<?php
/* ----------------------------------------------------------------------
MyOOS [Shopsystem]
https://www.oos-shop.de
Copyright (c) 2003 - 2019 by the MyOOS Development Team.
----------------------------------------------------------------------
Based on:
File: admin_account.php,v 1.29 2002/03/17 17:52:23 harley_vb
----------------------------------------------------------------------
osCommerce, Open Source E-Commerce Solutions
http://www.oscommerce.com
Copyright (c) 2003 osCommerce
----------------------------------------------------------------------
Released under the GNU General Public License
---------------------------------------------------------------------- */
define('OOS_VALID_MOD', 'yes');
require 'includes/main.php';
$current_boxes = OOS_ABSOLUTE_PATH . 'admin/includes/boxes/';
$action = (isset($_GET['action']) ? $_GET['action'] : '');
if (!empty($action)) {
switch ($action) {
case 'check_password':
$admintable = $oostable['admin'];
$check_pass_query = "SELECT admin_password as confirm_password FROM $admintable WHERE admin_id = '" . oos_db_input($_POST['id_info']) . "'";
$check_pass = $dbconn->GetRow($check_pass_query);
// Check that password is good
if (!oos_validate_password($_POST['password_confirmation'], $check_pass['confirm_password'])) {
oos_redirect_admin(oos_href_link_admin($aContents['admin_account'], 'action=check_account&error=password'));
} else {
//$confirm = 'confirm_account';
$_SESSION['confirm_account'] = 'confirm';
oos_redirect_admin(oos_href_link_admin($aContents['admin_account'], 'action=edit_process'));
}
break;
case 'save_account':
$admin_id = oos_db_prepare_input($_POST['id_info']);
$admin_email_address = oos_db_prepare_input($_POST['admin_email_address']);
$stored_email[] = 'NONE';
$admintable = $oostable['admin'];
$check_email_query = "SELECT admin_email_address FROM " . $admintable . " WHERE admin_id <> " . $admin_id . "";
$check_email_result = $dbconn->Execute($check_email_query);
while ($check_email = $check_email_result->fields) {
$stored_email[] = $check_email['admin_email_address'];
// Move that ADOdb pointer!
$check_email_result->MoveNext();
}
if (in_array($_POST['admin_email_address'], $stored_email)) {
oos_redirect_admin(oos_href_link_admin($aContents['admin_account'], 'action=edit_process&error=email'));
} else {
$sql_data_array = array('admin_firstname' => oos_db_prepare_input($_POST['admin_firstname']),
'admin_lastname' => oos_db_prepare_input($_POST['admin_lastname']),
'admin_email_address' => oos_db_prepare_input($_POST['admin_email_address']),
'admin_password' => oos_encrypt_password(oos_db_prepare_input($_POST['admin_password'])),
'admin_modified' => 'now()');
oos_db_perform($oostable['admin'], $sql_data_array, 'UPDATE', 'admin_id = \'' . $admin_id . '\'');
//oos_mail($_POST['admin_firstname'] . ' ' . $_POST['admin_lastname'], $_POST['admin_email_address'], ADMIN_EMAIL_SUBJECT, sprintf(ADMIN_EMAIL_TEXT, $_POST['admin_firstname'], OOS_HTTPS_SERVER . OOS_SHOP . OOS_ADMIN, $_POST['admin_email_address'], $hiddenPassword, STORE_OWNER), STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
oos_redirect_admin(oos_href_link_admin($aContents['admin_account'], 'page=' . $_GET['page'] . '&mID=' . $admin_id));
}
break;
}
}
require 'includes/header.php';
require 'includes/account_check.js.php';
?>
<div class="wrapper">
<!-- Header //-->
<header class="topnavbar-wrapper">
<!-- Top Navbar //-->
<?php require 'includes/menue.php'; ?>
</header>
<!-- END Header //-->
<aside class="aside">
<!-- Sidebar //-->
<div class="aside-inner">
<?php require 'includes/blocks.php'; ?>
</div>
<!-- END Sidebar (left) //-->
</aside>
