244 lines
9.0 KiB
PHP
244 lines
9.0 KiB
PHP
<?php
|
|
/* ----------------------------------------------------------------------
|
|
|
|
MyOOS [Shopsystem]
|
|
https://www.oos-shop.de
|
|
|
|
Copyright (c) 2003 - 2019 by the MyOOS Development Team.
|
|
----------------------------------------------------------------------
|
|
Based on:
|
|
|
|
File: login_admin.php
|
|
----------------------------------------------------------------------
|
|
osCommerce, Open Source E-Commerce Solutions
|
|
http://www.oscommerce.com
|
|
|
|
Copyright (c) 2002 - 2003 osCommerce
|
|
----------------------------------------------------------------------
|
|
Released under the GNU General Public License
|
|
----------------------------------------------------------------------
|
|
P&G Shipping Module Version 0.1 12/03/2002
|
|
osCommerce Shipping Management Module
|
|
Copyright (c) 2002 - Oliver Baelde
|
|
http://www.francecontacts.com
|
|
dev@francecontacts.com
|
|
- eCommerce Solutions development and integration -
|
|
|
|
osCommerce, Open Source E-Commerce Solutions
|
|
Copyright (c) 2002 osCommerce
|
|
http://www.oscommerce.com
|
|
|
|
IMPORTANT NOTE:
|
|
This script is not part of the official osCommerce distribution
|
|
but an add-on contributed to the osCommerce community. Please
|
|
read the README and INSTALL documents that are provided
|
|
with this file for further information and installation notes.
|
|
|
|
LICENSE:
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
(at your option) any later version.
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
All contributions are gladly accepted though Paypal.
|
|
---------------------------------------------------------------------- */
|
|
|
|
/** ensure this file is being included by a parent file */
|
|
defined( 'OOS_VALID_MOD' ) OR die( 'Direct Access to this location is not allowed.' );
|
|
|
|
// check
|
|
$manual_infotable = $oostable['manual_info'];
|
|
$sql = "SELECT status FROM $manual_infotable WHERE man_info_id = '1'";
|
|
$login = $dbconn->GetRow($sql);
|
|
if ($login['status'] == '0') {
|
|
oos_redirect(oos_href_link($aContents['403']));
|
|
}
|
|
|
|
// start the session
|
|
if ( $session->hasStarted() === FALSE ) $session->start();
|
|
|
|
|
|
require_once MYOOS_INCLUDE_PATH . '/includes/functions/function_key_generate.php';
|
|
require_once MYOOS_INCLUDE_PATH . '/includes/languages/' . $sLanguage . '/admin_login.php';
|
|
|
|
|
|
if (isset($_SESSION['customer_id'])) {
|
|
unset($_SESSION['customer_id']);
|
|
unset($_SESSION['customer_wishlist_link_id']);
|
|
unset($_SESSION['customer_default_address_id']);
|
|
unset($_SESSION['customer_gender']);
|
|
unset($_SESSION['customer_first_name']);
|
|
unset($_SESSION['customer_lastname']);
|
|
unset($_SESSION['customer_country_id']);
|
|
unset($_SESSION['customer_zone_id']);
|
|
unset($_SESSION['comments']);
|
|
unset($_SESSION['customer_max_order']);
|
|
unset($_SESSION['gv_id']);
|
|
unset($_SESSION['cc_id']);
|
|
unset($_SESSION['man_key']);
|
|
|
|
$_SESSION['cart']->reset();
|
|
|
|
$_SESSION['user']->anonymous();
|
|
}
|
|
|
|
|
|
if ( isset($_POST['action']) && ($_POST['action'] == 'login_process') &&
|
|
( isset($_SESSION['formid']) && ($_SESSION['formid'] == $_POST['formid'])) ){
|
|
|
|
$email_address = oos_prepare_input($_POST['email_address']);
|
|
$keya = oos_prepare_input($_POST['keya']);
|
|
$keyb = oos_prepare_input($_POST['keyb']);
|
|
|
|
if ( empty( $email_address ) || !is_string( $email_address ) ) {
|
|
oos_redirect(oos_href_link($aContents['403']));
|
|
}
|
|
|
|
if ( empty( $keyb ) || !is_string( $keyb ) ) {
|
|
oos_redirect(oos_href_link($aContents['403']));
|
|
}
|
|
|
|
$manual_infotable = $oostable['manual_info'];
|
|
$sql = "SELECT man_name, defined
|
|
FROM $manual_infotable
|
|
WHERE man_key = '" . oos_db_input($keya) . "'
|
|
AND man_key2 = '" . oos_db_input($keyb) . "'
|
|
AND status = '1'";
|
|
$login_result = $dbconn->Execute($sql);
|
|
if (!$login_result->RecordCount()) {
|
|
$manual_infotable = $oostable['manual_info'];
|
|
$dbconn->Execute("UPDATE $manual_infotable
|
|
SET man_key = '',
|
|
man_key2 = ''
|
|
WHERE man_info_id = '1'");
|
|
oos_redirect(oos_href_link($aContents['403']));
|
|
}
|
|
|
|
// Check if email exists
|
|
$customerstable = $oostable['customers'];
|
|
$sql = "SELECT customers_id, customers_gender, customers_firstname, customers_lastname,
|
|
customers_password, customers_wishlist_link_id,
|
|
