."account.last_name "; $q = eregi_replace("%%fieldList%%", $field_list, $search->sql); $q = eregi_replace("%%tableList%%", AGILE_DB_PREFIX."account", $q); $q = eregi_replace("%%whereList%%", "", $q); $q .= " ".AGILE_DB_PREFIX."account.site_id = '" . DEFAULT_SITE . "'"; $db = &DB(); $account = $db->Execute($q); // check results if($account->RecordCount() == 0) { $C_debug->alert($C_translate->translate('account_non_exist','account_admin','')); return; } // get the selected email setup details $db = &DB(); $q = "SELECT * FROM ".AGILE_DB_PREFIX."setup_email WHERE site_id = ".$db->qstr(DEFAULT_SITE)." AND id = ".$db->qstr($VAR['mail_email_id']); $setup_email = $db->Execute($q); if($setup_email->fields['type'] == 0) { $type = 0; } else { $type = 1; $E['server'] = $setup_email->fields['server']; $E['account'] = $setup_email->fields['username']; $E['password'] = $setup_email->fields['password']; } // loop to send each e-mail while ( !$account->EOF ) { $E['priority'] = $VAR['mail_priority']; $E['html'] = '0'; $E['subject'] = $VAR['mail_subject']; $E['body_text'] = $VAR['mail_message']; $E['to_email'] = $account->fields['email']; $E['to_name'] = $account->fields['first_name'] . ' ' . $account->fields['last_name']; $E['from_name'] = $setup_email->fields['from_name']; $E['from_email'] = $setup_email->fields['from_email']; ### Call the mail class require_once(PATH_CORE . 'email.inc.php'); $email = new CORE_email; $email = new CORE_email; if($type == 0) $email->PHP_Mail($E); else $email->SMTP_Mail($E); ### Next record $account->MoveNext(); } } else { ## Error message: $C_debug->alert($C_translate->translate('validate_any','','')); ## Stripslashes global $C_vars; $C_vars->strip_slashes_all(); return; } ## Success message: $C_debug->alert($C_translate->translate('mail_sent','account_admin','')); ## Stripslashes global $C_vars; $C_vars->strip_slashes_all(); } ############################## ## SEND PASSWORD CHANGE ## ############################## function send_password_email($VAR) { global $C_translate, $C_debug; require_once(PATH_MODULES . 'email_template/email_template.inc.php'); $my = new email_template; $my->send('password_change_instructions', @$VAR['id'], '', '', ''); echo $C_translate->translate("password_change_instructions","account_admin",""); } ############################## ## SEND VERIFY E-MAIL ## ############################## function send_verify_email($VAR) { global $C_translate, $C_debug; require_once(PATH_MODULES . 'email_template/email_template.inc.php'); $my = new email_template; $db = &DB(); $dbm = new CORE_database; echo $sql = $dbm->sql_select('account','date_orig',"id = {$VAR['id']}",'', $db); $result = $db->Execute($sql); $validation_str = strtoupper($result->fields['date_orig']. ':' . $VAR['id']); $my->send('account_registration_inactive', @$VAR['id'], @$VAR['id'], '', $validation_str); echo $C_translate->translate("account_verify_instructions","account_admin",""); } ############################## ## ADD ## ############################## function add($VAR) { if(!$this->checkLimits()) return false; // check account limits global $C_translate, $C_debug, $smarty; ### Set the hidden values: $VAR['account_admin_date_orig'] = time(); $VAR['account_admin_date_last'] = time(); if(!empty($VAR["account_admin_date_expire"])) { include_once(PATH_CORE.'validate.inc.php'); $val = new CORE_validate; $date_expire = $val->DateToEpoch(false, $VAR["account_admin_date_expire"]); } else { $date_expire = 0; } ### Determine the proper account status: if(!isset($VAR['account_admin_status']) || $VAR['account_admin_status'] != "1") $status = 0; else $status = 1; ### DEFINE A USERNAME: if(empty($VAR['account_admin_username'])) { $length = 4; srand((double)microtime()*1000000); $vowels = array("a", "e", "i", "o", "u"); $cons = array("b", "c", "d", "g", "h", "j", "k", "l", "m", "n", "p", "r", "s", "t", "u", "v", "w", "tr", "cr", "br", "fr", "th", "dr", "ch", "ph", "wr", "st", "sp", "sw", "pr", "sl", "cl"); $num_vowels = count($vowels); $num_cons = count($cons); for($i = 0; $i < $length; $i++){ @$VAR['account_admin_username'] .= $cons[rand(0, $num_cons - 1)] . $vowels[rand(0, $num_vowels - 1)]; } } ## Single field login: if(defined('SINGLE_FIELD_LOGIN') && SINGLE_FIELD_LOGIN==true && empty($VAR['account_admin_password'])) { $VAR['account_admin_password']='none'; $passwd = 'none'; } ### DEFINE A PASSWORD: if(empty($VAR['account_admin_password'])) { srand((double)microtime() * 1000000); $UniqID = md5(uniqid(rand())); @$VAR['account_admin_password'] = substr(md5(uniqid(rand())), 0, 10); $passwd = '********'; } else { $passwd = $VAR['account_admin_password']; /* hash the password */ if(defined('PASSWORD_ENCODING_SHA')) $VAR['account_admin_password'] = sha1($VAR['account_admin_password']); else $VAR['account_admin_password'] = md5($VAR['account_admin_password']); } #################################################################### ### loop through the field list to validate the required fields #################################################################### $type = 'add'; $this->method["$type"] = split(",", $this->method["$type"]); $arr = $this->method["$type"]; include_once(PATH_CORE . 'validate.inc.php'); $validate = new CORE_validate; $this->validated = true; while (list ($key, $value) = each ($arr)) { # get the field value $field_var = $this->module . '_' . $value; $field_name = $value; #################################################################### ### perform any field validation... #################################################################### # check if this value is unique if(isset($this->field["$value"]["unique"]) && isset($VAR["$field_var"])) { if(!$validate->validate_unique($this->table, $field_name, "record_id", $VAR["$field_var"])) { $this->validated = false; $this->val_error[] = array('field' => $this->table . