| Server IP : 109.234.164.53 / Your IP : 216.73.216.110 Web Server : Apache System : Linux cervelle.o2switch.net 4.18.0-553.32.1.lve.el8.x86_64 #1 SMP Thu Dec 19 13:14:03 UTC 2024 x86_64 User : computer3 ( 1098) PHP Version : 7.1.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /home/computer3/litsolide.com/ |
Upload File : |
<?php
/*
Module : Front-Office - Mon Compte
Date : Juin 2015
Version Shop : V15.6
Auteur : Guillaume MADIOT - Computer 64
*/
//****************************************************************************************//
//************************************* Configuration ************************************//
//****************************************************************************************//
// Chargement fichiers de configuration.
require('libs/Smarty.class.php');
require('includes/phpmailer/class.phpmailer.php');
// Démarrage du moteur TPL.
$smarty = new Smarty;
// Chargement des Fonctions Globals.
require('fonctions.php');
// Remet la date en us soit 0000-00-00
function datenUs($date){
return strftime('%Y-%m-%d',strtotime($date));
}
//****************************************************************************************//
//********************************** Activation du compte ********************************//
//****************************************************************************************//
if(!empty($_GET['activate']) & !empty($_GET['email']))
{
$sql = $GLOBALS['bdd']->prepare('SELECT email, token, id
FROM customers
WHERE email = :email');
$sql->execute(array('email' => $_GET['email']));
$result = $sql->fetch();
// Vérification si l'email et le token correspondes.
if($result['email'] == $_GET['email'] && $result['token'] == $_GET['activate'])
{
$sql = $GLOBALS['bdd']->prepare('UPDATE customers
SET status = :status
WHERE id = :id');
$sql->execute(array('status' => '1',
'id' => $result['id']));
$status = "activate";
}
else
{
$status = "error_activate";
}
$smarty->assign("status", $status);
}
//****************************************************************************************//
//*************************************** Inscription ************************************//
//****************************************************************************************//
if(!empty($_POST['new']))
{
//****************************************************************************************//
// Verif 1
$honeypot = $_POST['firstnamebis'];
if(!empty($honeypot)) {
echo '<script>';
echo 'window.location = "erreur_mail.php"';
echo '</script>';
}
// Verif 2
$secret = $cle_gg_privee;
$response = $_POST['g-recaptcha-response'];
$remoteip = $_SERVER['REMOTE_ADDR'];
$api_url = "https://www.google.com/recaptcha/api/siteverify?secret="
. $secret
. "&response=" . $response
. "&remoteip=" . $remoteip ;
$decode = json_decode(file_get_contents($api_url), true);
if ($decode['success'] == true) {
// C'est un humain
$er_captcha= '';
}
else {
echo '<script>';
echo 'window.location = "erreur_mail.php"';
echo '</script>';
}
//****************************************************************************************//
$_POST['email'] = htmlspecialchars($_POST['email']);
if (preg_match("#^[a-z0-9._-]+@[a-z0-9._-]{2,}\.[a-z]{2,4}$#i", $_POST['email']))
{
// Verif 3
if(($_POST['password'] != $_POST['rePassword'] || !empty($honeypot)))
{
$status = "error_password";
}
else
{
// Vérification compte déjà existant
$sql = $GLOBALS['bdd']->prepare('SELECT id FROM customers
WHERE email = :email');
$sql->execute(array('email' => $_POST['email']));
if($result = $sql->fetch())
{
$status = "error_sign_in";
}
else
{
$firstname = $_POST['invoice_firstname'];
$firstname= strtoupper($firstname);
$lastname= $_POST['invoice_lastname'];
$lastname= strtoupper($lastname);
$company= $_POST['invoice_company'];
$company= strtoupper($company);
$city= $_POST['invoice_city'];
$city= strtoupper($city);
$sireta= $_POST['sireta'];
$sireta= strtoupper($sireta);
// recup pays et id
$champ = $_POST['invoice_country'];
