Viên ngọc phương Đông

ruạṛ

<?php
/**
 * Process login form
 * @version 0.9
 * @author Robert Urquhart <programmer@activatedesign.co.nz>
 * @package dreamdiamondstore
*/

/*
 * site data and definitions
 * @var string $include_path - for easy global search/replace if include location changes
 * @var string $template_dir location of template specific functions (and user connection details if different permissions supported)
 */
$include_path = $_SERVER['DOCUMENT_ROOT'].'/admin/scripts-includes/';
$template_dir = $_SERVER['DOCUMENT_ROOT'].'/resources/template/';
require_once $include_path.'universal.php';
require_once $template_dir.'functions.php';

/*
 * start the session (after includes so objects stored in $_SESSION are created properly)
 */
session_start();

$connID = connect_to_db();
/**
 * suhosin workaround - load session user data
 * @var object $customer
 * @var object $anon need a copy for comparing carts after login
 * @var object $cart
 */
$customer = user_load(); 
$anon = user_load(); 
//print_r($customer); exit;
/**
 * shouldn't be trying to access this script if already logged in
 */
if($customer->logged_in)
{
	getout('',select_one('page_data','path','page_type','customer'));
	exit;
}

/**
 * @var string $message
 */
$message = '';

/**
 * get and clean form data
 * @var $string $email
 * @var string $password
 */
$email = clean_plain_data($_POST['email']);
$password = clean_plain_data($_POST['userpass']);

/*
 * validate
 */
if(!is_email($email) || $password=='')
{
	setCookie('custMessage','Please enter a valid email address and password.',time()+30,'/');		
	getout('');
	exit;
}

$customer->email = $email;

/*
 * act
 * @todo select actions from looking for keywords in $_POST['action'] rather than relying on exact match and updating for each site
 * - see process-cart-add.php
 */
switch(clean_plain_data($_POST['action']))
{
	case 'Register':
		if(!$customer->create($password))
		{
			//why?
			/*
			 * user class was back-ported from later WEP version, normally class registers a message but that mechanism is not present
			 * so we check for (one of the) the possible causes of error - this could be extended
			 */
			$message = mysql_error();
			if(select_one('users','user_id','email',$email))
			{
				setCookie('custMessage',$message.'An account already exists for your email adddress. Please log in or use the link below to reset your password.',time()+30,'/');		
			}
			else
			{
				setCookie('custMessage',$message.'There was a problem creating your account. Please try again.',time()+30,'/');		
			}
			getout('');
			exit;
		}
		//else
		
		if($customer->cart != ''){
			$cart = $customer->load_cart();
			$customer->update_cart($cart);
			unset($cart);
		}
		if($customer->wishlist != ''){
			$cart = $customer->load_cart('wishlist');
			$customer->update_cart($cart,'wishlist');
			unset($cart);
		}		
		/**
		 * look for orders which
		 * - were placed using this email address
		 * - are not assigned to another account (which may have changed email address in the interim)
		 * @var int $orders
		 */
		$orders = select_one('orders','count(*)',"concat_ws(':',customer_email,customer_id)",$email.':0');
		if($orders){
			mysql_query("update orders set customer_id = '".$customer->user_id ."' where customer_email = '$email' and customer_id = '0'");
			$message .= $orders.' pre-existing orders were associated with this email address ';
		}
		
		$customer->logged_in = true; //no other details to add to object
		$subject = 'New customer account created at '.SITE_FROM_NAME;
		$body = 'You may view and manage this account at http://'.SITE_ROOT.'/admin/customer-manage.php?customer='.$customer->user_id;
		send_email($body,$subject);
		break;
		
	default:
		/**
		 * attempt to login
		 */
		if(!$customer->log_in($email,$password))
		{
			$message .= 'Log in was unsuccessful. Please try again.';
			setCookie('custMessage',''.$message.'',time()+30,'/');
			getout('');
			exit;
		}
		
		/**
		 * update stored carts
		 * @var object $cart
		 */
		//*
		if($customer->cart != ''){
			$cart = $customer->load_cart();
			$cart->update_prices();
			$customer->update_cart($cart);
			unset($cart);
		}
		
		if($customer->wishlist != ''){
			$cart = $customer->load_cart('wishlist');
			$cart->update_prices();
			$customer->update_cart($cart,'wishlist');
			unset($cart);
		}
		// */
		
		/*
		 * merge carts
		 * @var object $cart
		 * @var object $anon_cart
		 */
		//*
		if($anon->cart != ''){
			$cart = $customer->load_cart();
			$anon_cart = $anon->load_cart();
			$cart->merge($anon_cart);
			$customer->update_cart($cart);
			$message .= 'Items in the cart have been added to your saved cart ';
			unset($cart);
		}

if($merge && $anon->wishlist != ''){
			$cart = $customer->load_cart('wishlist');
			$anon_cart = $anon->load_cart('wishlist');
			$cart->merge($anon_cart);
			$customer->update_cart($cart,'wishlist');
			$message .= 'Items in the wishlist have been added to your saved wishlist ';
			unset($cart);
		}
}

/*
 * record as logged in and empty temporary carts
 */
user_register_login($customer->user_id);

// */
//print_r($customer); exit;
setCookie('custMessage',''.$message.'',time()+30,'/');
getout('');
exit;
?>