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), # translate 'error' => $C_translate->translate('validate_unique',"", "")); } } # check if the submitted value meets the specifed requirements if(isset($this->field["$value"]["validate"])) { if(isset($VAR["$field_var"])) { if($VAR["$field_var"] != '') { if(!$validate->validate($field_name, $this->field["$value"], $VAR["$field_var"], $this->field["$value"]["validate"])) { $this->validated = false; $this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $validate->error["$field_name"] ); } } else { $this->validated = false; $this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_any',"", "")); } } else { $this->validated = false; $this->val_error[] = array('field' => $this->module . '_' . $field_name, 'field_trans' => $C_translate->translate('field_' . $field_name, $this->module, ""), 'error' => $C_translate->translate('validate_any',"", "")); } } } // validate the tax_id require_once(PATH_MODULES.'tax/tax.inc.php'); $taxObj=new tax; $tax_arr = @$VAR['account_admin_tax_id']; if(is_array($tax_arr)) { foreach($tax_arr as $country_id => $tax_id) { if ($country_id == $VAR['account_admin_country_id']) { $exempt = @$VAR["account_tax_id_exempt"][$country_id]; if(!$taxObj->TaxIdsValidate($country_id, $tax_id, $exempt)) { $this->validated = false; $this->val_error[] = array( 'field' => 'account_admin_tax_id', 'field_trans' => $taxObj->errField, 'error' => $C_translate->translate('validate_general', "", "")); } if($exempt) $account_admin_tax_id=false; else $account_admin_tax_id=$tax_id; } } } #################################################################### ### Get required static_Vars and validate them... return an array ### w/ ALL errors... #################################################################### require_once(PATH_CORE . 'static_var.inc.php'); $static_var = new CORE_static_var; if(!isset($this->val_error)) $this->val_error = false; $all_error = $static_var->validate_form('account', $this->val_error); if($all_error != false && gettype($all_error) == 'array') $this->validated = false; else $this->validated = true; #################################################################### ### If validation was failed, skip the db insert & ### set the errors & origonal fields as Smarty objects, ### and change the page to be loaded. #################################################################### if(!$this->validated) { global $smarty; # set the errors as a Smarty Object $smarty->assign('form_validation', $all_error); # set the page to be loaded if(!defined("FORCE_PAGE")) { define('FORCE_PAGE', $VAR['_page_current']); } # Stripslashes global $C_vars; $C_vars->strip_slashes_all(); return; } # Get default invoice options $db=&DB(); $invopt=$db->Execute(sqlSelect($db,"setup_invoice","*","")); if($invopt && $invopt->RecordCount()) { $invoice_delivery=$invopt->fields['invoice_delivery']; $invoice_format=$invopt->fields['invoice_show_itemized']; } #################################################################### ### Insert the account record #################################################################### $this->account_id = $db->GenID(AGILE_DB_PREFIX . 'account_id'); $validation_str = time(); /** get parent id */ @$parent_id = @$VAR["account_admin_parent_id"]; if(empty($parent_id)) $parent_id = $this->account_id; $sql = ' INSERT INTO ' . AGILE_DB_PREFIX . 'account SET id = ' . $db->qstr ( $this->account_id ) . ', site_id = ' . $db->qstr ( DEFAULT_SITE ) . ', date_orig = ' . $db->qstr ( $validation_str ) . ', date_last = ' . $db->qstr ( time()) . ', date_expire = ' . $db->qstr ( $date_expire ) . ', language_id = ' . $db->qstr ( $VAR["account_admin_language_id"] ) . ', country_id = ' . $db->qstr ( $VAR["account_admin_country_id"] ) . ', parent_id = ' . $db->qstr ( $parent_id ) . ', affiliate_id = ' . $db->qstr ( @$VAR["account_admin_affiliate_id"] ) . ', reseller_id = ' . $db->qstr ( @$VAR["account_admin_reseller_id"] ) . ', currency_id = ' . $db->qstr ( $VAR["account_admin_currency_id"] ) . ', theme_id = ' . $db->qstr ( $VAR["account_admin_theme_id"] ) . ', username = ' . $db->qstr ( $VAR["account_admin_username"] ) . ', password = ' . $db->qstr ( $VAR["account_admin_password"] ) . ', status = ' . $db->qstr ( $status ) . ', first_name = ' . $db->qstr ( $VAR["account_admin_first_name"] ) . ', middle_name = ' . $db->qstr ( $VAR["account_admin_middle_name"] ) . ', last_name = ' . $db->qstr ( $VAR["account_admin_last_name"] ) . ', company = ' . $db->qstr ( $VAR["account_admin_company"] ) . ', title = ' . $db->qstr ( $VAR["account_admin_title"] ) . ', email = ' . $db->qstr ( $VAR["account_admin_email"] ) . ', address1 = ' . $db->qstr ( $VAR["account_admin_address1"] ) . ', address2 = ' . $db->qstr ( $VAR["account_admin_address2"] ) . ', city = ' . $db->qstr ( $VAR["account_admin_city"] ) . ', state = ' . $db->qstr ( $VAR["account_admin_state"] ) . ', zip = ' . $db->qstr ( $VAR["account_admin_zip"] ) . ', misc = ' . $db->qstr ( $VAR["account_admin_misc"] ) . ', email_type = ' . $db->qstr ( $VAR["account_admin_email_html"] ) . ', invoice_delivery= ' . $db->qstr ( @$invoice_delivery ) . ', invoice_show_itemized=' . $db->qstr ( @$invoice_format ) . ', invoice_advance_gen = ' . $db->qstr ( MAX_INV_GEN_PERIOD ) . ', invoice_grace = ' . $db->qstr ( GRACE_PERIOD ) . ', tax_id = ' . $db->qstr ( @$account_tax_id ); $result = $db->Execute($sql); ### error reporting: if ($result === false) { global $C_debug; $C_debug->error('account_admin.inc.php','add', $db->ErrorMsg()); if(isset($this->trigger["$type"])) { include_once(PATH_CORE . 