| Server IP : 109.234.164.53 / Your IP : 216.73.216.110 Web Server : Apache System : Linux cervelle.o2switch.net 4.18.0-553.32.1.lve.el8.x86_64 #1 SMP Thu Dec 19 13:14:03 UTC 2024 x86_64 User : computer3 ( 1098) PHP Version : 7.1.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /home/computer3/litsolide.com/ODLDDD_2/OLD/ |
Upload File : |
<?php
/*
Module : Front-Office - Mon Compte
Date : Juin 2015
Version Shop : V15.6
Auteur : Guillaume MADIOT - Computer 64
*/
//****************************************************************************************//
//************************************* Configuration ************************************//
//****************************************************************************************//
// Chargement fichiers de configuration.
require('libs/Smarty.class.php');
require('includes/phpmailer/class.phpmailer.php');
// Démarrage du moteur TPL.
$smarty = new Smarty;
// Chargement des Fonctions Globals.
require('fonctions.php');
//****************************************************************************************//
//********************************** Activation du compte ********************************//
//****************************************************************************************//
if(!empty($_GET['activate']) & !empty($_GET['email']))
{
$sql = $GLOBALS['bdd']->prepare('SELECT email, token, id
FROM customers
WHERE email = :email');
$sql->execute(array('email' => $_GET['email']));
$result = $sql->fetch();
// Vérification si l'email et le token correspondes.
if($result['email'] == $_GET['email'] && $result['token'] == $_GET['activate'])
{
$sql = $GLOBALS['bdd']->prepare('UPDATE customers
SET status = :status
WHERE id = :id');
$sql->execute(array('status' => '1',
'id' => $result['id']));
$status = "activate";
}
else
{
$status = "error_activate";
}
$smarty->assign("status", $status);
}
//****************************************************************************************//
//*************************************** Inscription ************************************//
//****************************************************************************************//
if(!empty($_POST['new']))
{
$_POST['email'] = htmlspecialchars($_POST['email']);
if (preg_match("#^[a-z0-9._-]+@[a-z0-9._-]{2,}\.[a-z]{2,4}$#i", $_POST['email']))
{
if($_POST['password'] != $_POST['rePassword'])
{
$status = "error_password";
}
else
{
// Vérification compte déjà existant
$sql = $GLOBALS['bdd']->prepare('SELECT id FROM customers
WHERE email = :email');
$sql->execute(array('email' => $_POST['email']));
if($result = $sql->fetch())
{
$status = "error_sign_in";
}
else
{
$firstname = $_POST['invoice_firstname'];
$firstname= strtoupper($firstname);
$lastname= $_POST['invoice_lastname'];
$lastname= strtoupper($lastname);
$company= $_POST['invoice_company'];
$company= strtoupper($company);
$city= $_POST['invoice_city'];
$city= strtoupper($city);
// recup pays et id
$champ = $_POST['invoice_country'];
$array_attrib= explode('-', $champ);
$id_country = $array_attrib[0];
$invoice_country = $array_attrib[1];
$sql = $GLOBALS['bdd']->prepare('INSERT INTO address (firstname, lastname, company, phone, address1, address2, city, zip_code, id_country, country) VALUES
(:firstname, :lastname, :company, :phone, :address1, :address2, :city, :zip_code, :id_country, :country)');
$sql->execute(array('firstname' => $firstname,
'lastname' => $lastname,
'company' => $company,
'phone' => $_POST['invoice_phone'],
'address1' => $_POST['invoice_address1'],
'address2' => $_POST['invoice_address2'],
'city' => $city,
'zip_code' => $_POST['invoice_zip_code'],
'id_country' => $id_country,
'country' => $invoice_country));
$invoice = $GLOBALS['bdd']->lastInsertId();
$hashPassword = hash('sha512', $_POST['password']);
$sql = $GLOBALS['bdd']->prepare('INSERT INTO customers (email, password, date_insere, date_edit, last_ip, id_invoice_address, id_delivery_address, token)
VALUES (:email, :password, :date_insere, :date_edit, :last_ip, :id_invoice_address, :id_delivery_address, :token)');
// Génération du Token de validation du compte
$token = substr(md5(time().trim($_SERVER["REMOTE_ADDR"]).trim($_POST['invoice_lastname']).trim($_POST['email'])), 0, 15);
$sql->execute(array('email' => $_POST['email'],
'password' => $hashPassword,
'date_insere' => date('Y-m-d'),
'date_edit' => date('Y-m-d'),
'last_ip' => $_SERVER["REMOTE_ADDR"],
'id_invoice_address' => $invoice,
'id_delivery_address' => $invoice,
'token' => $token));
// Newsletter
$newsletter_ok = ($_POST['newslet'] == 'on') ? 1 : 0;
if ($newsletter_ok > 0) {
// Vérification si l'expéditeur est présent dans la base de données Newsletter
$sql = $GLOBALS['bdd']->prepare('SELECT * FROM fe_mail_user WHERE email = :email');
$sql->execute(array('email' => $_POST['email']));
$result = $sql->fetch();
// Si non présent, à l'ajoute.
