/**
* Verifies the account data present in the session
* @param boolean $silent If true, no messages are created.
* Defaults to false
* @return boolean True if the account data is complete
* and valid, false otherwise
*/
static function verify_account($silent = false)
{
global $_ARRAYLANG;
//\DBG::log("Verify account");
$status = true;
//\DBG::log("POST: ". var_export($_POST, true));
if (isset($_POST) && !self::verifySessionAddress()) {
if ($silent) {
return false;
}
$status = \Message::error($_ARRAYLANG['TXT_FILL_OUT_ALL_REQUIRED_FIELDS']);
}
// Registered Customers are okay now
if (self::$objCustomer) {
return $status;
}
if (\Cx\Core\Setting\Controller\Setting::getValue('register', 'Shop') == ShopLibrary::REGISTER_MANDATORY || \Cx\Core\Setting\Controller\Setting::getValue('register', 'Shop') == ShopLibrary::REGISTER_OPTIONAL && empty($_SESSION['shop']['dont_register'])) {
if (isset($_SESSION['shop']['password']) && !\User::isValidPassword($_SESSION['shop']['password'])) {
if ($silent) {
return false;
}
global $objInit;
$objInit->loadLanguageData('Access');
$status = \Message::error(\Cx\Core_Modules\Access\Controller\AccessLib::getPasswordInfo());
}
} else {
// User is not trying to register, so she doesn't need a password.
// Mind that this is necessary in order to avoid passwords filled
// in automatically by the browser, which may be wrong, or
// invalid, or both.
$_SESSION['shop']['password'] = NULL;
}
if (isset($_SESSION['shop']['email']) && !\FWValidator::isEmail($_SESSION['shop']['email'])) {
if ($silent) {
return false;
}
$status = \Message::error($_ARRAYLANG['TXT_INVALID_EMAIL_ADDRESS']);
}
if (!$status) {
return false;
}
if (isset($_SESSION['shop']['email'])) {
// Ignore "unregistered" Customers. These will silently be updated
if (Customer::getUnregisteredByEmail($_SESSION['shop']['email'])) {
return true;
}
$objUser = new \User();
$objUser->setUsername($_SESSION['shop']['email']);
$objUser->setEmail($_SESSION['shop']['email']);
\Message::save();
// This method will set an error message we don't want here
// (as soon as it uses the Message class, that is)
if (!($objUser->validateUsername() && $objUser->validateEmail())) {
//\DBG::log("Shop::verify_account(): Username or e-mail in use");
\Message::restore();
$_POST['email'] = $_SESSION['shop']['email'] = NULL;
if ($silent) {
return false;
}
return \Message::error(sprintf($_ARRAYLANG['TXT_EMAIL_USED_BY_OTHER_CUSTOMER'], \Cx\Core\Routing\Url::fromModuleAndCmd('Shop', 'login') . '?redirect=' . base64_encode(\Cx\Core\Routing\Url::fromModuleAndCmd('Shop', 'account')))) || \Message::error(sprintf($_ARRAYLANG['TXT_SHOP_GOTO_SENDPASS'], \Cx\Core\Routing\Url::fromModuleAndCmd('Shop', 'sendpass')));
}
\Message::restore();
}
return $status;
}
camp_html_add_msg($errMsg);
camp_html_goto_page($backLink);
}
}
$setPassword = Input::Get('setPassword', 'string', 'false') == 'true';
$customizeRights = Input::Get('customizeRights', 'string', 'false') == 'true';
if ($setPassword) {
$password = Input::Get('password', 'string', 0);
$passwordConf = Input::Get('passwordConf', 'string', 0);
$backLink = "/$ADMIN/users/edit.php?$typeParam&User=".$editUser->getUserId();
if ($userId == $g_user->getUserId()) {
$oldPassword = Input::Get('oldPassword');
if (!$editUser->isValidPassword($oldPassword)
&& !$editUser->isValidOldPassword($oldPassword)) {
camp_html_add_msg(getGS('The password you typed is incorrect.'));
camp_html_goto_page($backLink);
}
}
if (strlen($password) < 6 || $password != $passwordConf) {
camp_html_add_msg(getGS('The password must be at least 6 characters long and both passwords should match.'));
camp_html_goto_page($backLink);
}
$editUser->setPassword($password);
$liveUserValues['passwd'] = $password;
}
$userData = array(
// Если email указан - находим пользователя в БД
if ($userInfo->email) {
$db = new ServerDatabase();
$db->newQuery("SELECT name, email, password, salt, iterationCount FROM user WHERE email = '%1'");
$db->addParameter($userInfo->email);
$result = $db->execute(true);
// Если пользователь найден - заполним его данные...
if (count($result) > 0) {
$user->fillFromArray($result[0]);
}
// Если пароль указан - проверяем его
if ($userInfo->password) {
// Восстанавливаем энтропию, которая использовалась при передаче
$user->transferEntropy = new Entropy($userInfo->transferEntropy->salt, $userInfo->transferEntropy->iterationCount);
// Если пароль указан неверно - стираем данные
if (!$user->isValidPassword($userInfo->password)) {
$user->name = "";
}
} else {
// Стираем данные о имени
$user->name = "";
}
}
}
// Заголовки ответа
header('Content-type: text/plain; charset=utf-8');
header('Cache-Control: no-store, no-cache');
header('Expires: ' . date('r'));
// Хэш пароля ни в коем случае передавать не следует!
$user->password = "";
// Возвращаем объект
if (User::EmailExists($userEmail, $editUser->getUserName())) {
$backLink = "/{$ADMIN}/users/edit.php?{$typeParam}&User="******"/{$ADMIN}/users/edit.php?{$typeParam}&User=" . $editUser->getUserId();
if ($userId == $g_user->getUserId()) {
$oldPassword = Input::Get('oldPassword');
if (!$editUser->isValidPassword($oldPassword) && !$editUser->isValidOldPassword($oldPassword)) {
camp_html_add_msg(getGS('The password you typed is incorrect.'));
camp_html_goto_page($backLink);
}
}
if (strlen($password) < 6 || $password != $passwordConf) {
camp_html_add_msg(getGS('The password must be at least 6 characters long and both passwords should match.'));
camp_html_goto_page($backLink);
}
$editUser->setPassword($password);
$liveUserValues['passwd'] = $password;
}
$userData = array('Name', 'Title', 'Gender', 'Age', 'EMail', 'City', 'StrAddress', 'State', 'CountryCode', 'Phone', 'Fax', 'Contact', 'Phone2', 'PostalCode', 'Employer', 'EmployerType', 'Position');
// save user data
foreach ($userData as $value) {
$liveUserValues[$value] = Input::Get($value, 'string', null);
<?php
$currentPassword = $_POST["currentPassword"];
$newPassword = $_POST["newPassword"];
$newPassword2 = $_POST["newPassword2"];
$user = User::findById($session->userID);
$username = $user->username;
if (User::authenticate($username, $currentPassword)) {
$validPassword = User::isValidPassword($newPassword, $newPassword2);
if ($validPassword) {
$user->password = password_hash($newPassword, PASSWORD_BCRYPT);
$user->save();
$session->setMessage("Password has been changed");
}
} else {
$session->setMessage("Current password is incorrect.");
}
