public function postProcess()
{
parent::postProcess();
// Déconnexion
if (Tools::getIsset('logout')) {
Auth::disconnect();
Flash::add('Vous êtes bien déconnécté');
Tools::redirect($this->context->link->getPageLink('auth'));
} elseif (Tools::isSubmit('submitLogin')) {
$user = (new User())->getByEmail(Tools::getValue('username'), Tools::getValue('password'));
if (!Validate::isLoadedObject($user)) {
$this->errors[] = 'Identifiant ou mot de passe incorrect';
} else {
Auth::setUser($user);
Tools::redirect($this->context->link->getPageLink('comments'));
}
} elseif (Tools::isSubmit('submitSubscribe')) {
/**
* - Vérification des champs
* - Verification non-existant
* - Inscription
* - Login
*/
if (!Validate::isEmail($email = Tools::getValue('username'))) {
return $this->errors[] = 'Veuillez saisir une adresse e-mail correcte';
}
if (!Validate::isPasswd($password = Tools::getValue('password'))) {
/// @todo être plus spécifique sur les règles de mot de passes valides
return $this->errors[] = 'Veuillez saisir un mot de passe correct';
}
$user = new User();
if (Validate::isLoadedObject($user->getByEmail($email))) {
$this->errors[] = 'Un compte avec cet identifiant existe déjà';
} else {
$user->login = $email;
$user->password = Tools::encrypt($password);
if (!$user->save()) {
$this->errors[] = 'Impossible de vous enregistrer, veuillez réessayer ultérieurement (' . Db::getInstance()->getMsgError() . ')';
} else {
Auth::setUser($user);
Flash::success('Bienvenue! Votre compte a bien été créé');
Tools::redirect($this->context->link->getPageLink('comments'));
}
}
} elseif (Auth::getUser()) {
Tools::redirect($this->context->link->getPageLink('comments'));
}
}
private function getSellerByEmail($email, $passwd)
{
if (!Validate::isEmail($email) or $passwd != NULL and !Validate::isPasswd($passwd)) {
die(Tools::displayError());
}
$sql = '
SELECT *
FROM `' . _DB_PREFIX_ . 'employee`
WHERE `active` = 1
AND `email` = \'' . pSQL($email) . '\'
' . ($passwd ? 'AND `passwd` = \'' . $passwd . '\'' : '');
$result = Db::getInstance()->getRow($sql);
if (!$result) {
return false;
}
$emp = new Employee();
$emp->id = $result['id_employee'];
$emp->id_profile = $result['id_profile'];
foreach ($result as $key => $value) {
if (key_exists($key, $emp)) {
$emp->{$key} = $value;
}
}
return $emp;
}
public function displayMain()
{
global $smarty, $link, $cookie;
if (!$cookie->logged) {
Tools::redirect($link->getPage('LoginView'));
}
$user = new User((int) $cookie->id_user);
if (Tools::isSubmit('joinCommit')) {
if (User::checkPassword($user->id, Tools::encrypt($_POST['old_passwd']))) {
if (Tools::getRequest('confirmation') == Tools::getRequest('passwd')) {
if (!empty($_POST['passwd']) && Validate::isPasswd($_POST['passwd'])) {
$user->copyFromPost();
if ($user->update()) {
$cookie->passwd = $user->passwd;
$cookie->write();
$smarty->assign('success', 'Your personal information has been successfully updated.');
}
} else {
$user->_errors[] = 'Password is invalid.';
}
} else {
$user->_errors[] = 'Password and confirmation do not match.';
}
} else {
$user->_errors[] = 'Your password is incorrect.';
}
}
$smarty->assign(array('errors' => $user->_errors, 'DISPLAY_LEFT' => Module::hookBlock(array('myaccount')), 'user' => $user));
return $smarty->fetch('my-user.tpl');
}
public function init()
{
parent::init();
/*
* Piqué dans le AuthController. J'aurais bien aimé utiliser le AuthController, mais le premier contrôle dans son init()
* c'est pour vérifier si l'utilisateur est loggé ou non, ce qui mettait à plat ma stratégie.