if($result['email'] !== $_POST['email'])
{
$unsubscribe_code = substr(md5(trim($_POST['name']).trim($_POST['email'])), 0, 7);
$sql = $GLOBALS['bdd']->prepare('INSERT INTO fe_mail_user (insert_date, id_user, id_cat, name, email, unsubscribe_code, time_unsubscribe, ip_unsubscribe, status) VALUES (:insert_date, :id_user, :id_cat, :name, :email, :unsubscribe_code, :time_unsubscribe, :ip_unsubscribe, :status)');
$sql->execute(array('insert_date' => time(),
'id_user' => '3',
'id_cat' => '3',
'name' => $_POST['invoice_firstname'],
'email' => $_POST['email'],
'unsubscribe_code' => $unsubscribe_code,
'time_unsubscribe' => '0',
'ip_unsubscribe' => '0',
'status' => '0'));
}
else
{
}
}
//$customer = $GLOBALS['bdd']->lastInsertId();
//$status = "OK";
// $_SESSION['customer']['id'] = $customer;
// $_SESSION['customer']['email'] = $_POST['email'];
// $_SESSION['customer']['last_ip'] = 'Première connexion';
// $_SESSION['customer']['ip'] = $_SERVER["REMOTE_ADDR"];
// $_SESSION['customer']['date_insere'] = date('d/m/Y');
// $_SESSION['customer']['date_edit'] = 'Première connexion';
$msg ='<div class="title_mail">
<img src="'.$wwwroot.'templates/shop/img/'.$Image_Logo.'" style="margin:10px">
<h3 style="font-size:20px; padding:15px;">Activation de votre compte</h3>
</div>
<br />';
$msg .='<p>Bonjour '.$_POST['invoice_firstname'].' '.$_POST['invoice_lastname'].', vous venez de créer un compte sur le site '.$shop_title.'</p>
<p>Pour activer votre compte, merci de suivre le lien suivant <a href="'.$shop_url.'/account.php?activate='.$token.'&email='.$_POST['email'].'">Activer mon compte</a>';
$msg .= '<p style="padding-top:10px;"><a href="'.$shop_url.'">'.$shop_title.'</a></p>';
$mail = new PHPMailer();
$mail->IsMail();
$mail->AddReplyTo($shop_email_contact, $shop_company);
$mail->AddAddress($_POST['email']);
$mail->SetFrom($shop_email_contact, $shop_company);
$mail->Subject = "Activation de votre compte sur " . $shop_title;
$mail->MsgHTML($msg);
if($mail->Send())
{
$status = "register_ok";
}
}
}
}
else
{
$status = "error_email";
}
$smarty->assign("status", $status);
$smarty->assign("customer", $_SESSION['custo']);
}
//****************************************************************************************//
//****************************** Mise à jour des informations ****************************//
//****************************************************************************************//
if(!empty($_POST['updateInfos']))
{
if($_POST['newPassword'] != $_POST['rePassword'])
{
$status = "error_password";
}
else
{
$hashPassword = hash('sha512', $_POST['password']);
$sql = $GLOBALS['bdd']->prepare('SELECT id
FROM customers
WHERE id = :customer AND password = :password');
$sql->execute(array('customer' => $_SESSION['custo']['id'],
'password' => $hashPassword));
if($result = $sql->fetch())
{
$sql = $GLOBALS['bdd']->prepare('UPDATE customers
SET email = :email, password = :password
WHERE id = :customer');
$sql->execute(array('email' => $_POST['email'],
'password' => ($_POST['newPassword'] == '' ? $hashPassword : hash('sha512', $_POST['newPassword'])),
'customer' => $_SESSION['custo']['id']));
}
else
{
$status = "error_log_in";
}
}
$smarty->assign("status", $status);
$smarty->assign("customer", $_SESSION['custo']);
}
//****************************************************************************************//
//******************************** Mise à jour des adresses ******************************//
//****************************************************************************************//
if(!empty($_POST['updateAddresses']))
{
$sql = $GLOBALS['bdd']->prepare('SELECT id_delivery_address, id_invoice_address
FROM customers
WHERE id = :customer');
$sql->execute(array('customer' => $_SESSION['custo']['id']));
$result = $sql->fetch();
$invoice_firstname = $_POST['invoice_firstname'];
$invoice_firstname= strtoupper($invoice_firstname);
$invoice_lastname= $_POST['invoice_lastname'];
$invoice_lastname= strtoupper($invoice_lastname);
$invoice_company= $_POST['invoice_company'];
$invoice_company= strtoupper($invoice_company);
$invoice_city= $_POST['invoice_city'];
$invoice_city= strtoupper($invoice_city);
$delivery_firstname = $_POST['delivery_firstname'];
$delivery_firstname= strtoupper($delivery_firstname);
