PageRenderTime 42ms CodeModel.GetById 15ms RepoModel.GetById 0ms app.codeStats 0ms

/administrator/components/com_virtuemart/classes/ps_shopper.php

https://bitbucket.org/dgough/annamaria-daneswood-25102012
PHP | 844 lines | 586 code | 129 blank | 129 comment | 169 complexity | dd728db61afba0ae339bdd2a3d353bd7 MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.1
  1. <?php
  2. if( !defined( '_VALID_MOS' ) && !defined( '_JEXEC' ) ) die( 'Direct Access to '.basename(__FILE__).' is not allowed.' );
  3. /**
  4. *
  5. * @version $Id: ps_shopper.php 1486 2008-07-24 20:12:17Z soeren_nb $
  6. * @package VirtueMart
  7. * @subpackage classes
  8. * @copyright Copyright (C) 2004-2008 soeren - All rights reserved.
  9. * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php
  10. * VirtueMart is free software. This version may have been modified pursuant
  11. * to the GNU General Public License, and as distributed it includes or
  12. * is derivative of works licensed under the GNU General Public License or
  13. * other free or open source software licenses.
  14. * See /administrator/components/com_virtuemart/COPYRIGHT.php for copyright notices and details.
  15. *
  16. * http://virtuemart.net
  17. */
  18. /**
  19. *
  20. * The class is meant to manage shopper entries
  21. */
  22. class ps_shopper {
  23. /**
  24. * Validates the input parameters onBeforeShopperAdd
  25. *
  26. * @param array $d
  27. * @return boolean
  28. */
  29. function validate_add(&$d) {
  30. global $my, $mosConfig_absolute_path;
  31. $provided_required = true;
  32. $missing = "";
  33. require_once( CLASSPATH . 'ps_userfield.php' );
  34. $registrationFields = ps_userfield::getUserFields( 'registration', false, '', true );
  35. $skipFields = array();
  36. if( VM_REGISTRATION_TYPE == 'SILENT_REGISTRATION' || VM_REGISTRATION_TYPE == 'NO_REGISTRATION'
  37. || (VM_REGISTRATION_TYPE == 'OPTIONAL_REGISTRATION' && empty($d['register_account']))) {
  38. $skipFields = array( 'username', 'password', 'password2');
  39. }
  40. if ( $my->id > 0 || (VM_REGISTRATION_TYPE != 'NORMAL_REGISTRATION' && VM_REGISTRATION_TYPE != 'OPTIONAL_REGISTRATION')) {
  41. $skipFields = array( 'username', 'password', 'password2');
  42. }
  43. if( $my->id ) {
  44. $skipFields[] = 'email';
  45. }
  46. $d['isValidVATID'] = false;
  47. foreach( $registrationFields as $field ) {
  48. /* Special checking for EU VAT ID */
  49. if ($field->type == 'euvatid') {
  50. if( $field->required == 0 && empty( $d[$field->name])) {
  51. break; // Do nothing when the EU VAT ID field was left empty
  52. }
  53. if( $field->required == 1 && empty( $d[$field->name])) {
  54. $provided_required = false;
  55. $missing .= $field->name . ",";
  56. }
  57. // Check the VAT ID against the validation server of the European Union
  58. $d['isValidVATID'] = vmValidateEUVat( $d[$field->name] );
  59. if( !$d['isValidVATID'] ) {
  60. //TODO: Roland - insert your error message here
  61. }
  62. if( !$d['isValidVATID'] && $field->required == 1) {
  63. $provided_required = false;
  64. $missing .= $field->name . ",";
  65. }
  66. $d['__euvatid_field'] = $field;
  67. }
  68. else {
  69. if( $field->required == 0 ) continue;
  70. if( in_array( $field->name, $skipFields )) {
  71. continue;
  72. }
  73. switch( $field->type ) {
  74. case 'age_verification':
  75. // The Age Verification here is just a simple check if the selected date
  76. // is a birthday older than the minimum age (default: 18)
  77. $d[$field->name] = vmRequest::getInt('birthday_selector_year')
  78. .'-'.vmRequest::getInt('birthday_selector_month')
  79. .'-'.vmRequest::getInt('birthday_selector_day');
  80. $params = new vmParameters( $field->params );
  81. $min_age = $params->get('minimum_age', 18 );
  82. $min_date = (date('Y') - $min_age).'-'.date('n').'-'.date('j');
  83. if( $d[$field->name] > $min_date ) {
  84. // User too young!