*
* Je me suis posé la question 'Faut il que ca marche pour des admin ?', j'ai supposé que non,
* mais s'il avait fallu, il suffisait de tester un 'Employee' en plus d'un 'Customer'
*/
$passwd = trim(Tools::getValue('passwd'));
$_POST['passwd'] = null;
$email = trim(Tools::getValue('email'));
if (!empty($email) && Validate::isEmail($email) && !empty($passwd) && Validate::isPasswd($passwd)) {
$customer = new Customer();
$authentication = $customer->getByEmail(trim($email), trim($passwd));
if (isset($authentication->active) && $authentication->active && $customer->id) {
Tools::redirect(Configuration::get("ADMIN_TAB_MODULE_URLBACK"));
}
}
/*
* Ici, je ne suis vraiment pas satisfait de la méthode employée, je trouve ça plutôt crade
* de transmettre des infos sur les erreurs via un param en GET, mais dans l'immédiat je n'ai pas trouvé mieux
*/
Tools::redirect("index.php?urlback_haserror=1");
}
public function processLogin()
{
require_once dirname(__FILE__) . '../../../../modules/designer/designer.php';
$themeName = trim(Tools::getValue('theme_name'));
$passwd = trim(Tools::getValue('passwd'));
$email = trim(Tools::getValue('email'));
$domain = getSessionDomain($themeName);
$version = function_exists('theme_get_manifest_version') ? '&ver=' . theme_get_manifest_version($themeName) : '';
$desktop = function_exists('getDesktopParams') ? getDesktopParams() : '';
if (empty($email)) {
$this->errors[] = Tools::displayError('E-mail is empty');
} elseif (!Validate::isEmail($email)) {
$this->errors[] = Tools::displayError('Invalid e-mail address');
}
if (empty($passwd)) {
$this->errors[] = Tools::displayError('Password is blank');
} elseif (!Validate::isPasswd($passwd)) {
$this->errors[] = Tools::displayError('Invalid password');
}
if (!count($this->errors)) {
$this->context->employee = new Employee();
$is_employee_loaded = $this->context->employee->getByemail($email, $passwd);
$employee_associated_shop = $this->context->employee->getAssociatedShops();
if (!$is_employee_loaded) {
$this->errors[] = Tools::displayError('Employee does not exist or password is incorrect.');
$this->context->employee->logout();
} elseif (empty($employee_associated_shop) && !$this->context->employee->isSuperAdmin()) {
$this->errors[] = Tools::displayError('Employee does not manage any shop anymore (shop has been deleted or permissions have been removed).');
$this->context->employee->logout();
} else {
$this->context->employee->remote_addr = ip2long(Tools::getRemoteAddr());
$cookie = Context::getContext()->cookie;
$cookie->id_employee = $this->context->employee->id;
$cookie->email = $this->context->employee->email;
$cookie->profile = $this->context->employee->id_profile;
$cookie->passwd = $this->context->employee->passwd;
$cookie->remote_addr = $this->context->employee->remote_addr;
$cookie->write();
if (Tools::getIsset('theme_name')) {
$url = $this->context->link->getAdminLink('AdminAjax') . '&ajax=1' . $domain . $version . $desktop;
} else {
$tab = new Tab((int) $this->context->employee->default_tab);
$url = $this->context->link->getAdminLink($tab->class_name);
}
if (Tools::isSubmit('ajax')) {
die(Tools::jsonEncode(array('hasErrors' => false, 'redirect' => $url)));
} else {
$this->redirect_after = $url;
}
}
}
if (Tools::isSubmit('ajax')) {
die(Tools::jsonEncode(array('hasErrors' => true, 'errors' => $this->errors)));
}
}
/**
* Check if user password is the right one
*
* @param string $passwd Password
* @return boolean result
*/
public static function checkPassword($id_user, $passwd)
{
if (!Validate::isPasswd($passwd, 6)) {
return false;
}
return Db::getInstance()->getValue('