$array_attrib= explode('-', $champ);
$id_country = $array_attrib[0];
$invoice_country = $array_attrib[1];
$sql = $GLOBALS['bdd']->prepare('INSERT INTO address (firstname, lastname, company, phone, address1, address2, city, zip_code, id_country, country) VALUES
(:firstname, :lastname, :company, :phone, :address1, :address2, :city, :zip_code, :id_country, :country)');
$sql->execute(array('firstname' => $firstname,
'lastname' => $lastname,
'company' => $company,
'phone' => $_POST['invoice_phone'],
'address1' => $_POST['invoice_address1'],
'address2' => $_POST['invoice_address2'],
'city' => $city,
'zip_code' => $_POST['invoice_zip_code'],
'id_country' => $id_country,
'country' => $invoice_country));
$invoice = $GLOBALS['bdd']->lastInsertId();
$hashPassword = hash('sha512', $_POST['password']);
$nais= $_POST['nais'];
$naisUs = datenUs($nais);
$lesir="";
if (isset($_POST['siret'])) {
$lesir= $_POST['siret'];
}
$sql = $GLOBALS['bdd']->prepare('INSERT INTO customers (nais, email, password, date_insere, date_edit, last_ip, id_invoice_address, id_delivery_address, token, siret, entreprise)
VALUES (:nais, :email, :password, :date_insere, :date_edit, :last_ip, :id_invoice_address, :id_delivery_address, :token, :siret, :entreprise)');
// Génération du Token de validation du compte
$token = substr(md5(time().trim($_SERVER["REMOTE_ADDR"]).trim($_POST['invoice_lastname']).trim($_POST['email'])), 0, 15);
$sql->execute(array(
'nais' => $naisUs,
'email' => $_POST['email'],
'password' => $hashPassword,
'siret' => $sireta,
'entreprise' => $company,
'date_insere' => date('Y-m-d'),
'date_edit' => date('Y-m-d'),
'last_ip' => $_SERVER["REMOTE_ADDR"],
'id_invoice_address' => $invoice,
'id_delivery_address' => $invoice,
'token' => $token));
// Newsletter
$newsletter_ok = ($_POST['newslet'] == 'on') ? 1 : 0;
if ($newsletter_ok > 0) {
// Vérification si l'expéditeur est présent dans la base de données Newsletter
$sql = $GLOBALS['bdd']->prepare('SELECT * FROM fe_mail_user WHERE email = :email');
$sql->execute(array('email' => $_POST['email']));
$result = $sql->fetch();
// Si non présent, à l'ajoute.
if($result['email'] !== $_POST['email'])
{
$unsubscribe_code = substr(md5(trim($_POST['name']).trim($_POST['email'])), 0, 7);
$sql = $GLOBALS['bdd']->prepare('INSERT INTO fe_mail_user (insert_date, id_user, id_cat, name, email, unsubscribe_code, time_unsubscribe, ip_unsubscribe, status) VALUES (:insert_date, :id_user, :id_cat, :name, :email, :unsubscribe_code, :time_unsubscribe, :ip_unsubscribe, :status)');
$sql->execute(array('insert_date' => time(),
'id_user' => '3',
'id_cat' => '3',
'name' => $_POST['invoice_firstname'],
'email' => $_POST['email'],
'unsubscribe_code' => $unsubscribe_code,
'time_unsubscribe' => '0',
'ip_unsubscribe' => '0',
'status' => '0'));
}
else
{
}
}
//$customer = $GLOBALS['bdd']->lastInsertId();
//$status = "OK";
// $_SESSION['customer']['id'] = $customer;
// $_SESSION['customer']['email'] = $_POST['email'];
// $_SESSION['customer']['last_ip'] = 'Première connexion';
// $_SESSION['customer']['ip'] = $_SERVER["REMOTE_ADDR"];
// $_SESSION['customer']['date_insere'] = date('d/m/Y');
// $_SESSION['customer']['date_edit'] = 'Première connexion';
$msg ='<div class="title_mail">
<img src="'.$wwwroot.'templates/shop/img/'.$Image_Logo.'" style="margin:10px">
<h3 style="font-size:20px; padding:15px;">Activation de votre compte</h3>
</div>
<br />';
$msg .='<p>Bonjour '.$_POST['invoice_firstname'].' '.$_POST['invoice_lastname'].', vous venez de créer un compte sur le site '.$shop_title.'</p>
<p>Pour activer votre compte, merci de suivre le lien suivant <a href="'.$shop_url.'/account.php?activate='.$token.'&email='.$_POST['email'].'">Activer mon compte</a>';
if ($sireta !==''){
$msg .='<p><br /><b>En tant que professionnel votre compte sera <i>certifié</i> par notre Administrateur pouvant vous donner une remise personnalisée.<br />(avec les prix sur le site affichés en HT.)</b></p>';
}