customers_email_address, customers_default_address_id, customers_max_order
|
|
FROM $customerstable
|
|
WHERE customers_login = '1'
|
|
AND customers_email_address = '" . oos_db_input($email_address) . "'";
|
|
$check_customer_result = $dbconn->Execute($sql);
|
|
|
|
if (!$check_customer_result->RecordCount()) {
|
|
$manual_infotable = $oostable['manual_info'];
|
|
$dbconn->Execute("UPDATE " . $oostable['manual_info'] . "
|
|
SET man_key2 = ''
|
|
WHERE where man_info_id = '1'");
|
|
oos_redirect(oos_href_link($aContents['403']));
|
|
} else {
|
|
$check_customer = $check_customer_result->fields;
|
|
$login_result_values = $login_result->fields;
|
|
|
|
// Check that status is 1 and
|
|
$address_booktable = $oostable['address_book'];
|
|
$sql = "SELECT entry_vat_id, entry_vat_id_status, entry_country_id, entry_zone_id
|
|
FROM $address_booktable
|
|
WHERE customers_id = '" . intval($check_customer['customers_id']) . "'
|
|
AND address_book_id = '" . intval($check_customer['customers_default_address_id']) . "'";
|
|
$check_country = $dbconn->GetRow($sql);
|
|
|
|
$_SESSION['customer_wishlist_link_id'] = $check_customer['customers_wishlist_link_id'];
|
|
$_SESSION['customer_id'] = $check_customer['customers_id'];
|
|
$_SESSION['customer_default_address_id'] = $check_customer['customers_default_address_id'];
|
|
if (ACCOUNT_GENDER == 'true') $_SESSION['customer_gender'] = $check_customer['customers_gender'];
|
|
$_SESSION['customer_first_name'] = $check_customer['customers_firstname'];
|
|
$_SESSION['customer_lastname'] = $check_customer['customers_lastname'];
|
|
$_SESSION['customer_max_order'] = $check_customer['customers_max_order'];
|
|
$_SESSION['customer_country_id'] = $check_country['entry_country_id'];
|
|
$_SESSION['customer_zone_id'] = $check_country['entry_zone_id'];
|
|
if (ACCOUNT_VAT_ID == 'true') $_SESSION['customers_vat_id_status'] = $check_customer['entry_vat_id_status'];
|
|
|
|
$_SESSION['man_key'] = $keya;
|
|
|
|
$_SESSION['user']->restore_group();
|
|
$aUser = $_SESSION['user']->group;
|
|
|
|
// restore cart contents
|
|
$_SESSION['cart']->restore_contents();
|
|
|
|
oos_redirect(oos_href_link($aContents['account']));
|
|
|
|
}
|
|
}
|
|
|
|
// links breadcrumb
|
|
$oBreadcrumb->add($aLang['navbar_title'], oos_href_link($aContents['login']));
|
|
$sCanonical = oos_href_link($aContents['login'], '', FALSE, TRUE);
|
|
|
|
$aTemplate['page'] = $sTheme . '/page/admin_login.html';
|
|
|
|
$nPageType = OOS_PAGE_TYPE_SERVICE;
|
|
$sPagetitle = $aLang['heading_title'] . ' ' . OOS_META_TITLE;
|
|
|
|
require_once MYOOS_INCLUDE_PATH . '/includes/system.php';
|
|
if (!isset($option)) {
|
|
require_once MYOOS_INCLUDE_PATH . '/includes/message.php';
|
|
require_once MYOOS_INCLUDE_PATH . '/includes/blocks.php';
|
|
}
|
|
|
|
// assign Smarty variables;
|
|
$smarty->assign(
|
|
array(
|
|
'breadcrumb' => $oBreadcrumb->trail(),
|
|
'heading_title' => $aLang['heading_title'],
|
|
'robots' => 'noindex,nofollow,noodp,noydir',
|
|
|
|
'canonical' => $sCanonical
|
|
)
|
|
);
|
|
|
|
|
|
if (isset($_GET['action']) && ($_GET['action'] == 'login_admin')) {
|
|
|
|
$email_address = oos_prepare_input($_POST['email_address']);
|
|
$verif_key = oos_prepare_input($_POST['verif_key']);
|
|
|
|
if ( empty( $email_address ) || !is_string( $email_address ) ) {
|
|
oos_redirect(oos_href_link($aContents['403']));
|
|
}
|
|
|
|
if ( empty( $verif_key ) || !is_string( $verif_key ) ) {
|
|
oos_redirect(oos_href_link($aContents['403']));
|
|
}
|
|
|
|
$passwordLength = 24 ;
|
|
$newkey2 = RandomPassword($passwordLength);
|
|
|
|
$manual_infotable = $oostable['manual_info'];
|
|
$dbconn->Execute("UPDATE $manual_infotable
|
|
SET man_key2 = '" . oos_db_input($newkey2) . "'
|
|
WHERE man_key = '" . oos_db_input($verif_key) . "'
|
|
AND man_info_id = '1'");
|
|
|
|
$manual_infotable = $oostable['manual_info'];
|
|
$login_query = "SELECT man_key2, man_key3, status FROM $manual_infotable WHERE man_key = '" . oos_db_input($verif_key) . "' AND status = '1'";
|
|
$login_result_values = $dbconn->Execute($login_query);
|
|
if (!$login_result_values->RecordCount()) {
|
|
oos_redirect(oos_href_link($aContents['403']));
|
|
}
|
|
|
|
$smarty->assign(
|
|
array('newkey2' => $newkey2,
|
|
'email_address' => $email_address,
|
|
'verif_key' => $verif_key,
|
|
'login_result_values' => $login_result_values
|
|
)
|
|
);
|
|
}
|
|
|
|
|
|
// display the template
|
|
$smarty->display($aTemplate['page']);
|