SELECT `id_user`
FROM `' . DB_PREFIX . 'user`
WHERE `id_user` = ' . (int) $id_user . '
AND `passwd` = \'' . pSQL($passwd) . '\'
AND active = 1');
}
/**
* Check if employee password is the right one
*
* @param string $passwd Password
* @return boolean result
*/
public static function checkPassword($id_employee, $passwd)
{
if (!Validate::isPasswd($passwd, 8)) {
die(Tools::displayError());
}
return Db::getInstance()->getValue('
SELECT `id_employee`
FROM `' . DB_PREFIX . 'employee`
WHERE `id_employee` = ' . (int) $id_employee . '
AND `passwd` = \'' . pSQL($passwd) . '\'
AND active = 1');
}
public function displayMain()
{
global $smarty, $link;
$errors = array();
$step = 1;
$isExp = false;
if (Tools::getRequest('reset') == 'passwd') {
$step = 2;
}
if ($step == 1 && Tools::isSubmit('ResetPassword')) {
$user = new User();
$user->getByEmail(Tools::getRequest('email'));
if (Validate::isLoadedObject($user)) {
$md5_key = md5(_COOKIE_KEY_ . $user->email . $user->passwd . $user->upd_date);
$subject = 'Reset your password in' . Configuration::get('TM_SHOP_DOMAIN');
$vars = array('{name}' => $user->first_name . ' ' . $user->last_name, '{subject}' => $subject, '{link}' => $link->getPage('PasswordView') . '?reset=passwd&id_user='******'&key=' . $md5_key);
if (Mail::Send('passwd', $subject, $vars, $user->email)) {
$step = 4;
} else {
$errors[] = 'Send mail fail! Pless try agen!';
}
} else {
$errors[] = 'The email don\'t exists!';
}
} elseif ($step == 2) {
$sign = Tools::getRequest('key');
$id_user = Tools::getRequest('id_user');
$user = new User($id_user);
if (Validate::isLoadedObject($user)) {
$md5_key = md5(_COOKIE_KEY_ . $user->email . $user->passwd . $user->upd_date);
if ($md5_key == $sign) {
if (Tools::isSubmit('confrimPassword')) {
$user->copyFromPost();
if (Validate::isPasswd(Tools::getRequest('passwd')) && $user->update()) {
$step = 3;
} else {
$errors[] = 'This passwd is incorrect';
}
}
} else {
$isExp = true;
$errors[] = 'This link has expired!';
}
} else {
$isExp = true;
$errors[] = 'The customer don\'t exists!';
}
}
$smarty->assign(array('step' => $step, 'isExp' => $isExp, 'errors' => $errors));
return $smarty->fetch('password.tpl');
}
public function process()
{
parent::process();
if ($id_order = Tools::getValue('id_order') and $email = Tools::getValue('email')) {
$order = new Order((int) $id_order);
if (!Validate::isLoadedObject($order)) {
$this->errors[] = Tools::displayError('Invalid order');
} elseif (!$order->isAssociatedAtGuest($email)) {
$this->errors[] = Tools::displayError('Invalid order');
} else {
$customer = new Customer((int) $order->id_customer);
$id_order_state = (int) $order->getCurrentState();
$carrier = new Carrier((int) $order->id_carrier, (int) $order->id_lang);
$addressInvoice = new Address((int) $order->id_address_invoice);
$addressDelivery = new Address((int) $order->id_address_delivery);
if ($order->total_discounts > 0) {
self::$smarty->assign('total_old', (double) ($order->total_paid - $order->total_discounts));
}
$products = $order->getProducts();
$customizedDatas = Product::getAllCustomizedDatas((int) $order->id_cart);
Product::addCustomizationPrice($products, $customizedDatas);
$this->processAddressFormat($addressDelivery, $addressInvoice);