'trigger.inc.php'); $trigger = new CORE_trigger; $trigger->trigger($this->trigger["$type"], 0, $VAR); } return; } /* password logging class */ global $C_list; if($C_list->is_installed('account_password_history')) { include_once(PATH_MODULES.'account_password_history/account_password_history.inc.php'); $accountHistory = new account_password_history(); $accountHistory->setNewPassword($this->account_id, $VAR["account_admin_password"]); } ### Add the account to the default group: $this->add_account_groups($VAR['groups'], $this->account_id, $VAR['account_admin_date_expire']); ### Insert the static vars: $static_var->add($VAR, 'account', $this->account_id); ### Mail the new user if(!empty($VAR['welcome_email'])) { require_once(PATH_MODULES . 'email_template/email_template.inc.php'); $my = new email_template; if($status == "1") { $my->send('account_add_staff_active', $this->account_id, '', '', $passwd); } else { $validation_str = strtoupper($validation_str. ':' .$this->account_id); $my->send('account_add_staff_inactive', $this->account_id, $this->account_id, '', $validation_str); } } ### Do any db_mapping if($C_list->is_installed('db_mapping')) { include_once ( PATH_MODULES . 'db_mapping/db_mapping.inc.php' ); $db_map = new db_mapping; if(!empty($passwd)) $db_map->plaintext_password = $passwd; else $db_map->plaintext_password = false; $db_map->account_add ( $this->account_id ); } ### Display the welcome message if($status == "1") { $C_debug->alert($C_translate->translate("staff_add_active","account_admin","")); } else { $C_debug->alert($C_translate->translate("staff_add_inactive","account_admin","")); } #$VAR["id"] = $this->account_id; $url = '?_page=' . $VAR['_page'] . '&id=' . $this->account_id; if(!empty($VAR['id'])) $url.= '&_escape=1'; if(!empty($VAR['field'])) { $url .= '&field='.$VAR['field']; $url .= '&name='.$VAR['account_admin_first_name'].' '.$VAR['account_admin_last_name']; } define('REDIRECT_PAGE', $url); ### Affiliate Auto Creation if(AUTO_AFFILIATE == 1 && $C_list->is_installed("affiliate")) { $VAR['affiliate_account_id'] = $this->account_id; $VAR['affiliate_template_id'] = DEFAULT_AFFILIATE_TEMPLATE; @$VAR['affiliate_parent_affiliate_id'] = $VAR['account_admin_affiliate_id']; include_once(PATH_MODULES . 'affiliate/affiliate.inc.php'); $affiliate = new affiliate; $affiliate->add($VAR, $affiliate); } return; } ############################## ## VIEW ## ############################## function view($VAR) { if(!$this->checkLimits()) return false; // check account limits global $C_auth; $type = "view"; $this->method["$type"] = split(",", $this->method["$type"]); # set the field list for this method: $db = &DB(); $arr = $this->method[$type]; if(isset($VAR["id"])) { $id = split(',',$VAR["id"]); for($i=0; $iqstr($id[$i])." "; $ii++; } else { $id_list .= " OR id = " .$db->qstr($id[$i]). " "; $ii++; } } } } if($ii>0) { # generate the full query $q = "SELECT * FROM ".AGILE_DB_PREFIX."account WHERE $id_list AND site_id = '" . DEFAULT_SITE . "'"; $result = $db->Execute($q); # error reporting if ($result === false) { global $C_debug; $C_debug->error('account_admin.inc.php','view', $db->ErrorMsg() . ' ' . $q); return; } # put the results into a smarty accessable array $i=0; $class_name = TRUE; while (!$result->EOF) { $smart[$i] = $result->fields; if($class_name) { $smart[$i]["i"] = $i; } else { $smart[$i]["i"] = $i; } ### Get any authorized groups: $dba = &DB(); $sql = 'SELECT service_id,group_id FROM ' . AGILE_DB_PREFIX . 'account_group WHERE site_id = ' . $dba->qstr(DEFAULT_SITE) . ' AND account_id = ' . $dba->qstr($result->fields['id']) . ' AND active = ' . $dba->qstr("1") . ' ORDER BY group_id'; $groups = $dba->Execute($sql); while (!$groups->EOF) { if($groups->fields['service_id'] == '') $group[] = $groups->fields['group_id']; $groups->MoveNext(); } $smart[$i]["groups"] = $group; ### Verify the user has access to view this account: if(SESS_ACCOUNT != $result->fields['id']) { $smart[$i]['own_account'] = false; $display_this = true; for($ix=0; $ixauth_group_by_id($group[$ix])) $display_this = false; } } else { $display_this = true; $smart[$i]['own_account'] = true; } ### Get the static vars: require_once(PATH_CORE . 'static_var.inc.php'); $static_var = new CORE_static_var; $arr = $static_var->update_form('account', 'update', $result->fields['id']); if(gettype($arr) == 'array') { $smart[$i]["static_var"] = $arr; } ### Get the last activity date/IP $sql = "SELECT * FROM ".AGILE_DB_PREFIX."login_log WHERE account_id = {$result->fields['id']} AND site_id = ".DEFAULT_SITE." ORDER BY date_orig DESC "; $rslast = $db->SelectLimit($sql, 1); if($rslast != false && $rslast->RecordCount() == 1) { $smart[$i]["last_activity"] = $rslast->fields['date_orig']; $smart[$i]["last_ip"] = $rslast->fields['ip']; } else { $smart[$i]["last_activity"] = $result->fields['date_orig']; $smart[$i]["last_ip"] = ''; } ### Get invoice details for this account: $sql = "SELECT id,date_orig,total_amt,billed_amt,process_status FROM ".AGILE_DB_PREFIX."invoice WHERE account_id = {$result->fields['id']} AND site_id = ".DEFAULT_SITE." ORDER BY id DESC "; $inv = $db->SelectLimit($sql, 10); if($inv != false && $inv->RecordCount() > 0) { while(!$inv->EOF) { if($inv->fields['total_amt'] > $inv->fields['billed_amt'] && $inv->fields['suspend_billing'] != 1) { $inv->fields['due'] = $inv->fields['total_amt'] - $inv->fields['billed_amt']; } $smart[$i]["invoice"][] = $inv->fields; $inv->MoveNext(); } } ### Get service details for this account: $sql = "SELECT id,sku,active,type,domain_name,domain_tld FROM ".AGILE_DB_PREFIX."service WHERE account_id = {$result->fields['id']} AND site_id = ".DEFAULT_SITE." ORDER BY id DESC "; $svc = $db->SelectLimit($sql, 10); if($svc != false && $svc->RecordCount() > 0) { while(!$svc->EOF) { $smart[$i]["service"][] = $svc->fields; $svc->MoveNext(); } } # define the results if(!$display_this) { unset($smart["$i"]); echo "You have selected an account for which you are not authorized, your permission settings are to low!