  85. $provided_required = false;
  86. $missing .= $field->name . ",";
  87. }
  88. break;
  89. case 'captcha':
  90. if( file_exists($mosConfig_absolute_path.'/administrator/components/com_securityimages/server.php')) {
  91. include_once( $mosConfig_absolute_path.'/administrator/components/com_securityimages/server.php');
  92. $packageName = 'securityVMRegistrationCheck';
  93. $security_refid = vmGet($_POST, $packageName.'_refid');
  94. $security_try = vmGet($_POST, $packageName.'_try');
  95. $security_reload = vmGet($_POST, $packageName.'_reload');
  96. $checkSecurity = checkSecurityImage($security_refid, $security_try );
  97. if( !$checkSecurity ) {
  98. $provided_required = false;
  99. $missing .= $field->name . ",";
  100. }
  101. }
  102. break;
  103. default:
  104. if ( empty( $d[$field->name])) {
  105. $provided_required = false;
  106. $missing .= $field->name . ",";
  107. }
  108. break;
  109. }
  110. }
  111. }
  112. if (!$provided_required) {
  113. $_REQUEST['missing'] = $missing;
  114. return false;
  115. }
  116. $d['user_email'] = vmGet( $d, 'email', $my->email );
  117. $d['perms'] = 'shopper';
  118. return true;
  119. }
  120. /**************************************************************************
  121. ** name: validate_update()
  122. ** created by:
  123. ** description:
  124. ** parameters:
  125. ** returns:
  126. ***************************************************************************/
  127. function validate_update(&$d) {
  128. global $my, $perm, $vmLogger, $mosConfig_absolute_path, $auth;
  129. if ( $my->id == 0 && $auth['user_id'] == 0 ){
  130. $vmLogger->err( "Please Login first." );
  131. return false;
  132. }
  133. $db = new ps_DB;
  134. $provided_required = true;
  135. $missing = "";
  136. require_once( CLASSPATH . 'ps_userfield.php' );
  137. $accountFields = ps_userfield::getUserFields( 'account', false, '', true );
  138. if( VM_REGISTRATION_TYPE == 'SILENT_REGISTRATION' || VM_REGISTRATION_TYPE == 'NO_REGISTRATION' || (VM_REGISTRATION_TYPE == 'OPTIONAL_REGISTRATION' && empty($d['register_account'] ))) {
  139. $skipFields = array( 'username', 'password', 'password2');
  140. }
  141. if ( $my->id > 0 || (VM_REGISTRATION_TYPE != 'NORMAL_REGISTRATION' && VM_REGISTRATION_TYPE != 'OPTIONAL_REGISTRATION')) {
  142. $skipFields = array( 'username', 'password', 'password2');
  143. }
  144. if( $my->id ) {
  145. $skipFields[] = 'email';
  146. }
  147. foreach( $accountFields as $field ) {
  148. if( $field->required == 0 ) {
  149. if( $field->type == 'euvatid' && !empty($d[$field->name])) {}
  150. else continue;
  151. }
  152. if( in_array( $field->name, $skipFields )) {
  153. continue;
  154. }
  155. switch( $field->type ) {
  156. case 'age_verification':
  157. // The Age Verification here is just a simple check if the selected date
  158. // is a birthday older than the minimum age (default: 18)
  159. $d[$field->name] = vmRequest::getInt('birthday_selector_year')
  160. .'-'.vmRequest::getInt('birthday_selector_month')
  161. .'-'.vmRequest::getInt('birthday_selector_day');
  162. $params = new vmParameters( $field->params );
  163. $min_age = $params->get('minimum_age', 18 );
  164. $min_date = (date('Y') - $min_age).'-'.date('n').'-'.date('j');
  165. if( $d[$field->name] > $min_date ) {
  166. // User too young!