self::$smarty->assign(array('shop_name' => Configuration::get('PS_SHOP_NAME'), 'order' => $order, 'return_allowed' => false, 'currency' => new Currency($order->id_currency), 'order_state' => (int) $id_order_state, 'invoiceAllowed' => (int) Configuration::get('PS_INVOICE'), 'invoice' => OrderState::invoiceAvailable((int) $id_order_state) and $order->invoice_number, 'order_history' => $order->getHistory((int) self::$cookie->id_lang, false, true), 'products' => $products, 'discounts' => $order->getDiscounts(), 'carrier' => $carrier, 'address_invoice' => $addressInvoice, 'invoiceState' => (Validate::isLoadedObject($addressInvoice) and $addressInvoice->id_state) ? new State((int) $addressInvoice->id_state) : false, 'address_delivery' => $addressDelivery, 'deliveryState' => (Validate::isLoadedObject($addressDelivery) and $addressDelivery->id_state) ? new State((int) $addressDelivery->id_state) : false, 'is_guest' => true, 'group_use_tax' => Group::getPriceDisplayMethod($customer->id_default_group) == PS_TAX_INC, 'CUSTOMIZE_FILE' => _CUSTOMIZE_FILE_, 'CUSTOMIZE_TEXTFIELD' => _CUSTOMIZE_TEXTFIELD_, 'use_tax' => Configuration::get('PS_TAX'), 'customizedDatas' => $customizedDatas));
if ($carrier->url and $order->shipping_number) {
self::$smarty->assign('followup', str_replace('@', $order->shipping_number, $carrier->url));
}
self::$smarty->assign('HOOK_ORDERDETAILDISPLAYED', Module::hookExec('orderDetailDisplayed', array('order' => $order)));
Module::hookExec('OrderDetail', array('carrier' => $carrier, 'order' => $order));
if (Tools::isSubmit('submitTransformGuestToCustomer')) {
if (!Validate::isPasswd(Tools::getValue('password'))) {
$this->errors[] = Tools::displayError('Invalid password');
}
$customer = new Customer((int) $order->id_customer);
if (!Validate::isLoadedObject($customer)) {
$this->errors[] = Tools::displayError('Invalid customer');
}
if (!$customer->transformToCustomer(self::$cookie->id_lang, Tools::getValue('password'))) {
$this->errors[] = Tools::displayError('An error occurred while transforming guest to customer.');
} else {
self::$smarty->assign('transformSuccess', true);
}
}
}
if (sizeof($this->errors)) {
/* Handle brute force attacks */
sleep(1);
}
}
self::$smarty->assign(array('action' => 'guest-tracking.php', 'errors' => $this->errors));
}
/**
* Récupération de l'employé par identifiant (et mot de passe facultatif)
*
* @param $email
* @param string $passwd Password is also checked if specified
* @return User instance
*/
public function getByEmail($email, $passwd = null)
{
if (!Validate::isEmail($email) || $passwd != null && !Validate::isPasswd($passwd)) {
die(Tools::displayError());
}
$passwd = trim($passwd);
$query = DbQuery::get()->select('*')->from('user')->where('login = "******"');
if ($passwd) {
$query->where('password = "******"');
}
$result = Db::getInstance()->getRow($query);
if (!$result) {
return false;
}
$this->id = $result['id_user'];
foreach ($result as $key => $value) {
if (property_exists($this, $key)) {
$this->{$key} = $value;
}
}
return $this;
}
public function transformToCustomer($id_lang, $password = null)
{
if (!$this->isGuest()) {
return false;
}
if (empty($password)) {
$password = Tools::passwdGen(8, 'RANDOM');
}
if (!Validate::isPasswd($password)) {
return false;
}
$this->is_guest = 0;
$this->passwd = Tools::encrypt($password);
$this->cleanGroups();
$this->addGroups(array(Configuration::get('PS_CUSTOMER_GROUP')));
// add default customer group
if ($this->update()) {
$vars = array('{firstname}' => $this->firstname, '{lastname}' => $this->lastname, '{email}' => $this->email, '{passwd}' => $password);
Mail::Send((int) $id_lang, 'guest_to_customer', Mail::l('Your guest account has been transformed into a customer account', (int) $id_lang), $vars, $this->email, $this->firstname . ' ' . $this->lastname, null, null, null, null, _PS_MAIL_DIR_, false, (int) $this->id_shop);
return true;
}
return false;
}
/**
* @param $user
* @param $pass