<!-- Main section //-->
<section>
<!-- Page content //-->
<div class="content-wrapper">
<!-- Breadcrumbs //-->
<div class="content-heading">
<div class="col-lg-12">
<h2><?php echo HEADING_TITLE; ?></h2>
<ol class="breadcrumb">
<li class="breadcrumb-item">
<?php echo '<a href="' . oos_href_link_admin($aContents['default']) . '">' . HEADER_TITLE_TOP . '</a>'; ?>
</li>
<li class="breadcrumb-item">
<?php echo '<a href="' . oos_href_link_admin($aContents['admin_account'], 'selected_box=administrator') . '">' . BOX_HEADING_ADMINISTRATOR . '</a>'; ?>
</li>
<li class="breadcrumb-item active">
<strong><?php echo HEADING_TITLE; ?></strong>
</li>
</ol>
</div>
</div>
<!-- END Breadcrumbs //-->
<?php if ($action == 'edit_process') { echo oos_draw_form('id', 'account', $aContents['admin_account'], 'action=save_account', 'post', FALSE, 'enctype="multipart/form-data"'); } elseif ($action == 'check_account') { echo oos_draw_form('id', 'account', $aContents['admin_account'], 'action=check_password', 'post', FALSE, 'enctype="multipart/form-data"'); } else { echo oos_draw_form('id', 'account', $aContents['admin_account'], 'action=check_account', 'post', FALSE,'enctype="multipart/form-data"'); } ?>
<div class="row wrapper wrapper-content">
<div class="row">
<div class="col-lg-12">
<!-- body_text //-->
<div class="table-responsive">
<table class="table w-100">
<tr>
<td valign="top">
<?php
$my_account_query = "SELECT a.admin_id, a.admin_firstname, a.admin_lastname, a.admin_email_address, a.admin_created, a.admin_modified, a.admin_logdate, a.admin_lognum, g.admin_groups_name FROM " . $oostable['admin'] . " a, " . $oostable['admin_groups'] . " g WHERE a.admin_id= " . $_SESSION['login_id'] . " AND g.admin_groups_id= " . $_SESSION['login_groups_id'] . "";
$myAccount = $dbconn->GetRow($my_account_query);
?>
<table class="table table-striped w-100">
<thead class="thead-dark">
<tr>
<th><?php echo TABLE_HEADING_ACCOUNT; ?></th>
</tr>
</thead>
<tr class="dataTableRow">
<td>
<table border="0" cellspacing="0" cellpadding="3">
<?php
if ( ($action == 'edit_process') && (isset($_SESSION['confirm_account'])) ) {
?>
<tr>
<td class="dataTableContent"><nobr><?php echo TEXT_INFO_FIRSTNAME; ?> </nobr></td>
<td class="dataTableContent"><?php echo oos_draw_input_field('admin_firstname', $myAccount['admin_firstname']); ?></td>
</tr>
<tr>
<td class="dataTableContent"><nobr><?php echo TEXT_INFO_LASTNAME; ?> </nobr></td>
<td class="dataTableContent"><?php echo oos_draw_input_field('admin_lastname', $myAccount['admin_lastname']); ?></td>
</tr>
<tr>
<td class="dataTableContent"><nobr><?php echo TEXT_INFO_EMAIL; ?> </nobr></td>
<td class="dataTableContent"><?php if ($_GET['error']) { echo oos_draw_input_field('admin_email_address', $myAccount['admin_email_address']) . ' <nobr>' . TEXT_INFO_ERROR . '</nobr>'; } else { echo oos_draw_input_field('admin_email_address', $myAccount['admin_email_address']); } ?></td>
</tr>
<tr>
<td class="dataTableContent"><nobr><?php echo TEXT_INFO_PASSWORD; ?> </nobr></td>
<td class="dataTableContent"><?php echo oos_draw_password_field('admin_password'); ?></td>
</tr>
<tr>
<td class="dataTableContent"><nobr><?php echo TEXT_INFO_PASSWORD_CONFIRM; ?> </nobr></td>
<td class="dataTableContent"><?php echo oos_draw_password_field('admin_password_confirm'); ?></td>
</tr>
<?php
} else {
if (isset($_SESSION['confirm_account'])) {
unset($_SESSION['confirm_account']);
}
?>
<tr>
<td class="dataTableContent"><nobr><?php echo TEXT_INFO_FULLNAME; ?> </nobr></td>
<td class="dataTableContent"><?php echo $myAccount['admin_firstname'] . ' ' . $myAccount['admin_lastname']; ?></td>
</tr>
<tr>