"; } else { $i++; } unset($group); $result->MoveNext(); } # get the result count: $results = $i; ### No results: if($i == 0) { global $C_debug; $C_debug->error("CORE:account_admin.inc.php", "view()", " The selected record does not exist any longer, or your account is not authorized to view it"); return; } global $smarty; $smarty->assign($this->table, $smart); $smarty->assign('results', $search->results); } } ############################## ## UPDATE ## ############################## function update($VAR) { global $C_list, $C_debug; if(!$this->checkLimits()) return false; // check account limits // validate the tax_id global $VAR; require_once(PATH_MODULES.'tax/tax.inc.php'); $taxObj=new tax; $tax_arr = @$VAR['account_admin_tax_id']; if(is_array($tax_arr)) { foreach($tax_arr as $country_id => $tax_id) { if ($country_id == $VAR['account_admin_country_id']) { $exempt = @$VAR["account_tax_id_exempt"][$country_id]; if(!$txRs=$taxObj->TaxIdsValidate($country_id, $tax_id, $exempt)) { $this->validated = false; global $C_translate; $this->val_error[] = array( 'field' => 'account_admin_tax_id', 'field_trans' => $taxObj->errField, 'error' => $C_translate->translate('validate_general', "", "")); } if($exempt) $VAR['account_admin_tax_id']=false; else $VAR['account_admin_tax_id']=$tax_id; } } } #################################################################### ### Get required static_Vars and validate them... return an array ### w/ ALL errors... #################################################################### require_once(PATH_CORE . 'static_var.inc.php'); $static_var = new CORE_static_var; if(!isset($this->val_error)) $this->val_error = false; $all_error = $static_var->validate_form('account', $this->val_error); if($all_error != false && gettype($all_error) == 'array') $this->validated = false; else $this->validated = true; #################################################################### # If validation was failed, skip the db insert & # set the errors & origonal fields as Smarty objects, # and change the page to be loaded. #################################################################### if(!$this->validated) { global $smarty; # set the errors as a Smarty Object $smarty->assign('form_validation', $all_error); # set the page to be loaded if(!defined("FORCE_PAGE")) { define('FORCE_PAGE', $VAR['_page_current']); } return; } ### Get the old username ( for db mapping ) $db = &DB(); $sql = 'SELECT username FROM ' . AGILE_DB_PREFIX . 'account WHERE site_id = ' . $db->qstr(DEFAULT_SITE) . ' AND id = ' . $db->qstr($VAR['account_admin_id']); $result = $db->Execute($sql); if($result->RecordCount() > 0) { $old_username = $result->fields['username']; } ### Update the password: $update_password=false; if(!empty($VAR['_password'])) { $VAR['account_admin_password'] = $VAR['_password']; /* check if new password is ok */ if($C_list->is_installed('account_password_history')) { include_once(PATH_MODULES.'account_password_history/account_password_history.inc.php'); $accountHistory = new account_password_history(); if(!$accountHistory->getIsPasswordOk($VAR['account_admin_id'], $VAR['account_admin_password'], false)) { $C_debug->alert("The password you have selected has been used recently and cannot be used again at this time for security purposes."); unset($VAR['account_admin_password']); } else { $update_password=true; } } } ### Update the record $type = "update"; $this->method["$type"] = split(",", $this->method["$type"]); $db = new CORE_database; $ok = $db->update($VAR, $this, $type); if($ok) { /* password logging class */ if($update_password && is_object($accountHistory)) $accountHistory->setNewPassword($VAR['account_admin_id'], $VAR["account_admin_password"], false); ### Update the static vars: $static_var->update($VAR, 'account', $VAR['account_admin_id']); ### Do any db_mapping if($C_list->is_installed('db_mapping')) { include_once ( PATH_MODULES . 'db_mapping/db_mapping.inc.php' ); $db_map = new db_mapping; if(!empty($VAR['account_admin_password'])) $db_map->plaintext_password = $VAR['account_admin_password']; else $db_map->plaintext_password = false; $db_map->account_edit ( $VAR['account_admin_id'], $old_username ); } // remove login lock if($VAR['account_admin_status']) { $db=&DB(); $delrs = $db->Execute($sql=sqlDelete($db,"login_lock","account_id={$VAR['account_admin_id']}")); $delrs = $db->Execute($sql=sqlDelete($db,"login_log","account_id={$VAR['account_admin_id']} AND status=0")); } return true; } } ############################## ## MERGE ## ############################## function merge($VAR) { $db = &DB(); global $C_auth, $C_list, $C_translate, $C_debug; if(empty($VAR['id']) || empty($VAR['merge_acct_id'])) { $C_debug->alert($C_translate->translate('merge_err','account_admin','')); return false; } $acct_id = $VAR['id']; $merge_acct_id = $VAR['merge_acct_id']; # Get merged account_group $q = "SELECT * FROM ".AGILE_DB_PREFIX."account_group WHERE ( service_id = '' OR service_id = 0 OR service_id IS NULL ) AND account_id = $acct_id AND site_id = ".DEFAULT_SITE; $rs = $db->Execute($q); if ($rs === false) { $C_debug->error('account_admin.inc.php','merge :: account_group', $db->ErrorMsg()); } else { while(!$rs->EOF) { $Cauth = new CORE_auth(true); if($Cauth->auth_group_by_account_id($merge_acct_id, $rs->fields['group_id'])) { # duplicate group, delete $q = "DELETE FROM ".AGILE_DB_PREFIX."account_group WHERE id = {$rs->fields['id']} AND site_id = ".DEFAULT_SITE; $db->Execute($q); } $rs->MoveNext(); } } # account_group $q = "UPDATE ".AGILE_DB_PREFIX."account_group SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE; $rs = $db->Execute($q); if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: account_group', $db->ErrorMsg()); # account_billing $q = "UPDATE ".AGILE_DB_PREFIX."account_billing SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE; $rs = $db->Execute($q); if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: account_billing', $db->ErrorMsg()); # cart $q = "UPDATE ".AGILE_DB_PREFIX."cart SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE; $rs = $db->Execute($q); if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: cart', $db->ErrorMsg()); # charge $q = "UPDATE ".AGILE_DB_PREFIX."charge SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE; $rs = $db->Execute($q); if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: charge', $db->ErrorMsg()); # discount $q = "UPDATE ".AGILE_DB_PREFIX."discount SET avail_account_id = $acct_id WHERE avail_account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE; $rs = $db->Execute($q); if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: charge', $db->ErrorMsg()); # invoice $q = "UPDATE ".AGILE_DB_PREFIX."invoice SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE; $rs = $db->Execute($q); if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: invoice', $db->ErrorMsg()); # log_error $q = "UPDATE ".AGILE_DB_PREFIX."log_error SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE; $rs = $db->Execute($q); if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: log_error', $db->ErrorMsg()); # login_lock $q = "DELETE FROM ".AGILE_DB_PREFIX."login_lock WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE; $rs = $db->Execute($q); if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: login_lock', $db->ErrorMsg()); # login_log $q = "UPDATE ".AGILE_DB_PREFIX."login_log SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE; $rs = $db->Execute($q); if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: login_log', $db->ErrorMsg()); # search $q = "UPDATE ".AGILE_DB_PREFIX."search SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE; $rs = $db->Execute($q); if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: search', $db->ErrorMsg()); # service $q = "UPDATE ".AGILE_DB_PREFIX."service SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE; $rs = $db->Execute($q); if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: service', $db->ErrorMsg()); # session $q = "DELETE FROM ".AGILE_DB_PREFIX."session WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE; $rs = $db->Execute($q); if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: session', $db->ErrorMsg()); # staff $q = "UPDATE ".AGILE_DB_PREFIX."staff SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE; $rs = $db->Execute($q); if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: staff', $db->ErrorMsg()); # affiliate if($C_list->is_installed('affiliate')) { $q = "UPDATE ".AGILE_DB_PREFIX."affiliate SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE; $rs = $db->Execute($q); if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: affiliate', $db->ErrorMsg()); } # ticket if($C_list->is_installed('ticket')) { $q = "UPDATE ".AGILE_DB_PREFIX."ticket SET account_id = $acct_id WHERE account_id = $merge_acct_id AND site_id = ".DEFAULT_SITE; $rs = $db->Execute($q); if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: ticket', $db->ErrorMsg()); } # DB Mapping if($C_list->is_installed('db_mapping')) { $dbsql = "SELECT username FROM ".AGILE_DB_PREFIX."account WHERE site_id = ".$db->qstr(DEFAULT_SITE)." AND id = ".$db->qstr($merge_acct_id); $resultdb = $db->Execute($dbsql); $old_username = $resultdb->fields['username']; include_once ( PATH_MODULES . 'db_mapping/db_mapping.inc.php' ); $db_map = new db_mapping; $db_map->account_delete ( $merge_acct_id, $old_username ); } # Delete account $q = "DELETE FROM ".AGILE_DB_PREFIX."account WHERE id = $merge_acct_id AND site_id = ".DEFAULT_SITE; $rs = $db->Execute($q); if ($rs === false) $C_debug->error('account_admin.inc.php','merge :: account', $db->ErrorMsg()); $C_debug->alert($C_translate->translate('merge_ok','account_admin','')); return; } ############################## ## DELETE ## ############################## function delete($VAR) { $db = &DB(); global $C_auth, $C_list; # set the id $id = $this->table . '_id'; # generate the list of ID's $id_list = ''; $account_id_list = ''; $discount_id_list = ''; $ii=0; if(isset($VAR["delete_id"])) { $id = split(',',$VAR["delete_id"]); } elseif (isset($VAR["id"])) { $id = split(',',$VAR["id"]); } for($i=0; $iExecute($sql); while (!$groups->EOF) { $group[] = $groups->fields['group_id']; $groups->MoveNext(); } ### Verify the user has access to view this account: $delete_this = true; if(!empty($group) && is_array($group)) { for($ix=0; $ixauth_group_by_id($group[$ix])) { $delete_this = false; $ix = count($group); } } } unset($group); ### Verify this is not the admin account or the current user's account: if(SESS_ACCOUNT == $id[$i] || $id[$i] == '1') $delete_this = false; ### Generate the SQL if($delete_this) { if($i == 0) { $id_list .= " id = " . $db->qstr($id[$i], get_magic_quotes_gpc()) . " "; $account_id_list .= " account_id = " . $db->qstr($id[$i], get_magic_quotes_gpc()) . " "; $discount_id_list .= " account_id = " . $db->qstr($id[$i], get_magic_quotes_gpc()) . " "; $ii++; } else { $id_list .= " OR id = " . $db->qstr($id[$i], get_magic_quotes_gpc()) . " "; $account_id_list .= " OR account_id = " . $db->qstr($id[$i], get_magic_quotes_gpc()) . " "; $discount_id_list .= " OR account_id = " . $db->qstr($id[$i], get_magic_quotes_gpc()) . " "; $ii++; } #################################################################### ### Do any db_mapping #################################################################### $dbsql = "SELECT username FROM ".AGILE_DB_PREFIX."account WHERE site_id = ".$db->qstr(DEFAULT_SITE)." AND id = ".$db->qstr($id[$i]); $resultdb = $db->Execute($dbsql); $old_username = $resultdb->fields['username']; if($C_list->is_installed('db_mapping')) { include_once ( PATH_MODULES . 'db_mapping/db_mapping.inc.php' ); $db_map = new db_mapping; $db_map->account_delete ( $id[$i], $old_username ); } } } } $db = &DB(); if($ii>0) { # generate the full query (account) $q = "DELETE FROM ".AGILE_DB_PREFIX."account WHERE $id_list AND site_id = ".$db->qstr(DEFAULT_SITE); $result = $db->Execute($q); # generate the full query (sessions) $q = "DELETE FROM ".AGILE_DB_PREFIX."session WHERE $account_id_list AND site_id = ".$db->qstr(DEFAULT_SITE); $db->Execute($q); # generate the full query (account_billing) $q = "DELETE FROM ".AGILE_DB_PREFIX."account_billing WHERE $account_id_list AND site_id = ".$db->qstr(DEFAULT_SITE); $db->Execute($q); # generate the full query (account_group) $q = "DELETE FROM ".AGILE_DB_PREFIX."account_group WHERE $account_id_list AND site_id = ".$db->qstr(DEFAULT_SITE); $db->Execute($q); # generate the full query (cart) $q = "DELETE FROM ".AGILE_DB_PREFIX."cart WHERE $account_id_list AND site_id = ".$db->qstr(DEFAULT_SITE); $db->Execute($q); # generate the full query (search) $q = "DELETE FROM ".AGILE_DB_PREFIX."search WHERE $account_id_list AND site_id = ".$db->qstr(DEFAULT_SITE); $db->Execute($q); # generate the full query (staff) $q = "DELETE FROM ".AGILE_DB_PREFIX."staff WHERE $account_id_list AND site_id = ".$db->qstr(DEFAULT_SITE); $db->Execute($q); # generate the full query (ticket) if($C_list->is_installed('ticket')) { $q = "SELECT id FROM ".AGILE_DB_PREFIX."ticket WHERE $account_id_list AND site_id = ".$db->qstr(DEFAULT_SITE); $ticket = $db->Execute($q); if($ticket != false && $ticket->RecordCount() > 0) { while( !$ticket->EOF ) { include_once(PATH_MODULES.'ticket/ticket.inc.php'); $tk = new ticket; $arr['id'] = $ticket->fields['id']; $tk->delete($arr, $tk); $ticket->MoveNext(); } } } # generate the full query (affiliate) if($C_list->is_installed('affiliate')) { $q = "DELETE FROM ".AGILE_DB_PREFIX."affiliate WHERE $account_id_list AND site_id = ".$db->qstr(DEFAULT_SITE); $db->Execute($q); } # generate the full query (discount) $q = "DELETE FROM ".AGILE_DB_PREFIX."discount WHERE $discount_id_list AND site_id = ".$db->qstr(DEFAULT_SITE); $db->Execute($q); # generate the full query (invoice) $q = "SELECT id FROM ".AGILE_DB_PREFIX."invoice WHERE $account_id_list AND site_id = ".