$delivery_lastname= $_POST['delivery_lastname'];
$delivery_lastname= strtoupper($delivery_lastname);
$delivery_company= $_POST['delivery_company'];
$delivery_company= strtoupper($delivery_company);
$delivery_city= $_POST['delivery_city'];
$delivery_city= strtoupper($delivery_city);
// recup id pays et retrouve le nom local du pays
$id_country_delivery= $_POST['delivery_country'];
$sqlyv = $GLOBALS['bdd']->prepare('SELECT * FROM countries
WHERE id = :id_country_delivery');
$sqlyv->execute(array('id_country_delivery' => $id_country_delivery));
$resultyv = $sqlyv->fetch();
$delivery_country= $resultyv['localname'];
// recup id pays et retrouve le nom local du pays
$id_country_invoice = $_POST['invoice_country'];
$sqly = $GLOBALS['bdd']->prepare('SELECT * FROM countries
WHERE id = :id_country_invoice');
$sqly->execute(array('id_country_invoice' => $id_country_invoice));
$resulty = $sqly->fetch();
$invoice_country = $resulty['localname'];
// Mise à jours des informations de facturation.
$sql = $GLOBALS['bdd']->prepare('UPDATE address
SET firstname = :firstname, lastname = :lastname, company = :company, phone = :phone, address1 = :address1, address2 = :address2, city = :city, zip_code = :zip_code, id_country = :id_country, country = :country
WHERE id = :id');
$sql->execute(array('firstname' => $invoice_firstname,
'lastname' => $invoice_lastname,
'company' => $invoice_company,
'phone' => $_POST['invoice_phone'],
'address1' => $_POST['invoice_address1'],
'address2' => $_POST['invoice_address2'],
'city' => $invoice_city,
'zip_code' => $_POST['invoice_zip_code'],
'country' => $invoice_country,
'id_country' => $id_country_invoice,
'id' => $result['id_invoice_address']));
// Vérification d'ajout ou de modification d'une adresse de livraison.
if(!empty($_POST['delivery_firstname']) && $_POST['delivery_address1'])
{
// Vérification si l'adresse de livraison et la même que l'adresse de facturation.
if($result['id_invoice_address'] == $result['id_delivery_address'])
{
// Mise à jours des informations de livraison
$sql = $GLOBALS['bdd']->prepare('INSERT INTO address (firstname, lastname, company, phone, address1, address2, city, zip_code, id_country, country) VALUES
(:firstname, :lastname, :company, :phone, :address1, :address2, :city, :zip_code, :id_country, :country)');
$sql->execute(array('firstname' => $delivery_firstname,
'lastname' => $delivery_lastname,
'company' => $delivery_company,
'phone' => $_POST['delivery_phone'],
'address1' => $_POST['delivery_address1'],
'address2' => $_POST['delivery_address2'],
'city' => $delivery_city,
'zip_code' => $_POST['delivery_zip_code'],
'id_country' => $id_country_delivery,
'country' => $delivery_country));
$delivery = $GLOBALS['bdd']->lastInsertId();
$sql = $GLOBALS['bdd']->prepare('UPDATE customers
SET id_delivery_address = :delivery
WHERE id = :customer');
$sql->execute(array('customer' => $_SESSION['custo']['id'],
'delivery' => $delivery));
}
else
{
$sql->execute(array('firstname' => $delivery_firstname,
'lastname' => $delivery_lastname,
'company' => $delivery_company,
'phone' => $_POST['delivery_phone'],
'address1' => $_POST['delivery_address1'],
'address2' => $_POST['delivery_address2'],
'city' => $delivery_city,
'zip_code' => $_POST['delivery_zip_code'],
'country' => $delivery_country,
'id_country' => $id_country_delivery,
'id' => $result['id_delivery_address']));
}
}
else
{
$sql = $GLOBALS['bdd']->prepare('UPDATE customers
SET id_delivery_address = :delivery
WHERE id = :customer');
$sql->execute(array('customer' => $_SESSION['custo']['id'],
'delivery' => $result['id_delivery_address']));
unset($_SESSION['customer']['delivery_address']);
}
$smarty->assign("customer", $_SESSION['custo']);
}
//****************************************************************************************//
//**************************** Information de facturation ********************************//
//****************************************************************************************//
$sql = $GLOBALS['bdd']->prepare('SELECT a.* FROM customers c
INNER JOIN address a
ON a.id = c.id_invoice_address
WHERE c.id = :id');
$sql->execute(array('id' => $_SESSION['custo']['id']));
$result = $sql->fetch();
$smarty->assign("invoice", $result);