  167. $provided_required = false;
  168. $missing .= $field->name . ",";
  169. }
  170. break;
  171. case 'captcha':
  172. if( file_exists($mosConfig_absolute_path.'/administrator/components/com_securityimages/server.php')) {
  173. include_once( $mosConfig_absolute_path.'/administrator/components/com_securityimages/server.php');
  174. $packageName = 'securityVMRegistrationCheck';
  175. $security_refid = vmGet($_POST, $packageName.'_refid');
  176. $security_try = vmGet($_POST, $packageName.'_try');
  177. $security_reload = vmGet($_POST, $packageName.'_reload');
  178. $checkSecurity = checkSecurityImage($security_refid, $security_try );
  179. if( !$checkSecurity ) {
  180. $provided_required = false;
  181. $missing .= $field->name . ",";
  182. }
  183. }
  184. break;
  185. case 'euvatid':
  186. if( empty( $d[$field->name])) break; // Do nothing when the EU VAT ID field was left empty
  187. // Check the VAT ID against the validation server of the European Union
  188. $d['isValidVATID'] = vmValidateEUVat( $d[$field->name] );
  189. $d['__euvatid_field'] = $field;
  190. break; // We don't need to go further in the loop
  191. default:
  192. if ( empty( $d[$field->name])) {
  193. $provided_required = false;
  194. $missing .= $field->name . ",";
  195. }
  196. break;
  197. }
  198. }
  199. if (!$provided_required) {
  200. $_REQUEST['missing'] = $missing;
  201. return false;
  202. }
  203. $d['user_email'] = vmGet( $d, 'email', $my->email );
  204. $d['perms'] = 'shopper';
  205. return true;
  206. }
  207. /**************************************************************************
  208. ** name: validate_delete()
  209. ** created by:
  210. ** description:
  211. ** parameters:
  212. ** returns:
  213. ***************************************************************************/
  214. function validate_delete(&$d) {
  215. global $my;
  216. if ($my->id == 0){
  217. $vmLogger->err( "Please Login first." );
  218. return false;
  219. }
  220. if (!$d["user_id"]) {
  221. $vmLogger->err( "Please select a user to delete." );
  222. return False;
  223. }
  224. else {
  225. return True;
  226. }
  227. }
  228. /**
  229. * Function to add a new Shopper into the Shop and Joomla
  230. *
  231. * @param array $d
  232. * @return boolean
  233. */
  234. function add( &$d ) {
  235. global $my, $auth, $mainframe, $mosConfig_absolute_path, $sess,
  236. $VM_LANG, $vmLogger, $database, $mosConfig_useractivation, $ps_booking;
  237. $ps_vendor_id = $_SESSION["ps_vendor_id"];
  238. $hash_secret = "VirtueMartIsCool";
  239. $db = new ps_DB;
  240. $timestamp = time();
  241. if (!$this->validate_add($d)) {
  242. return False;
  243. }
  244. if( empty( $my->id ) ) {
  245. $_POST['name'] = vmGet($d,'first_name','First Name' )." ".vmGet($d,'last_name','Last Name' );
  246. if( VM_REGISTRATION_TYPE == 'SILENT_REGISTRATION' || VM_REGISTRATION_TYPE == 'NO_REGISTRATION' || (VM_REGISTRATION_TYPE == 'OPTIONAL_REGISTRATION' && empty($d['register_account'] ))) {
  247. // Silent Registration, Optional Registration with no account wanted and No Registration
  248. // means we need to create a hidden user
  249. if( vmIsJoomla('1.5') ) {
  250. $username_length = 100;
  251. } else {
  252. $username_length = 25;
  253. }
  254. $silent_username = substr( str_replace( '-', '_', vmGet($d,'email') ), 0, $username_length );
  255. $db->query( 'SELECT username FROM `#__users` WHERE username=\''.$silent_username.'\'');
  256. $i = 0;
  257. while( $db->next_record()) {
  258. $silent_username = substr_replace( $silent_username, $i, strlen($silent_username)-1 );