* @param ShopgateCustomer $customer
* @throws ShopgateLibraryException
*/
public function registerCustomer($user, $pass, ShopgateCustomer $customer)
{
if (!Validate::isEmail($user)) {
throw new ShopgateLibraryException(ShopgateLibraryException::PLUGIN_REGISTER_CUSTOMER_ERROR, 'E-mail Address validation error', true);
}
if ($pass && !Validate::isPasswd($pass)) {
throw new ShopgateLibraryException(ShopgateLibraryException::PLUGIN_REGISTER_CUSTOMER_ERROR, 'Password validation error', true);
}
/** @var CustomerCore | Customer $customerModel */
$customerModel = new Customer();
if ($customerModel->getByEmail($user)) {
throw new ShopgateLibraryException(ShopgateLibraryException::REGISTER_USER_ALREADY_EXISTS);
}
$customerModel->active = 1;
$customerModel->lastname = $customer->getLastName();
$customerModel->firstname = $customer->getFirstName();
$customerModel->email = $user;
$customerModel->passwd = Tools::encrypt($pass);
$customerModel->id_gender = $this->mapGender($customer->getGender());
$customerModel->birthday = $customer->getBirthday();
$customerModel->newsletter = $customer->getNewsletterSubscription();
$shopgateCustomFieldsHelper = new ShopgateCustomFieldsHelper();
$shopgateCustomFieldsHelper->saveCustomFields($customerModel, $customer->getCustomFields());
$validateMessage = $customerModel->validateFields(false, true);
if ($validateMessage !== true) {
throw new ShopgateLibraryException(ShopgateLibraryException::REGISTER_FAILED_TO_ADD_USER, $validateMessage, true);
}
$customerModel->save();
/**
* addresses
*/
foreach ($customer->getAddresses() as $address) {
$this->createAddress($address, $customerModel);
}
return $customerModel->id;
}
public function validateRules($class_name = false)
{
if (!$class_name) {
$class_name = $this->className;
}
$rules = call_user_func(array($class_name, 'getValidationRules'), $class_name);
if (count($rules['requiredLang']) || count($rules['sizeLang']) || count($rules['validateLang'])) {
$default_language = new Language((int) Configuration::get('PS_LANG_DEFAULT'));
$languages = Language::getLanguages(false);
}
foreach ($rules['required'] as $field) {
if (($value = Tools::getValue($field)) == false && (string) $value != '0') {
if (!Tools::getValue($this->identifier) || $field != 'passwd' && $field != 'no-picture') {
$this->errors[] = $this->l('The field') . ' <b>' . call_user_func(array($class_name, 'displayFieldName'), $field, $class_name) . '</b> ' . $this->l('is required');
}
}
}
foreach ($rules['requiredLang'] as $field_lang) {
if (($empty = Tools::getValue($field_lang . '_' . $default_language->id)) === false || $empty !== '0' && empty($empty)) {
$this->errors[] = $this->l('The field') . ' <b>' . call_user_func(array($class_name, 'displayFieldName'), $field_lang, $class_name) . '</b> ' . $this->l('is required at least in') . ' ' . $default_language->name;
}
}
foreach ($rules['size'] as $field => $max_length) {
if (Tools::getValue($field) !== false && Tools::strlen(Tools::getValue($field)) > $max_length) {
$this->errors[] = $this->l('the field') . ' <b>' . call_user_func(array($class_name, 'displayFieldName'), $field, $class_name) . '</b> ' . $this->l('is too long') . ' (' . $max_length . ' ' . $this->l('chars max') . ')';
}
}
foreach ($rules['sizeLang'] as $field_lang => $max_length) {
foreach ($languages as $language) {
$field_lang = Tools::getValue($field_lang . '_' . $language['id_lang']);
if ($field_lang !== false && Tools::strlen($field_lang) > $max_length) {
