From d22277878254cf33fd63ca1bf12b215f4e030a27 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Mon, 04 Jan 2016 05:12:49 -0500
Subject: [PATCH] - merged different fixes and updates from foreign branches

---
 interface/lib/classes/remote.d/client.inc.php |   42 ++++++++++++++++++++++++++++++++++++++----
 1 files changed, 38 insertions(+), 4 deletions(-)

diff --git a/interface/lib/classes/remote.d/client.inc.php b/interface/lib/classes/remote.d/client.inc.php
index cccc04f..e44fd82 100644
--- a/interface/lib/classes/remote.d/client.inc.php
+++ b/interface/lib/classes/remote.d/client.inc.php
@@ -526,22 +526,24 @@
 	 * @param int  client id
 	 * @param string new password
 	 * @return bool true if success
-	 * @author Julio Montoya <gugli100@gmail.com> BeezNest 2010
 	 *
 	 */
 	public function client_change_password($session_id, $client_id, $new_password) {
 		global $app;
 
+		$app->uses('auth');
+
 		if(!$this->checkPerm($session_id, 'client_change_password')) {
 			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
 			return false;
 		}
-		$client_id = $app->functions->intval($client_id);
+
 		$client = $app->db->queryOneRecord("SELECT client_id FROM client WHERE client_id = ?", $client_id);
 		if($client['client_id'] > 0) {
-			$sql = "UPDATE client SET password = md5(?) 	WHERE client_id = ?";
+			$new_password = $app->auth->crypt_password($new_password);
+			$sql = "UPDATE client SET password = ? 	WHERE client_id = ?";
 			$app->db->query($sql, $new_password, $client_id);
-			$sql = "UPDATE sys_user SET passwort = md5(?) 	WHERE client_id = ?";
+			$sql = "UPDATE sys_user SET passwort = ? 	WHERE client_id = ?";
 			$app->db->query($sql, $new_password, $client_id);
 			return true;
 		} else {
@@ -681,6 +683,38 @@
 		
 		return $returnval;
 	}
+	
+	public function client_activate($session_id, $params){
+		global $app;
+		/*
+		if (!$this->checkPerm($session_id, 'client_update')){
+			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
+			return false;
+		}
+		*/
+		
+		if(!is_file(ISPC_WEB_PATH.'/robot/lib/robot_config.inc.php')){
+			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
+			return false;
+		}
+		
+		$client = $app->db->queryOneRecord("SELECT * FROM client WHERE customer_no = '".$app->db->quote($params['customer_no'])."' AND email = '".$app->db->quote($params['email'])."' AND activation_code = '".$app->db->quote($params['activation_code'])."' AND validation_status = 'review'");
+		//file_put_contents('/tmp/test.txt', "SELECT * FROM client WHERE customer_no = '".$app->db->quote($params['customer_no'])."' AND email = '".$app->db->quote($params['email'])."' AND activation_code = '".$app->db->quote($params['activation_code'])."' AND validation_status = 'review'");
+		
+		if(is_array($client) && !empty($client)){
+			$client_id = intval($client['client_id']);
+			
+			$app->functions->client_activate($client_id);
+	
+			return true;
+		} else {
+			$client = $app->db->queryOneRecord("SELECT * FROM client WHERE email = '".$app->db->quote($params['email'])."' AND validation_status = 'review'");
+			if(is_array($client) && !empty($client)){
+				$app->functions->client_activation_failed($client);
+			}
+			return false;
+		}
+	}
 
 }
 

--
Gitblit v1.9.1