  259. $db->query( 'SELECT username FROM `#__users` WHERE username=\''.$silent_username.'\'');
  260. $i++;
  261. }
  262. $_POST['username'] = $d['username'] = $silent_username;
  263. $_POST['password'] = $d['password'] = vmGenRandomPassword();
  264. $_POST['password2'] = $_POST['password'];
  265. }
  266. if( VM_REGISTRATION_TYPE == 'NO_REGISTRATION' || (VM_REGISTRATION_TYPE == 'OPTIONAL_REGISTRATION' && empty($d['register_account'] ) ) ) {
  267. // If no user shall be registered into the global user table, we just add the registration info into the vm_user_info table
  268. // Make sure that "dummy" entries for non-existing Joomla! users won't ever have the same user_id as a future Joomla! user
  269. $db->query( "SELECT MIN(user_id)-1 as uid FROM `#__{vm}_user_info`" );
  270. $db->next_record();
  271. // Don't allow a user id of zero
  272. $uid = ( $db->f('uid') == 0 ) ? -1 : $db->f('uid');
  273. } else {
  274. // Process the CMS registration
  275. if( vmIsJoomla( '1.5' ) ) {
  276. if( !$this->register_save() ) {
  277. return false;
  278. }
  279. } else {
  280. if( !$this->saveRegistration() ) {
  281. return false;
  282. }
  283. }
  284. $database->setQuery( "SELECT id FROM #__users WHERE username='".$d['username']."'" );
  285. $uid = $database->loadResult();
  286. }
  287. }
  288. else {
  289. $uid = $my->id;
  290. $d['email'] = $_POST['email'] = $my->email;
  291. $d['username'] = $_POST['username'] = $my->username;
  292. }
  293. // Prevent empty USER ID
  294. if( empty( $uid )) {
  295. $vmLogger->crit("Failed to retrieve a valid USER ID when attempting to add a new user");
  296. return false;
  297. }
  298. if( !empty($auth['user_id'])) {
  299. $db->query( 'SELECT user_id FROM #__{vm}_user_info WHERE user_id='.$auth['user_id'] );
  300. $db->next_record();
  301. if( $db->f('user_id')) {
  302. return $this->update( $d );
  303. }
  304. }
  305. // Get all fields which where shown to the user
  306. $userFields = ps_userfield::getUserFields('registration', false, '', true );
  307. $skipFields = ps_userfield::getSkipFields();
  308. // Insert billto;
  309. // The first 7 fields are FIX and not built dynamically
  310. $fields = array( 'user_info_id' => md5(uniqid( $hash_secret)),
  311. 'user_id' => $uid,
  312. 'address_type' => 'BT',
  313. 'address_type_name' => '-default-',
  314. 'cdate' => $timestamp,
  315. 'mdate' => $timestamp,
  316. 'perms' => 'shopper'
  317. );
  318. foreach( $userFields as $userField ) {
  319. if( !in_array($userField->name, $skipFields )) {
  320. $fields[$userField->name] = ps_userfield::prepareFieldDataSave( $userField->type, $userField->name, vmGet($d, $userField->name, strtoupper($userField->name) ) );
  321. // Catch a newsletter registration!
  322. if( stristr( $userField->params, 'newsletter' )) {
  323. if( !empty($d[$userField->name])) {
  324. $subscribeTo = new mosParameters( $userField->params );
  325. $vmLogger->debug( 'Adding the user to the Newsletter.');
  326. }
  327. }
  328. }
  329. }
  330. $fields['user_email'] = $fields['email'];
  331. unset($fields['email']);
  332. $db->buildQuery('INSERT', '#__{vm}_user_info', $fields );
  333. // Run the query now!
  334. $db->query();
  335. // Insert vendor relationship
  336. $q = "INSERT INTO #__{vm}_auth_user_vendor (user_id,vendor_id)";
  337. $q .= " VALUES ";
  338. $q .= "('" . $uid . "','";
  339. $q .= $ps_vendor_id . "') ";
  340. $db->query($q);
  341. $d['shopper_group_id'] = '';
  342. // Get the ID of the shopper group for this customer
  343. if( $d['isValidVATID'] ) {