<td class="dataTableContent"><nobr><?php echo TEXT_INFO_EMAIL; ?> </nobr></td>
<td class="dataTableContent"><?php echo $myAccount['admin_email_address']; ?></td>
</tr>
<tr>
<td class="dataTableContent"><nobr><?php echo TEXT_INFO_PASSWORD; ?> </nobr></td>
<td class="dataTableContent"><?php echo TEXT_INFO_PASSWORD_HIDDEN; ?></td>
</tr>
<tr class="dataTableRowSelected">
<td class="dataTableContent"><nobr><?php echo TEXT_INFO_GROUP; ?> </nobr></td>
<td class="dataTableContent"><?php echo $myAccount['admin_groups_name']; ?></td>
</tr>
<tr>
<td class="dataTableContent"><nobr><?php echo TEXT_INFO_CREATED; ?> </nobr></td>
<td class="dataTableContent"><?php echo $myAccount['admin_created']; ?></td>
</tr>
<tr>
<td class="dataTableContent"><nobr><?php echo TEXT_INFO_LOGNUM; ?> </nobr></td>
<td class="dataTableContent"><?php echo $myAccount['admin_lognum']; ?></td>
</tr>
<tr>
<td class="dataTableContent"><nobr><?php echo TEXT_INFO_LOGDATE; ?> </nobr></td>
<td class="dataTableContent"><?php echo $myAccount['admin_logdate']; ?></td>
</tr>
<?php
}
?>
</table>
</td>
</tr>
<tr>
<td><table width="100%" border="0" cellspacing="0" cellpadding="3"><tr><td class="smallText" valign="top"><?php echo TEXT_INFO_MODIFIED . $myAccount['admin_modified']; ?></td><td class="text-right"><?php if ($action == 'edit_process') { echo '<a href="' . oos_href_link_admin($aContents['admin_account']) . '">' . oos_button(IMAGE_BACK) . '</a> '; if (isset($_SESSION['confirm_account'])) { echo oos_submit_button(IMAGE_SAVE); } } elseif ($action == 'check_account') { echo ' '; } else { echo oos_submit_button(BUTTON_EDIT); } ?></td><tr></table></td>
</tr>
</table>
</td>
<?php
$heading = array();
$contents = array();
switch ($action) {
case 'edit_process':
$heading[] = array('text' => '<b> ' . TEXT_INFO_HEADING_DEFAULT . '</b>');
$contents[] = array('text' => TEXT_INFO_INTRO_EDIT_PROCESS . oos_draw_hidden_field('id_info', $myAccount['admin_id']));
break;
case 'check_account':
$heading[] = array('text' => '<b> ' . TEXT_INFO_HEADING_CONFIRM_PASSWORD . '</b>');
$contents[] = array('text' => ' ' . TEXT_INFO_INTRO_CONFIRM_PASSWORD . oos_draw_hidden_field('id_info', $myAccount['admin_id']));
if ($_GET['error']) {
$contents[] = array('text' => ' ' . TEXT_INFO_INTRO_CONFIRM_PASSWORD_ERROR);
}
$contents[] = array('align' => 'center', 'text' => oos_draw_password_field('password_confirmation'));
$contents[] = array('align' => 'center', 'text' => '<a href="' . oos_href_link_admin($aContents['admin_account']) . '">' . oos_button(IMAGE_BACK) . '</a> ' . oos_submit_button(IMAGE_CONFIRM) . '<br /> ');
break;
default:
$heading[] = array('text' => '<b> ' . TEXT_INFO_HEADING_DEFAULT . '</b>');
$contents[] = array('text' => TEXT_INFO_INTRO_DEFAULT);
if ($myAccount['admin_email_address'] == 'none@none.com') {
$contents[] = array('text' => sprintf(TEXT_INFO_INTRO_DEFAULT_FIRST, $myAccount['admin_firstname']) . '<br /> ');
} elseif (($myAccount['admin_modified'] == '0000-00-00 00:00:00') || ($myAccount['admin_logdate'] <= 1) ) {
$contents[] = array('text' => sprintf(TEXT_INFO_INTRO_DEFAULT_FIRST_TIME, $myAccount['admin_firstname']) . '<br /> ');
}
}
if ( (oos_is_not_null($heading)) && (oos_is_not_null($contents)) ) {
?>
<td class="w-25">
<table class="table table-striped">
<?php
$box = new box;
echo $box->infoBox($heading, $contents);
?>
</table>
</td>
<?php
}
?>
</tr>
</table></form>
<!-- body_text_eof //-->
</div>
</div>
</div>
</div>
</section>
<!-- Page footer //-->
<footer>
<span>© 2019 - <a href="https://www.oos-shop.de" target="_blank" rel="noopener">MyOOS [Shopsystem]</a></span>
</footer>
</div>
<?php
require 'includes/bottom.php';
require 'includes/nice_exit.php';
?>