$msg .= '<p style="padding-top:10px;"><a href="'.$shop_url.'">'.$shop_title.'</a></p>';
$mail = new PHPMailer();
$mail->IsMail();
$mail->AddReplyTo($shop_email_contact, $shop_company);
$mail->AddAddress($_POST['email']);
$mail->SetFrom($shop_email_contact, $shop_company);
$mail->Subject = "Activation de votre compte sur " . $shop_title;
$mail->MsgHTML($msg);
if($mail->Send())
{
$status = "register_ok";
}
}
}
}
else
{
$status = "error_email";
}
$smarty->assign("status", $status);
$smarty->assign("customer", $_SESSION['custo']);
}
//****************************************************************************************//
//****************************** Mise à jour des informations ****************************//
//****************************************************************************************//
if(!empty($_POST['updateInfos']))
{
if($_POST['newPassword'] != $_POST['rePassword'])
{
$status = "error_password";
}
else
{
$hashPassword = hash('sha512', $_POST['password']);
$sql = $GLOBALS['bdd']->prepare('SELECT id
FROM customers
WHERE id = :customer AND password = :password');
$sql->execute(array('customer' => $_SESSION['custo']['id'],
'password' => $hashPassword));
if($result = $sql->fetch())
{
$nais= $_POST['nais'];
$naisUs = datenUs($nais);
$sql = $GLOBALS['bdd']->prepare('UPDATE customers
SET email = :email, nais = :nais, password = :password, siret = :siret, entreprise = :entreprise
WHERE id = :customer');
$sql->execute(array('email' => $_POST['email'],
'nais' => $naisUs,
'siret' => $_POST['siret'],
'entreprise' => $_POST['entreprise'],
'password' => ($_POST['newPassword'] == '' ? $hashPassword : hash('sha512', $_POST['newPassword'])),
'customer' => $_SESSION['custo']['id']));
$_SESSION['custo']['siret'] = $_POST['siret'];
$_SESSION['custo']['entreprise'] = $_POST['entreprise'];
$_SESSION['custo']['nais'] = $_POST['nais'];
}
else
{
$status = "error_log_in";
}
}
$smarty->assign("status", $status);
$smarty->assign("customer", $_SESSION['custo']);
}
//****************************************************************************************//
//******************************** Mise à jour des adresses ******************************//
//****************************************************************************************//
if(!empty($_POST['updateAddresses']))
{
$sql = $GLOBALS['bdd']->prepare('SELECT id_delivery_address, id_invoice_address
FROM customers
WHERE id = :customer');
$sql->execute(array('customer' => $_SESSION['custo']['id']));
$result = $sql->fetch();
$invoice_firstname = $_POST['invoice_firstname'];
$invoice_firstname= strtoupper($invoice_firstname);
$invoice_lastname= $_POST['invoice_lastname'];
$invoice_lastname= strtoupper($invoice_lastname);
$invoice_company= $_POST['invoice_company'];
$invoice_company= strtoupper($invoice_company);
$invoice_city= $_POST['invoice_city'];
$invoice_city= strtoupper($invoice_city);
$delivery_firstname = $_POST['delivery_firstname'];
$delivery_firstname= strtoupper($delivery_firstname);
$delivery_lastname= $_POST['delivery_lastname'];
$delivery_lastname= strtoupper($delivery_lastname);
$delivery_company= $_POST['delivery_company'];
$delivery_company= strtoupper($delivery_company);
$delivery_city= $_POST['delivery_city'];
$delivery_city= strtoupper($delivery_city);
// recup id pays et retrouve le nom local du pays
$id_country_delivery= $_POST['delivery_country'];
$sqlyv = $GLOBALS['bdd']->prepare('SELECT * FROM countries
WHERE id = :id_country_delivery');
$sqlyv->execute(array('id_country_delivery' => $id_country_delivery));
$resultyv = $sqlyv->fetch();
$delivery_country= $resultyv['localname'];
// recup id pays et retrouve le nom local du pays
$id_country_invoice = $_POST['invoice_country'];
$sqly = $GLOBALS['bdd']->prepare('SELECT * FROM countries
WHERE id = :id_country_invoice');
$sqly->execute(array('id_country_invoice' => $id_country_invoice));
$resulty = $sqly->fetch();
$invoice_country = $resulty['localname'];
// Mise à jours des informations de facturation.