  344. if( trim($d['__euvatid_field']->params) != '' ) {
  345. $shopper_group = new vmParameters( $d['__euvatid_field']->params );
  346. $d['shopper_group_id'] = $shopper_group->get('shopper_group_id');
  347. }
  348. }
  349. if( empty($d['shopper_group_id'])) {
  350. $q = "SELECT shopper_group_id from #__{vm}_shopper_group WHERE ";
  351. $q .= "`default`='1' ";
  352. $db->query($q);
  353. if (!$db->num_rows()) { // take the first in the table
  354. $q = "SELECT shopper_group_id from #__{vm}_shopper_group";
  355. $db->query($q);
  356. }
  357. $db->next_record();
  358. $d['shopper_group_id'] = $db->f("shopper_group_id");
  359. }
  360. $customer_nr = uniqid( rand() );
  361. // Insert Shopper -ShopperGroup - Relationship
  362. $q = "INSERT INTO #__{vm}_shopper_vendor_xref ";
  363. $q .= "(user_id,vendor_id,shopper_group_id,customer_number) ";
  364. $q .= "VALUES ('$uid', '$ps_vendor_id','".$d['shopper_group_id']."', '$customer_nr')";
  365. $db->query($q);
  366. // Process the Newsletter subscription
  367. if( !empty( $subscribeTo ) && strtolower(get_class($subscribeTo))=='mosparameters') {
  368. switch( $subscribeTo->get('newsletter', 'letterman')) {
  369. // TODO:
  370. case 'ccnewsletter':
  371. $db->query( "INSERT INTO `#__ccnewsletter_subscribers` ( `name`, `email`, `plainText`, `enabled`, `sdate`)
  372. VALUES('".$d['first_name']." ". $d['last_name']."','".$d['email']."', '0', '1', NOW())" );
  373. // case 'anjel':
  374. case 'letterman':
  375. default:
  376. if( file_exists($mosConfig_absolute_path.'/components/com_letterman/letterman.php')) {
  377. $db->query( "INSERT INTO `#__letterman_subscribers` (`user_id`, `subscriber_name`, `subscriber_email`, `confirmed`, `subscribe_date`)
  378. VALUES('$uid','".$d['first_name']." ". $d['last_name']."','".$d['email']."', '1', NOW())");
  379. }
  380. }
  381. }
  382. if( VM_REGISTRATION_TYPE == 'NO_REGISTRATION' || (VM_REGISTRATION_TYPE == 'OPTIONAL_REGISTRATION' && empty($d['register_account'] ) ) ) {
  383. $auth['user_id'] = $uid;
  384. $auth['username'] = $d['email'];
  385. $_SESSION['auth'] = $auth;
  386. }
  387. elseif( !$my->id && $mosConfig_useractivation == '0') {
  388. // HANDLE LOGIN
  389. if( vmIsJoomla('1.5') ) {
  390. // Username and password must be passed in an array
  391. $credentials = array('username' => vmGet($d,'username'),
  392. 'password' => vmGet($d,'password')
  393. );
  394. $mainframe->login( $credentials );
  395. }
  396. elseif( class_exists('mambocore') || ( vmIsJoomla('1.0.13', '>=', false ) ) ) {
  397. // Login for Mambo 4.6.x and Joomla >= 1.0.13
  398. $mainframe->login($d['username'], $d['password'] );
  399. }
  400. else {
  401. // Login for Joomla < 1.0.13 (and Mambo 4.5.2.3)
  402. $mainframe->login($d['username'], md5( $d['password'] ));
  403. }
  404. // Redirect to the Checkout Page if the cart is not empty
  405. if( !empty( $_SESSION['cart']['idx']) || $ps_booking->status == 1) {
  406. $redirect_to_page = 'checkout.index';
  407. } else {
  408. $redirect_to_page = HOMEPAGE;
  409. }
  410. vmRedirect( $sess->url( 'index.php?page='.$redirect_to_page, false, false ), $VM_LANG->_('REG_COMPLETE') );
  411. }
  412. if( !empty($my->id) || !empty($auth['user_id']) ) {
  413. vmRedirect( $sess->url( 'index.php?page=checkout.index', false, false ) );
  414. }
  415. else {
  416. $GLOBALS['page'] = 'shop.cart';
  417. $msg = strip_tags( $VM_LANG->_('REG_COMPLETE_ACTIVATE',false) );
  418. $vmLogger->info( $msg );
  419. }
  420. return true;
  421. }
  422. /**
  423. * The function from com_registration!
