/** * Verifies the account data present in the session * @param boolean $silent If true, no messages are created. * Defaults to false * @return boolean True if the account data is complete * and valid, false otherwise */ static function verify_account($silent = false) { global $_ARRAYLANG; //\DBG::log("Verify account"); $status = true; //\DBG::log("POST: ". var_export($_POST, true)); if (isset($_POST) && !self::verifySessionAddress()) { if ($silent) { return false; } $status = \Message::error($_ARRAYLANG['TXT_FILL_OUT_ALL_REQUIRED_FIELDS']); } // Registered Customers are okay now if (self::$objCustomer) { return $status; } if (\Cx\Core\Setting\Controller\Setting::getValue('register', 'Shop') == ShopLibrary::REGISTER_MANDATORY || \Cx\Core\Setting\Controller\Setting::getValue('register', 'Shop') == ShopLibrary::REGISTER_OPTIONAL && empty($_SESSION['shop']['dont_register'])) { if (isset($_SESSION['shop']['password']) && !\User::isValidPassword($_SESSION['shop']['password'])) { if ($silent) { return false; } global $objInit; $objInit->loadLanguageData('Access'); $status = \Message::error(\Cx\Core_Modules\Access\Controller\AccessLib::getPasswordInfo()); } } else { // User is not trying to register, so she doesn't need a password. // Mind that this is necessary in order to avoid passwords filled // in automatically by the browser, which may be wrong, or // invalid, or both. $_SESSION['shop']['password'] = NULL; } if (isset($_SESSION['shop']['email']) && !\FWValidator::isEmail($_SESSION['shop']['email'])) { if ($silent) { return false; } $status = \Message::error($_ARRAYLANG['TXT_INVALID_EMAIL_ADDRESS']); } if (!$status) { return false; } if (isset($_SESSION['shop']['email'])) { // Ignore "unregistered" Customers. These will silently be updated if (Customer::getUnregisteredByEmail($_SESSION['shop']['email'])) { return true; } $objUser = new \User(); $objUser->setUsername($_SESSION['shop']['email']); $objUser->setEmail($_SESSION['shop']['email']); \Message::save(); // This method will set an error message we don't want here // (as soon as it uses the Message class, that is) if (!($objUser->validateUsername() && $objUser->validateEmail())) { //\DBG::log("Shop::verify_account(): Username or e-mail in use"); \Message::restore(); $_POST['email'] = $_SESSION['shop']['email'] = NULL; if ($silent) { return false; } return \Message::error(sprintf($_ARRAYLANG['TXT_EMAIL_USED_BY_OTHER_CUSTOMER'], \Cx\Core\Routing\Url::fromModuleAndCmd('Shop', 'login') . '?redirect=' . base64_encode(\Cx\Core\Routing\Url::fromModuleAndCmd('Shop', 'account')))) || \Message::error(sprintf($_ARRAYLANG['TXT_SHOP_GOTO_SENDPASS'], \Cx\Core\Routing\Url::fromModuleAndCmd('Shop', 'sendpass'))); } \Message::restore(); } return $status; }
camp_html_add_msg($errMsg); camp_html_goto_page($backLink); } } $setPassword = Input::Get('setPassword', 'string', 'false') == 'true'; $customizeRights = Input::Get('customizeRights', 'string', 'false') == 'true'; if ($setPassword) { $password = Input::Get('password', 'string', 0); $passwordConf = Input::Get('passwordConf', 'string', 0); $backLink = "/$ADMIN/users/edit.php?$typeParam&User=".$editUser->getUserId(); if ($userId == $g_user->getUserId()) { $oldPassword = Input::Get('oldPassword'); if (!$editUser->isValidPassword($oldPassword) && !$editUser->isValidOldPassword($oldPassword)) { camp_html_add_msg(getGS('The password you typed is incorrect.')); camp_html_goto_page($backLink); } } if (strlen($password) < 6 || $password != $passwordConf) { camp_html_add_msg(getGS('The password must be at least 6 characters long and both passwords should match.')); camp_html_goto_page($backLink); } $editUser->setPassword($password); $liveUserValues['passwd'] = $password; } $userData = array(
// Если email указан - находим пользователя в БД if ($userInfo->email) { $db = new ServerDatabase(); $db->newQuery("SELECT name, email, password, salt, iterationCount FROM user WHERE email = '%1'"); $db->addParameter($userInfo->email); $result = $db->execute(true); // Если пользователь найден - заполним его данные... if (count($result) > 0) { $user->fillFromArray($result[0]); } // Если пароль указан - проверяем его if ($userInfo->password) { // Восстанавливаем энтропию, которая использовалась при передаче $user->transferEntropy = new Entropy($userInfo->transferEntropy->salt, $userInfo->transferEntropy->iterationCount); // Если пароль указан неверно - стираем данные if (!$user->isValidPassword($userInfo->password)) { $user->name = ""; } } else { // Стираем данные о имени $user->name = ""; } } } // Заголовки ответа header('Content-type: text/plain; charset=utf-8'); header('Cache-Control: no-store, no-cache'); header('Expires: ' . date('r')); // Хэш пароля ни в коем случае передавать не следует! $user->password = ""; // Возвращаем объект
if (User::EmailExists($userEmail, $editUser->getUserName())) { $backLink = "/{$ADMIN}/users/edit.php?{$typeParam}&User="******"/{$ADMIN}/users/edit.php?{$typeParam}&User=" . $editUser->getUserId(); if ($userId == $g_user->getUserId()) { $oldPassword = Input::Get('oldPassword'); if (!$editUser->isValidPassword($oldPassword) && !$editUser->isValidOldPassword($oldPassword)) { camp_html_add_msg(getGS('The password you typed is incorrect.')); camp_html_goto_page($backLink); } } if (strlen($password) < 6 || $password != $passwordConf) { camp_html_add_msg(getGS('The password must be at least 6 characters long and both passwords should match.')); camp_html_goto_page($backLink); } $editUser->setPassword($password); $liveUserValues['passwd'] = $password; } $userData = array('Name', 'Title', 'Gender', 'Age', 'EMail', 'City', 'StrAddress', 'State', 'CountryCode', 'Phone', 'Fax', 'Contact', 'Phone2', 'PostalCode', 'Employer', 'EmployerType', 'Position'); // save user data foreach ($userData as $value) { $liveUserValues[$value] = Input::Get($value, 'string', null);
<?php $currentPassword = $_POST["currentPassword"]; $newPassword = $_POST["newPassword"]; $newPassword2 = $_POST["newPassword2"]; $user = User::findById($session->userID); $username = $user->username; if (User::authenticate($username, $currentPassword)) { $validPassword = User::isValidPassword($newPassword, $newPassword2); if ($validPassword) { $user->password = password_hash($newPassword, PASSWORD_BCRYPT); $user->save(); $session->setMessage("Password has been changed"); } } else { $session->setMessage("Current password is incorrect."); }