$sql = $GLOBALS['bdd']->prepare('UPDATE address
SET firstname = :firstname, lastname = :lastname, company = :company, phone = :phone, address1 = :address1, address2 = :address2, city = :city, zip_code = :zip_code, id_country = :id_country, country = :country
WHERE id = :id');
$sql->execute(array('firstname' => $invoice_firstname,
'lastname' => $invoice_lastname,
'company' => $invoice_company,
'phone' => $_POST['invoice_phone'],
'address1' => $_POST['invoice_address1'],
'address2' => $_POST['invoice_address2'],
'city' => $invoice_city,
'zip_code' => $_POST['invoice_zip_code'],
'country' => $invoice_country,
'id_country' => $id_country_invoice,
'id' => $result['id_invoice_address']));
// Vérification d'ajout ou de modification d'une adresse de livraison.
if(!empty($_POST['delivery_firstname']) && $_POST['delivery_address1'])
{
// Vérification si l'adresse de livraison et la même que l'adresse de facturation.
if($result['id_invoice_address'] == $result['id_delivery_address'])
{
// Mise à jours des informations de livraison
$sql = $GLOBALS['bdd']->prepare('INSERT INTO address (firstname, lastname, company, phone, address1, address2, city, zip_code, id_country, country) VALUES
(:firstname, :lastname, :company, :phone, :address1, :address2, :city, :zip_code, :id_country, :country)');
$sql->execute(array('firstname' => $delivery_firstname,
'lastname' => $delivery_lastname,
'company' => $delivery_company,
'phone' => $_POST['delivery_phone'],
'address1' => $_POST['delivery_address1'],
'address2' => $_POST['delivery_address2'],
'city' => $delivery_city,
'zip_code' => $_POST['delivery_zip_code'],
'id_country' => $id_country_delivery,
'country' => $delivery_country));
$delivery = $GLOBALS['bdd']->lastInsertId();
$sql = $GLOBALS['bdd']->prepare('UPDATE customers
SET id_delivery_address = :delivery
WHERE id = :customer');
$sql->execute(array('customer' => $_SESSION['custo']['id'],
'delivery' => $delivery));
}
else
{
$sql->execute(array('firstname' => $delivery_firstname,
'lastname' => $delivery_lastname,
'company' => $delivery_company,
'phone' => $_POST['delivery_phone'],
'address1' => $_POST['delivery_address1'],
'address2' => $_POST['delivery_address2'],
'city' => $delivery_city,
'zip_code' => $_POST['delivery_zip_code'],
'country' => $delivery_country,
'id_country' => $id_country_delivery,
'id' => $result['id_delivery_address']));
}
}
else
{
$sql = $GLOBALS['bdd']->prepare('UPDATE customers
SET id_delivery_address = :delivery
WHERE id = :customer');
$sql->execute(array('customer' => $_SESSION['custo']['id'],
'delivery' => $result['id_delivery_address']));
unset($_SESSION['customer']['delivery_address']);
}
$smarty->assign("customer", $_SESSION['custo']);
}
//****************************************************************************************//
//**************************** Information de facturation ********************************//
//****************************************************************************************//
$sql = $GLOBALS['bdd']->prepare('SELECT a.* FROM customers c
INNER JOIN address a
ON a.id = c.id_invoice_address
WHERE c.id = :id');
$sql->execute(array('id' => $_SESSION['custo']['id']));
$result = $sql->fetch();
$smarty->assign("invoice", $result);
//****************************************************************************************//
//****************************** Information de livraison ********************************//
//****************************************************************************************//
$sql = $GLOBALS['bdd']->prepare('SELECT a.* FROM customers c
INNER JOIN address a
ON a.id = c.id_delivery_address
WHERE c.id = :id');
$sql->execute(array('id' => $_SESSION['custo']['id']));
$result = $sql->fetch();
$smarty->assign("delivery", $result);
//****************************************************************************************//
//********************************* Information de pays **********************************//
//***************************************************************************************//
$sql = $GLOBALS['bdd']->prepare('SELECT * FROM countries
WHERE status = 1
ORDER BY id ASC');
$sql->execute();
$pays = $sql->fetchAll();
$smarty->assign("pays", $pays);
//****************************************************************************************//
//***************************** Informations de commandes ********************************//
//****************************************************************************************//
$sql = $GLOBALS['bdd']->prepare('SELECT * FROM orders
WHERE customer = :customer