  424. * Registers a user into Mambo/Joomla
  425. *
  426. * @return boolean True when the registration process was successful, False when not
  427. */
  428. function saveRegistration() {
  429. global $database, $acl, $vmLogger, $mosConfig_useractivation,
  430. $mosConfig_allowUserRegistration, $mosConfig_live_site;
  431. if ($mosConfig_allowUserRegistration=='0') {
  432. mosNotAuth();
  433. return false;
  434. }
  435. $row = new mosUser( $database );
  436. if (!$row->bind( $_POST, 'usertype' )) {
  437. $error = vmHtmlEntityDecode( $row->getError() );
  438. $vmLogger->err( $error );
  439. echo "<script type=\"text/javascript\"> alert('". $error. "');</script>\n";
  440. return false;
  441. }
  442. mosMakeHtmlSafe($row);
  443. $usergroup = 'Registered';
  444. $row->id = 0;
  445. $row->usertype = $usergroup;
  446. $row->gid = $acl->get_group_id( $usergroup, 'ARO' );
  447. if ($mosConfig_useractivation == '1') {
  448. $row->activation = md5( vmGenRandomPassword() );
  449. $row->block = '1';
  450. }
  451. if (!$row->check()) {
  452. $error = vmHtmlEntityDecode( $row->getError() );
  453. $vmLogger->err( $error );
  454. echo "<script type=\"text/javascript\"> alert('". $error. "');</script>\n";
  455. return false;
  456. }
  457. $pwd = $row->password;
  458. $row->password = md5( $row->password );
  459. $row->registerDate = date('Y-m-d H:i:s');
  460. if (!$row->store()) {
  461. $error = vmHtmlEntityDecode( $row->getError() );
  462. $vmLogger->err( $error );
  463. echo "<script type=\"text/javascript\"> alert('". $error. "');</script>\n";
  464. return false;
  465. }
  466. $row->checkin();
  467. $name = $row->name;
  468. $email = $row->email;
  469. $username = $row->username;
  470. $component = vmIsJoomla(1.5) ? 'com_user' : 'com_registration';
  471. $activation_link = $mosConfig_live_site."/index.php?option=$component&task=activate&activation=".$row->activation;
  472. // Send the registration email
  473. $this->_sendMail( $name, $email, $username, $pwd, $activation_link );
  474. return true;
  475. }
  476. /**
  477. * Save user registration and notify users and admins if required
  478. * for Joomla! 1.5
  479. * @return boolean
  480. */
  481. function register_save()
  482. {
  483. global $mainframe,$mosConfig_live_site;
  484. // Check for request forgeries
  485. JRequest::checkToken() or die( 'Invalid Token' );
  486. // Get required system objects
  487. $user = clone(JFactory::getUser());
  488. $pathway =& $mainframe->getPathway();
  489. $config =& JFactory::getConfig();
  490. $authorize =& JFactory::getACL();
  491. $document =& JFactory::getDocument();
  492. // If user registration is not allowed, show 403 not authorized.
  493. $usersConfig = &JComponentHelper::getParams( 'com_users' );
  494. if ($usersConfig->get('allowUserRegistration') == '0') {
  495. JError::raiseError( 403, JText::_( 'Access Forbidden' ));
  496. return false;
  497. }
  498. // Initialize new usertype setting
  499. $newUsertype = $usersConfig->get( 'new_usertype' );
  500. if (!$newUsertype) {
  501. $newUsertype = 'Registered';
  502. }
  503. // Bind the post array to the user object
  504. $_post_ =& vmRequest::get('post');
  505. if (!$user->bind( $_post_, 'usertype' )) {
  506. JError::raiseError( 500, $user->getError());
  507. }
  508. // Set some initial user values
  509. $user->set('id', 0);
  510. $user->set( 'usertype', $newUsertype );
  511. $user->set('gid', $authorize->get_group_id( '', $newUsertype, 'ARO' ));
  512. // TODO: Should this be JDate?
  513. $user->set('registerDate', date('Y-m-d H:i:s'));
  514. // If user activation is turned on, we need to set the activation information
  515. $useractivation = $usersConfig->get( 'useractivation' );
  516. if ($useractivation == '1')
  517. {
  518. jimport('joomla.user.helper');
  519. $user->set('activation', md5( JUserHelper::genRandomPassword()) );
  520. $user->set('block', '1');
  521. }
  522. // If there was an error with registration, set the message and display form