$db->qstr(DEFAULT_SITE); $invoice = $db->Execute($q); if($invoice != false && $invoice->RecordCount() > 0 ) { while( !$invoice->EOF ) { include_once(PATH_MODULES.'invoice/invoice.inc.php'); $inv = new invoice; $arr['id'] = $invoice->fields['id']; $inv->delete($arr, $inv); $invoice->MoveNext(); } } # error reporting if ($result === false) { global $C_debug; $C_debug->error('account_admin.inc.php','delete', $db->ErrorMsg()); } else { # Alert delete message global $C_debug, $C_translate; $C_translate->value["CORE"]["module_name"] = $C_translate->translate('name','account_admin',""); $message = $C_translate->translate('alert_delete_ids',"CORE",""); $C_debug->alert($message); } } } ############################## ## SEARCH FORM ## ############################## function search_form($VAR) { $type = "search"; $this->method["$type"] = split(",", $this->method["$type"]); $db = new CORE_database; $db->search_form($VAR, $this, $type); } ############################## ## SEARCH ## ############################## function search($VAR) { $type = "search"; $this->method["$type"] = split(",", $this->method["$type"]); $db = &DB(); include_once(PATH_CORE . 'validate.inc.php'); $validate = new CORE_validate; # set the search criteria array $arr = $VAR; # loop through the submitted field_names to get the WHERE statement $where_list = ''; $i=0; while (list ($key, $value) = each ($arr)) { if($i == 0) { if($value != '') { $pat = "^" . $this->module . "_"; if(eregi($pat, $key)) { $field = eregi_replace($pat,"",$key); if(eregi('%',$value)) { # do any data conversion for this field (date, encrypt, etc...) if(isset($this->field["$field"]["convert"])) { $value = $validate->convert($field, $value, $this->field["$field"]["convert"]); } $where_list .= " WHERE ".AGILE_DB_PREFIX."account.".$field . " LIKE " . $db->qstr($value, get_magic_quotes_gpc()); $i++; } else { # check if array if(is_array($value)) { for($i_arr=0; $i_arr < count($value); $i_arr++) { if($value["$i_arr"] != '') { # determine any field options (=, >, <, etc...) $f_opt = '='; $pat_field = $this->module.'_'.$field; $VAR['field_option']["$pat_field"]["$i_arr"]; if(isset($VAR['field_option']["$pat_field"]["$i_arr"])) { $f_opt = $VAR['field_option']["$pat_field"]["$i_arr"]; # error checking, safety precaution if($f_opt != '=' && $f_opt != '>' && $f_opt != '<' && $f_opt != '>=' && $f_opt != '<=' && $f_opt != '!=') $f_opt = '='; } # do any data conversion for this field (date, encrypt, etc...) if(isset($this->field["$field"]["convert"])) { $value["$i_arr"] = $validate->convert($field, $value["$i_arr"], $this->field["$field"]["convert"]); } if($i_arr == 0) { $where_list .= " WHERE ".AGILE_DB_PREFIX."account.".$field . " $f_opt " . $db->qstr($value["$i_arr"], get_magic_quotes_gpc()); $i++; } else { $where_list .= " AND ".AGILE_DB_PREFIX."account.".$field . " $f_opt " . $db->qstr($value["$i_arr"], get_magic_quotes_gpc()); $i++; } } } } else { $where_list .= " WHERE ".AGILE_DB_PREFIX."account.".$field . " = " . $db->qstr($value, get_magic_quotes_gpc()); $i++; } } } } } else { if($value != '') { $pat = "^" . $this->module . "_"; if(eregi($pat, $key)) { $field = eregi_replace($pat,"",$key); if(eregi('%',$value)) { # do any data conversion for this field (date, encrypt, etc...) if(isset($this->field["$field"]["convert"])) { $value = $validate->convert($field, $value, $this->field["$field"]["convert"]); } $where_list .= " AND ".AGILE_DB_PREFIX."account.".$field . " LIKE " . $db->qstr($value, get_magic_quotes_gpc()); $i++; } else { # check if array if(is_array($value)) { for($i_arr=0; $i_arr < count($value); $i_arr++) { if($value["$i_arr"] != '') { # determine any field options (=, >, <, etc...) $f_opt = '='; $pat_field = $this->module.'_'.$field; if(isset($VAR['field_option']["$pat_field"]["$i_arr"])) { $f_opt = $VAR['field_option']["$pat_field"]["$i_arr"]; # error checking, safety precaution if($f_opt != '=' && $f_opt != '>' && $f_opt != '<' && $f_opt != '>=' && $f_opt != '<=' && $f_opt != '!=') $f_opt = '='; } # do any data conversion for this field (date, encrypt, etc...) if(isset($this->field["$field"]["convert"])) { $value["$i_arr"] = $validate->convert($field, $value["$i_arr"], $this->field["$field"]["convert"]); } $where_list .= " AND ".AGILE_DB_PREFIX."account.". $field . " $f_opt " . $db->qstr($value["$i_arr"], get_magic_quotes_gpc()); $i++; } } } else { $where_list .= " AND ".AGILE_DB_PREFIX."account.". $field . " = ". $db->qstr($value, get_magic_quotes_gpc()); $i++; } } } } } } #### finalize the WHERE statement if($where_list == '') { $where_list .= ' WHERE '; } else { $where_list .= ' AND '; } # get limit type if(isset($VAR['limit'])) { $limit = $VAR['limit']; } else { $limit = $this->limit; } # get order by if(isset($VAR['order_by'])) { $order_by = $VAR['order_by']; } else { $order_by = $this->order_by; } $pre = AGILE_DB_PREFIX; $q = "SELECT DISTINCT ".AGILE_DB_PREFIX."account.id,".AGILE_DB_PREFIX."account.last_name,".AGILE_DB_PREFIX."account.first_name,".AGILE_DB_PREFIX."account.username FROM ".AGILE_DB_PREFIX."account "; $q_save = "SELECT DISTINCT %%fieldList%% FROM ".AGILE_DB_PREFIX."account "; # Code for group searches: if(!empty($VAR['account_group'])) $q .= " LEFT JOIN ".AGILE_DB_PREFIX."account_group ON ".AGILE_DB_PREFIX."account_group.account_id = ".AGILE_DB_PREFIX."account.id"; ######## GET ANY STATIC VARS TO SEARCH ########## $join_list = ''; if(!empty($VAR["static_relation"]) && count( $VAR["static_relation"] > 0 )) { while(list($idx, $value) = each ($VAR["static_relation"])) { if($value != "") { $join_list .= " INNER JOIN {$pre}static_var_record AS s{$idx} ON ( s{$idx}.record_id = {$pre}{$this->table}.id AND s{$idx}.static_var_relation_id = '{$idx}' AND s{$idx}.site_id = ".$db->qstr(DEFAULT_SITE)." AND"; if(ereg("%", $value)) $join_list .= " s{$idx}.value LIKE ".$db->qstr($VAR["static_relation"]["$idx"]); else $join_list .= " s{$idx}.value = ".$db->qstr($VAR["static_relation"]["$idx"]); $join_list .= " ) "; } } } ######## END STATIC VAR SEARCH ################## # standard where list $q .= $join_list . $where_list ." ".AGILE_DB_PREFIX."account.site_id = " . $db->qstr(DEFAULT_SITE); # Code for member group: if(!empty($VAR['account_group'])) { $q .= " AND ".AGILE_DB_PREFIX."account_group.group_id = " . $db->qstr($VAR['account_group'])." AND ".AGILE_DB_PREFIX."account_group.site_id = " . $db->qstr(DEFAULT_SITE); } if(!empty($VAR['account_group'])) { $q_save .= " LEFT JOIN ".AGILE_DB_PREFIX."account_group ON ".AGILE_DB_PREFIX."account_group.account_id = ".AGILE_DB_PREFIX."account.id "; if(!empty($join_list)) $q_save .= $join_list; $q_save .= $where_list ." %%whereList%% "; $q_save .= AGILE_DB_PREFIX."account_group.group_id = " . $db->qstr($VAR['account_group'])." AND "; } else { if(!empty($join_list)) $q_save .= $join_list; $q_save .= $where_list ." %%whereList%% "; } ################## DEBUG ################## #echo "
" . $q;
		#echo "