//****************************************************************************************//
//****************************** Information de livraison ********************************//
//****************************************************************************************//
$sql = $GLOBALS['bdd']->prepare('SELECT a.* FROM customers c
INNER JOIN address a
ON a.id = c.id_delivery_address
WHERE c.id = :id');
$sql->execute(array('id' => $_SESSION['custo']['id']));
$result = $sql->fetch();
$smarty->assign("delivery", $result);
//****************************************************************************************//
//********************************* Information de pays **********************************//
//***************************************************************************************//
$sql = $GLOBALS['bdd']->prepare('SELECT * FROM countries
WHERE status = 1
ORDER BY id ASC');
$sql->execute();
$pays = $sql->fetchAll();
$smarty->assign("pays", $pays);
//****************************************************************************************//
//***************************** Informations de commandes ********************************//
//****************************************************************************************//
$sql = $GLOBALS['bdd']->prepare('SELECT * FROM orders
WHERE customer = :customer
ORDER BY date_insere');
$sql->execute(array('customer' => $_SESSION['custo']['id']));
$orders = $sql->fetchAll();
$smarty->assign("orders", $orders);
//****************************************************************************************//
//******************************* Informations de suivi **********************************//
//****************************************************************************************//
$order_status = array();
foreach ($orders as $order) {
$sql = $GLOBALS['bdd']->prepare('SELECT * FROM order_status
WHERE id_order = :order
ORDER BY date_status');
$sql->execute(array('order' => $order['id']));
$order_status[$order['id_order']] = $sql->fetchAll();
}
$smarty->assign("order_status", $order_status);
//*************************************** Affichage **************************************//
//****************************************************************************************//
//*********************************** Mot de passe oublie ********************************//
//****************************************************************************************//
if(!empty($_POST['mdpo']))
{
$_POST['email'] = htmlspecialchars($_POST['email']);
if (preg_match("#^[a-z0-9._-]+@[a-z0-9._-]{2,}\.[a-z]{2,4}$#i", $_POST['email']))
{
// Vérification compte déjà existant
$sql = $GLOBALS['bdd']->prepare('SELECT id FROM customers
WHERE email = :email');
$sql->execute(array('email' => $_POST['email']));
if($result = $sql->fetch())
{
// insere un nouveau mot de passe
// Génération du mdp
$nouveau_mot = substr(md5(time().trim($_SERVER["REMOTE_ADDR"]).trim($_POST['email'])), 0, 8);
$hashPassword = hash('sha512', $nouveau_mot);
$sql = $GLOBALS['bdd']->prepare('UPDATE customers
SET password = :password
WHERE email = :email');
$sql->execute(array('email' => $_POST['email'],
'password' => $hashPassword
));
$msg ='<div class="title_mail">
<img src="'.$wwwroot.'templates/shop/img/'.$Image_Logo.'" style="margin:10px">
<h3 style="font-size:20px; padding:15px;">Nouveau mot de passe</h3>
</div>
<br />';
$msg .='<p>Bonjour, </p>
<p>Votre nouveau mot de passe temporaire est : <b>'.$nouveau_mot.' </b> ATTENTION il est valable 8 jours !</p>
<p>Vous devez le modifier avant 8 jours en vous connectant sur votre compte, merci de suivre le lien suivant <a href="http://'.$shop_url.'/account.php?">Choisir mon nouveau mot de passe</a>';
$msg .= '<p style="padding-top:10px;"><a href="http://'.$shop_url.'">'.$shop_title.'</a></p>';
$mail = new PHPMailer();
$mail->IsMail();
$mail->AddReplyTo($shop_email_contact, $shop_title);
$mail->AddAddress($_POST['email']);
$mail->SetFrom($shop_email_contact, $shop_title);
$mail->Subject = "Modification mot de passe " . $shop_title;
$mail->MsgHTML($msg);
if($mail->Send())
{
$status = "mdpo_ok";
}
}
}
else
{
$status = "error_email";
}
$smarty->assign("status", $status);
$smarty->assign("customer", $_SESSION['custo']);
}
$smarty->display('account.tpl');
?>