  523. if ( !$user->save() )
  524. {
  525. JError::raiseWarning('', JText::_( $user->getError()));
  526. return false;
  527. }
  528. // Send registration confirmation mail
  529. $password = JRequest::getString('password', '', 'post', JREQUEST_ALLOWRAW);
  530. $password = preg_replace('/[\x00-\x1F\x7F]/', '', $password); //Disallow control chars in the email
  531. $name = $user->get('name');
  532. $email = $user->get('email');
  533. $username = $user->get('username');
  534. $component = 'com_user';
  535. $activation_link = $mosConfig_live_site."/index.php?option=$component&task=activate&activation=".$user->get('activation');
  536. // Send the registration email
  537. $this->_sendMail( $name, $email, $username, $password, $activation_link );
  538. return true;
  539. }
  540. /**
  541. * Function to update a Shopper Entry
  542. * (uses who have perms='shopper')
  543. */
  544. function update(&$d) {
  545. global $my, $perm, $sess, $vmLogger, $page;
  546. $auth = $_SESSION['auth'];
  547. $db = new ps_DB;
  548. if ( @$d["user_id"] != $my->id && @$d["user_id"] != $auth['user_id'] && $auth["perms"] != "admin") {
  549. $vmLogger->crit( "Tricky tricky, but we know about this one." );
  550. return False;
  551. }
  552. require_once(CLASSPATH. 'ps_user.php' );
  553. if( !empty($d['username'])) {
  554. $_POST['username'] = $d['username'];
  555. }
  556. else {
  557. $_POST['username'] = $my->username;
  558. }
  559. $_POST['name'] = $d['first_name']." ". $d['last_name'];
  560. $_POST['id'] = $auth["user_id"];
  561. $_POST['gid'] = $my->gid;
  562. $d['error'] = "";
  563. if ( VM_REGISTRATION_TYPE != 'NO_REGISTRATION' ) {
  564. ps_user::saveUser( $d );
  565. }
  566. if( !empty( $d['error']) ) {
  567. return false;
  568. }
  569. if (!$this->validate_update($d)) {
  570. return false;
  571. }
  572. $user_id = $auth["user_id"];
  573. /* Update Bill To */
  574. // Get all fields which where shown to the user
  575. $userFields = ps_userfield::getUserFields( 'account', false, '', true );
  576. $skip_fields = ps_userfield::getSkipFields();
  577. $fields = array(
  578. 'mdate' => time()
  579. );
  580. foreach( $userFields as $userField ) {
  581. if( !in_array($userField->name, $skip_fields )) {
  582. $fields[$userField->name] = ps_userfield::prepareFieldDataSave( $userField->type, $userField->name, vmGet( $d, $userField->name, strtoupper($userField->name) ));
  583. }
  584. }
  585. $fields['user_email'] = $fields['email'];
  586. unset($fields['email']);
  587. $db->buildQuery('UPDATE', '#__{vm}_user_info', $fields, " WHERE user_id=".$user_id." AND address_type='BT'" );
  588. // Run the query!
  589. $db->query();
  590. // UPDATE #__{vm}_shopper group relationship
  591. $q = "SELECT shopper_group_id FROM #__{vm}_shopper_vendor_xref ";
  592. $q .= "WHERE user_id = '".$user_id."'";
  593. $db->query($q);
  594. if (!$db->num_rows()) {
  595. //add
  596. $shopper_db = new ps_DB;
  597. // get the default shopper group
  598. $q = "SELECT shopper_group_id from #__{vm}_shopper_group WHERE ";
  599. $q .= "`default`='1'";
  600. $shopper_db->query($q);
  601. if (!$shopper_db->num_rows()) { // when there is no "default", take the first in the table
  602. $q = "SELECT shopper_group_id from #__{vm}_shopper_group";
  603. $shopper_db->query($q);
  604. }
  605. $shopper_db->next_record();
  606. $my_shopper_group_id = $shopper_db->f("shopper_group_id");
  607. if (empty($d['customer_number'])) {
  608. $d['customer_number'] = "";
  609. }
  610. $q = "INSERT INTO #__{vm}_shopper_vendor_xref ";
  611. $q .= "(user_id,vendor_id,shopper_group_id) ";
  612. $q .= "VALUES ('";
  613. $q .= $_SESSION['auth']['user_id'] . "','";
  614. $q .= $_SESSION['ps_vendor_id'] . "','";
  615. $q .= $my_shopper_group_id. "')";
  616. $db->query($q);
  617. }
  618. $q = "SELECT user_id FROM #__{vm}_auth_user_vendor ";
  619. $q .= "WHERE user_id = '".$_SESSION['auth']['user_id']."'";
  620. $db->query($q);
  621. if (!$db->num_rows()) {