" . $q_save;
		#exit;

		# run the database query
		$result = $db->Execute($q);

		# error reporting
		if ($result === false)
		{
			global $C_debug;
			$C_debug->error('database.inc.php','search', $db->ErrorMsg());	  
			return false;      	                    	       
		}

		# get the result count:
		$results = $result->RecordCount();

		# get the first record id:
		if($results == 1)  $record_id = $result->fields['id'];

		# define the DB vars as a Smarty accessible block
		global $smarty; 

		# Create the definition for fast-forwarding to a single record:
		if ($results == 1 && !isset($this->fast_forward))
		{
			$smarty->assign('record_id', $record_id);
		}

		# create the search record:
		if($results > 0)
		{
			# create the search record
			include_once(PATH_CORE   . 'search.inc.php');
			$search = new CORE_search;
			$arr['module'] 	= $this->module;
			$arr['sql']		= $q_save;
			$arr['limit']  	= $limit;
			$arr['order_by']= $order_by;
			$arr['results']	= $results;
			$search->add($arr);

			# define the search id and other parameters for Smarty
			$smarty->assign('search_id', $search->id);

			# page:
			$smarty->assign('page', '1');

			# limit:
			$smarty->assign('limit', $limit);

			# order_by:
			$smarty->assign('order_by', $order_by);
		}

		# define the result count
		$smarty->assign('results', $results);         	    
	}






	##############################
	##		SEARCH SHOW	        ##
	##############################

	function search_show($VAR)
	{
		$type = "search";
		$this->method["$type"] = split(",", $this->method["$type"]);

		# set the field list for this method:
		$arr = $this->method[$type];

		$field_list = '';
		$i=0;
		while (list ($key, $value) = each ($arr))
		{
			if($i == 0)
			{
				$field_var =  $this->table . '_' . $value;
				$field_list .= AGILE_DB_PREFIX . "account" . "." . $value;

				// determine if this record is linked to another table/field
				if($this->field[$value]["asso_table"] != "")
				{
					$this->linked[] = array('field' => $value, 'link_table' => $this->field[$value]["asso_table"], 'link_field' => $this->field[$value]["asso_field"]);
				}
			}
			else
			{
				$field_var =  $this->table . '_' . $value;
				$field_list .= "," . AGILE_DB_PREFIX . "account" . "." . $value;

				// determine if this record is linked to another table/field
				if($this->field[$value]["asso_table"] != "")
				{
					$this->linked[] = array('field' => $value, 'link_table' => $this->field[$value]["asso_table"], 'link_field' => $this->field[$value]["asso_field"]);
				}
			}
			$i++;
		}  


		# get the search details:
		if(isset($VAR['search_id'])) {
			include_once(PATH_CORE   . 'search.inc.php');
			$search = new CORE_search;
			$search->get($VAR['search_id']);
		} else {
			# invalid search!
			echo '
 The search terms submitted were invalid!';       # translate... # alert

			if(isset($this->trigger["$type"])) {
				include_once(PATH_CORE   . 'trigger.inc.php');
				$trigger    = new CORE_trigger;
				$trigger->trigger($this->trigger["$type"], 0, $VAR);
			}
		}

		# get the sort order details:
		if(isset($VAR['order_by']) && $VAR['order_by'] != "") {
			$order_by = ' ORDER BY ' . AGILE_DB_PREFIX . 'account.'.$VAR['order_by'];
			$smarty_order =  $VAR['order_by'];
		} else  {
			$order_by = ' ORDER BY ' . AGILE_DB_PREFIX . 'account.'.$this->order_by;
			$smarty_order =  $search->order_by;
		}


		# determine the sort order
		if(isset($VAR['desc'])) {
			$order_by .= ' DESC';
			$smarty_sort = 'desc=';
		} else if(isset($VAR['asc']))  {
			$order_by .= ' ASC';
			$smarty_sort = 'asc=';
		} else {
			if (!eregi('date',$smarty_order)) {
				$order_by .= ' ASC';
				$smarty_sort = 'asc=';
			} else {
				$order_by .= ' DESC';
				$smarty_sort = 'desc=';
			}
		}

		# generate the full query

		$db = &DB();
		$q = eregi_replace("%%fieldList%%", $field_list, $search->sql);
		$q = eregi_replace("%%tableList%%", AGILE_DB_PREFIX.$construct->table, $q);
		$q = eregi_replace("%%whereList%%", "", $q);
		$q .= " ".AGILE_DB_PREFIX . "account."."site_id = " . $db->qstr(DEFAULT_SITE);
		$q .= $order_by;

		//////////////////
		#echo "
 $q 

";
		$current_page=1;
		$offset=-1;
		if (!empty($VAR['page'])) $current_page = $VAR['page'];
		if (empty($search->limit)) $search->limit=25; 
		if($current_page>1) $offset = (($current_page * $search->limit) - $search->limit);            
		$result = $db->SelectLimit($q, $search->limit, $offset);


		# error reporting
		if ($result === false)
		{		
			global $C_debug;
			$C_debug->error('database.inc.php','search', $db->ErrorMsg());

			if(isset($this->trigger["$type"]))
			{
				include_once(PATH_CORE   . 'trigger.inc.php');
				$trigger    = new CORE_trigger;
				$trigger->trigger($this->trigger["$type"], 0, $VAR);
			} 
			return;                    	        	
		}


		# put the results into a smarty accessable array  
		$i=0;
		$class_name = TRUE;
		while (!$result->EOF) {
			$smart[$i] = $result->fields;

			if($class_name)
			{
				$smart[$i]['_C'] = 'row1';
				$class_name = FALSE;
			} else {
				$smart[$i]['_C'] = 'row2';
				$class_name = TRUE;
			}
			$result->MoveNext();
			$i++;
		}


		# get any linked fields
		if($i > 0)
		{
			$db_join = new CORE_database;
			$this->result = $db_join->join_fields($smart, $this->linked);
		}
		else
		{
			$this->result = $smart;
		} 

		# get the result count:
		$results = $result->RecordCount();

		# define the DB vars as a Smarty accessible block
		global $smarty;

		# define the results
		$smarty->assign($this->table, $this->result);
		$smarty->assign('page',		$VAR['page']);
		$smarty->assign('order',	$smarty_order);
		$smarty->assign('sort',		$smarty_sort);
		$smarty->assign('limit',	$search->limit);
		$smarty->assign('search_id',$search->id);
		$smarty->assign('results', 	$search->results);

		# get the total pages for this search:
		if(empty($search->limit))
			$this->pages = 1;
		else
			$this->pages = intval($search->results / $search->limit);
		if ($search->results % $search->limit) $this->pages++;

		# total pages
		$smarty->assign('pages', 	$this->pages);

		# current page
		$smarty->assign('page', 	$current_page);
		$page_arr = '';
		for($i=0; $i <= $this->pages; $i++)
		{
			if ($this->page != $i) 	$page_arr[] = $i;
		}

		# page array for menu
		$smarty->assign('page_arr',	$page_arr); 
	}	



	##############################
	##	   SEARCH EXPORT        ##
	##############################
	function search_export($VAR)
	{
		if(!$this->checkLimits()) return false; // check account limits

	   # require the export class    	
	   require_once (PATH_CORE   . "export.inc.php");

	   # Call the correct export function for inline browser display, download, email, or web save.
	   if($VAR["format"] == "excel")
	   {
		   $type = "export_excel";
		   $this->method["$type"] = split(",", $this->method["$type"]);
		   $export = new CORE_export;
		   $export->search_excel($VAR, $this, $type);
	   }

	   else if ($VAR["format"] == "pdf")
	   {
		   $type = "export_pdf";
		   $this->method["$type"] = split(",", $this->method["$type"]);
		   $export = new CORE_export;
		   $export->search_pdf($VAR, $this, $type);      	
	   }

	   else if ($VAR["format"] == "xml")
	   {
		   $type = "export_xml";
		   $this->method["$type"] = split(",", $this->method["$type"]);
		   $export = new CORE_export;
		   $export->search_xml($VAR, $this, $type);
	   }

	   else if ($VAR["format"] == "csv")
	   {
		   $type = "export_csv";
		   $this->method["$type"] = split(",", $this->method["$type"]);
		   $export = new CORE_export;
		   $export->search_csv($VAR, $this, $type);
	   }

	   else if ($VAR["format"] == "tab")
	   {
		   $type = "export_tab";
		   $this->method["$type"] = split(",", $this->method["$type"]);
		   $export = new CORE_export;
		   $export->search_tab($VAR, $this, $type);
	   }
	}