ORDER BY date_insere');
$sql->execute(array('customer' => $_SESSION['custo']['id']));
$orders = $sql->fetchAll();
$smarty->assign("orders", $orders);
//****************************************************************************************//
//******************************* Informations de suivi **********************************//
//****************************************************************************************//
$order_status = array();
foreach ($orders as $order) {
$sql = $GLOBALS['bdd']->prepare('SELECT * FROM order_status
WHERE id_order = :order
ORDER BY date_status');
$sql->execute(array('order' => $order['id']));
$order_status[$order['id_order']] = $sql->fetchAll();
}
$smarty->assign("order_status", $order_status);
//*************************************** Affichage **************************************//
//****************************************************************************************//
//*********************************** Mot de passe oublie ********************************//
//****************************************************************************************//
if(!empty($_POST['mdpo']))
{
//****************************************************************************************//
// Verif 1
$honeypot = $_POST['firstnamebis'];
if(!empty($honeypot)) {
echo '<script>';
echo 'window.location = "erreur_mail.php"';
echo '</script>';
}
// Verif 2
$secret = $cle_gg_privee;
$response = $_POST['g-recaptcha-response'];
$remoteip = $_SERVER['REMOTE_ADDR'];
$api_url = "https://www.google.com/recaptcha/api/siteverify?secret="
. $secret
. "&response=" . $response
. "&remoteip=" . $remoteip ;
$decode = json_decode(file_get_contents($api_url), true);
if ($decode['success'] == true) {
// C'est un humain
$er_captcha= '';
}
else {
echo '<script>';
echo 'window.location = "erreur_mail.php"';
echo '</script>';
}
// Verif 3
$_POST['email'] = htmlspecialchars($_POST['email']);
$sql = $GLOBALS['bdd']->prepare('SELECT * FROM customers
WHERE email = :mail');
$sql->execute(array('mail' => $_POST['email']));
$result = $sql->fetchAll();
$idMail = $result[0]['id'];
if ($idMail <1) {
echo '<script>';
echo 'window.location = "erreur_mail.php"';
echo '</script>';
}
//****************************************************************************************//
$_POST['email'] = htmlspecialchars($_POST['email']);
$sql = $GLOBALS['bdd']->prepare('SELECT * FROM customers
WHERE email = :mail');
$sql->execute(array('mail' => $_POST['email']));
$result = $sql->fetchAll();
$idMail = $result[0]['id'];
if ($idMail <1) {
// C'est un robot ou le code de v�rification est incorrecte
echo '<script>';
echo 'window.location = "erreur_mail.php"';
echo '</script>';
}
/*****************************************************************************************/
$_POST['email'] = htmlspecialchars($_POST['email']);
if (preg_match("#^[a-z0-9._-]+@[a-z0-9._-]{2,}\.[a-z]{2,4}$#i", $_POST['email']))
{
// Vérification compte déjà existant
$sql = $GLOBALS['bdd']->prepare('SELECT id FROM customers
WHERE email = :email');
$sql->execute(array('email' => $_POST['email']));
if($result = $sql->fetch())
{
// insere un nouveau mot de passe
// Génération du mdp
$nouveau_mot = substr(md5(time().trim($_SERVER["REMOTE_ADDR"]).trim($_POST['email'])), 0, 8);
$hashPassword = hash('sha512', $nouveau_mot);
$sql = $GLOBALS['bdd']->prepare('UPDATE customers
SET password = :password
WHERE email = :email');
$sql->execute(array('email' => $_POST['email'],
'password' => $hashPassword
));
$msg ='<div class="title_mail">
<img src="'.$wwwroot.'templates/shop/img/'.$Image_Logo.'" style="margin:10px">
<h3 style="font-size:20px; padding:15px;">Nouveau mot de passe</h3>
</div>
<br />';
$msg .='<p>Bonjour, </p>
<p>Votre nouveau mot de passe temporaire est : <b>'.$nouveau_mot.' </b> ATTENTION il est valable 8 jours !</p>
<p>Vous devez le modifier avant 8 jours en vous connectant sur votre compte, merci de suivre le lien suivant <a href="'.$shop_url.'/account.php?">Choisir mon nouveau mot de passe</a>';
$msg .= '<p style="padding-top:10px;"><a href="'.$shop_url.'">'.$shop_title.'</a></p>';
$mail = new PHPMailer();
$mail->IsMail();
$mail->AddReplyTo($shop_email_contact, $shop_title);
$mail->AddAddress($_POST['email']);
$mail->SetFrom($shop_email_contact, $shop_title);
$mail->Subject = "Modification mot de passe " . $shop_title;
$mail->MsgHTML($msg);
if($mail->Send())
{
$status = "mdpo_ok";
}
}
}
else
{
$status = "error_email";
}
$smarty->assign("status", $status);
$smarty->assign("customer", $_SESSION['custo']);
}
$smarty->display('account.tpl');
?>