  622. // Insert vendor relationship
  623. $q = "INSERT INTO #__{vm}_auth_user_vendor (user_id,vendor_id)";
  624. $q .= " VALUES ";
  625. $q .= "('" . $_SESSION['auth']['user_id'] . "','";
  626. $q .= $_SESSION['ps_vendor_id'] . "') ";
  627. $db->query($q);
  628. }
  629. return True;
  630. }
  631. /**
  632. * Function to delete a Shopper
  633. */
  634. function delete(&$d) {
  635. global $my;
  636. $db = new ps_DB;
  637. if (!$this->validate_delete($d)) {
  638. return False;
  639. }
  640. // Delete user_info entries
  641. // and Shipping addresses
  642. $q = "DELETE FROM #__{vm}_user_info where user_id='" . $d["user_id"] . "'";
  643. $db->query($q);
  644. // Delete shopper_vendor_xref entries
  645. $q = "DELETE FROM #__{vm}_shopper_vendor_xref where user_id='" . $d["user_id"] . "'";
  646. $db->query($q);
  647. $q = "DELETE FROM #__{vm}_auth_user_vendor where user_id='" . $d["user_id"] . "'";
  648. $db->query($q);
  649. return True;
  650. }
  651. /**
  652. * Sends new/updated user notification emails
  653. *
  654. * @param string $name - The name of the newly created/updated user
  655. * @param string $email - The email address of the newly created/updated user
  656. * @param string $username - The username of the newly created/updated user
  657. * @param string $password - The plain text password of the newly created/updated user
  658. */
  659. function _sendMail($name, $email, $username, $pwd, $activation_link='') {
  660. global $database, $acl, $VM_LANG;
  661. global $mosConfig_sitename, $mosConfig_live_site, $mosConfig_useractivation;
  662. global $mosConfig_mailfrom, $mosConfig_fromname;
  663. $subject = sprintf ($VM_LANG->_('SEND_SUB',false), $name, $mosConfig_sitename);
  664. $subject = vmHtmlEntityDecode($subject, ENT_QUOTES);
  665. if ($mosConfig_useractivation=="1"){
  666. $message = sprintf ($VM_LANG->_('USEND_MSG_ACTIVATE',false), $name, $mosConfig_sitename, $activation_link, $mosConfig_live_site, $username, $pwd);
  667. } else {
  668. $message = sprintf ($VM_LANG->_('PHPSHOP_USER_SEND_REGISTRATION_DETAILS',false), $name, $mosConfig_sitename, $mosConfig_live_site, $username, $pwd);
  669. }
  670. $message = vmHtmlEntityDecode($message, ENT_QUOTES);
  671. // Send email to user
  672. if ($mosConfig_mailfrom != "" && $mosConfig_fromname != "") {
  673. $adminName2 = $mosConfig_fromname;
  674. $adminEmail2 = $mosConfig_mailfrom;
  675. } else {
  676. $query = "SELECT name, email"
  677. . "\n FROM #__users"
  678. . "\n WHERE LOWER( usertype ) = 'superadministrator'"
  679. . "\n OR LOWER( usertype ) = 'super administrator'"
  680. ;
  681. $database->setQuery( $query );
  682. $rows = $database->loadObjectList();
  683. $row2 = $rows[0];
  684. $adminName2 = $row2->name;
  685. $adminEmail2 = $row2->email;
  686. }
  687. if( VM_REGISTRATION_TYPE != 'NO_REGISTRATION' || (VM_REGISTRATION_TYPE == 'OPTIONAL_REGISTRATION' && !empty($d['register_account']))) {
  688. vmMail($adminEmail2, $adminName2, $email, $subject, $message);
  689. }
  690. // Send notification to all administrators
  691. $subject2 = sprintf ($VM_LANG->_('SEND_SUB',false), $name, $mosConfig_sitename);
  692. $message2 = sprintf ($VM_LANG->_('ASEND_MSG',false), $adminName2, $mosConfig_sitename, $name, $email, $username);
  693. $subject2 = vmHtmlEntityDecode($subject2, ENT_QUOTES);
  694. $message2 = vmHtmlEntityDecode($message2, ENT_QUOTES);
  695. // get superadministrators id
  696. $admins = $acl->get_group_objects( 25, 'ARO' );
  697. if( empty( $admins['users'] )) {
  698. return;
  699. }
  700. foreach ( $admins['users'] AS $id ) {
  701. $query = "SELECT email, sendEmail"
  702. . "\n FROM #__users"
  703. ."\n WHERE id = $id"
  704. ;
  705. $database->setQuery( $query );
  706. $rows = $database->loadObjectList();
  707. $row = $rows[0];
  708. if ($row->sendEmail) {
  709. vmMail($adminEmail2, $adminName2, $row->email, $subject2, $message2);
  710. }
  711. }
  712. }
  713. }
  714. $ps_shopper = new ps_shopper;
  715. ?>