	##############################
	##	   ADD GROUPS           ##
	##############################

	function add_account_groups($groups, $account, $expire)
	{
		global $C_auth;
		$ii = 0;

		#loop through the array to add each account_group record
		for($i=0; $iauth_group_by_id($groups[$i]))
			{

				# add the account to the selected groups...
				$dba = &DB();

				# determine the record id:
				$this->new_id = $dba->GenID(AGILE_DB_PREFIX . "" . 'account_group_id');

				# generate the full query
				$q = "INSERT INTO ".AGILE_DB_PREFIX."account_group
					  SET
					  id          = ". $dba->qstr($this->new_id).",
					  date_orig   = ". $dba->qstr(time()).",
					  date_expire = ". $dba->qstr($expire).",
					  group_id    = ". $dba->qstr($groups[$i]).",
					  account_id  = ". $dba->qstr($account).",
					  active      = ". $dba->qstr('1').",
					  site_id     = ". $dba->qstr(DEFAULT_SITE);

				# execute the query
				$result = $dba->Execute($q);
				$ii++;

				# error reporting:
				if ($result === false) { 
					global $C_debug;
					$C_debug->error('account_admin.inc.php','add_account_groups', $dba->ErrorMsg());		
				}
			}
		}

		### Add default group
		if($ii == 0)
		{
			# add the account to the selected groups...
			$dba = &DB();

			# determine the record id:
			$this->new_id = $dba->GenID(AGILE_DB_PREFIX . "" . 'account_group_id');

			# generate the full query
			$q = "INSERT INTO ".AGILE_DB_PREFIX."account_group
					SET
					id          = ". $dba->qstr($this->new_id).",
					date_orig   = ". $dba->qstr(time()).",
					date_expire = ". $dba->qstr($expire).",
					group_id    = ". $dba->qstr(DEFAULT_GROUP).",
					account_id  = ". $dba->qstr($account).",
					active      = ". $dba->qstr('1').",
					site_id     = ". $dba->qstr(DEFAULT_SITE);

			# execute the query
			$result = $dba->Execute($q);	
			if ($result === false) { 
				global $C_debug;
				$C_debug->error('account_admin.inc.php','add_account_groups', $dba->ErrorMsg());
			}					
		}
	}




	##############################
	##	UDPATE GROUPS           ##
	##############################

	function update_account_groups($VAR)
	{		
		global $C_auth;
		$ii = 0;
		@$groups = $VAR['groups'];
		@$account = $VAR['account_admin_id'];

		# admin accounts groups cannot be altered
		# user cannot modify their own groups
		if($account == "1" || SESS_ACCOUNT == $account)
		return false;

		### Drop the current groups for this account:
		# generate the full query
		$dba = &DB();
		$q = "DELETE FROM ".AGILE_DB_PREFIX."account_group
			  WHERE
			  service_id IS NULL AND
			  account_id  = ". $dba->qstr($account)." AND 
			  site_id     = ". $dba->qstr(DEFAULT_SITE);			
		# execute the query
		$result = $dba->Execute($q);

		#loop through the array to add each account_group record
		for($i=0; $iauth_group_by_id($groups[$i]))
			{
				# add the account to the selected groups...
				$dba = &DB();

				# determine the record id:
				$this->new_id = $dba->GenID(AGILE_DB_PREFIX . "" . 'account_group_id');

				# determine the expiration
				if(!empty($VAR['account_admin_date_expire']))
				{
					include_once(PATH_CORE.'validate.inc.php');
					$validate 	= new CORE_validate;
					$expire 	= $validate->DateToEpoch(DEFAULT_DATE_FORMAT,$VAR['account_admin_date_expire']); 
				} else {
					$expire 	= 0;
				}

				# generate the full query
				$q = "INSERT INTO ".AGILE_DB_PREFIX."account_group
					  SET
					  id          = ". $dba->qstr($this->new_id).",
					  date_orig   = ". $dba->qstr(time()).",
					  date_expire = ". $dba->qstr($expire).",
					  group_id    = ". $dba->qstr($groups[$i]).",
					  account_id  = ". $dba->qstr($account).",
					  active      = ". $dba->qstr('1').",
					  site_id     = ". $dba->qstr(DEFAULT_SITE);

				# execute the query
				$result = $dba->Execute($q);
				$ii++;

				# error reporting:
				if ($result === false) { 
					global $C_debug;
					$C_debug->error('account_admin.inc.php','update_account_groups', $dba->ErrorMsg());
				}
			}
		}

		### Add default group
		if($ii == 0)
		{
			# add the account to the selected groups...
			$dba = &DB();

			# determine the record id:
			$this->new_id = $dba->GenID(AGILE_DB_PREFIX . "" . 'account_group_id');

			# generate the full query
			$q = "INSERT INTO ".AGILE_DB_PREFIX."account_group
					SET
					id          = ". $dba->qstr($this->new_id).",
					date_orig   = ". $dba->qstr(time()).",
					date_expire = ". $dba->qstr(@$expire).",
					group_id    = ". $dba->qstr(DEFAULT_GROUP).",
					account_id  = ". $dba->qstr($account).",
					active      = ". $dba->qstr('1').",
					site_id     = ". $dba->qstr(DEFAULT_SITE); 
			$result = $dba->Execute($q);	 
			if ($result === false) { 
				global $C_debug;
				$C_debug->error('account_admin.inc.php','update_account_groups', $dba->ErrorMsg());
			}					
		}

		### Remove the user's session_auth_cache so it is regenerated on user's next pageview 
		$db = &DB();
		$q = "SELECT id FROM ".AGILE_DB_PREFIX."session WHERE
			  account_id  = ".$db->qstr($account)." AND
			  site_id     = ".$db->qstr(DEFAULT_SITE);
		$rss = $db->Execute($q);
		while(!$rss->EOF)
		{
			$q = "DELETE FROM ".AGILE_DB_PREFIX."session_auth_cache WHERE
				  session_id = ".$db->qstr($rss->fields['id'])." AND 
				  site_id 	 = ".$db->qstr(DEFAULT_SITE);
			$db->Execute($q);	
			$rss->MoveNext();
		}	

		### Do any db_mapping
		global $C_list;
		if($C_list->is_installed('db_mapping'))
		{
			include_once ( PATH_MODULES . 'db_mapping/db_mapping.inc.php' );
			$db_map = new db_mapping;
			$db_map->account_group_sync ( $account );
		}  								 
	}        	         	
}
?>