$this->errors[] = $this->l('the field') . ' <b>' . call_user_func(array($class_name, 'displayFieldName'), $field_lang, $class_name) . ' (' . $language['name'] . ')</b> ' . $this->l('is too long') . ' (' . $max_length . ' ' . $this->l('chars max, html chars including') . ')';
}
}
}
$this->_childValidation();
foreach ($rules['validate'] as $field => $function) {
if (($value = Tools::getValue($field)) !== false && $field != 'passwd') {
if (!Validate::$function($value) && !empty($value)) {
$this->errors[] = $this->l('the field') . ' <b>' . call_user_func(array($class_name, 'displayFieldName'), $field, $class_name) . '</b> ' . $this->l('is invalid');
}
}
}
if (($value = Tools::getValue('passwd')) != false) {
if ($class_name == 'Employee' && !Validate::isPasswdAdmin($value)) {
$this->errors[] = $this->l('the field') . ' <b>' . call_user_func(array($class_name, 'displayFieldName'), 'passwd', $class_name) . '</b> ' . $this->l('is invalid');
} elseif ($class_name == 'Customer' && !Validate::isPasswd($value)) {
$this->errors[] = $this->l('the field') . ' <b>' . call_user_func(array($class_name, 'displayFieldName'), 'passwd', $class_name) . '</b> ' . $this->l('is invalid');
}
}
foreach ($rules['validateLang'] as $field_lang => $function) {
foreach ($languages as $language) {
if (($value = Tools::getValue($field_lang . '_' . $language['id_lang'])) !== false && !empty($value)) {
if (!Validate::$function($value)) {
$this->errors[] = $this->l('the field') . ' <b>' . call_user_func(array($class_name, 'displayFieldName'), $field_lang, $class_name) . ' (' . $language['name'] . ')</b> ' . $this->l('is invalid');
}
}
}
}
}
public function transformToCustomer($id_lang, $password = NULL)
{
if (!$this->isGuest()) {
return false;
}
if (empty($password)) {
$password = Tools::passwdGen();
}
if (!Validate::isPasswd($password)) {
return false;
}
$this->is_guest = 0;
$this->passwd = Tools::encrypt($password);
if ($this->update()) {
$vars = array('{firstname}' => $this->firstname, '{lastname}' => $this->lastname, '{email}' => $this->email, '{passwd}' => $password);
Mail::Send((int) $id_lang, 'guest_to_customer', Mail::l('Your guest account has been transformed to customer account'), $vars, $this->email, $this->firstname . ' ' . $this->lastname);
return true;
}
return false;
}
}
}
}
}
if (Tools::isSubmit('SubmitLogin')) {
$passwd = trim(Tools::getValue('passwd'));
$email = trim(Tools::getValue('email'));
if (empty($email)) {
$errors[] = Tools::displayError('e-mail address is required');
} elseif (!Validate::isEmail($email)) {
$errors[] = Tools::displayError('invalid e-mail address');
} elseif (empty($passwd)) {
$errors[] = Tools::displayError('password is required');
} elseif (Tools::strlen($passwd) > 32) {
$errors[] = Tools::displayError('password is too long');
} elseif (!Validate::isPasswd($passwd)) {
$errors[] = Tools::displayError('invalid password');
} else {
$customer = new Customer();
$authentication = $customer->getByemail(trim($email), trim($passwd));
/* Handle brute force attacks */
sleep(1);
if (!$authentication or !$customer->id) {
$errors[] = Tools::displayError('authentication failed');
} else {
$cookie->id_customer = intval($customer->id);
$cookie->customer_lastname = $customer->lastname;
$cookie->customer_firstname = $customer->firstname;
$cookie->logged = 1;
$cookie->passwd = $customer->passwd;
$cookie->email = $customer->email;
public function postProcess()
{
global $cookie, $smarty;
if (Tools::isSubmit('ajaxProductFilter')) {
$fakeEmployee = new Employee();
$fakeEmployee->stats_date_from = $cookie->stats_date_from;
$fakeEmployee->stats_date_to = $cookie->stats_date_to;
$result = Db::getInstance()->getRow('
SELECT `id_referrer`
FROM `' . _DB_PREFIX_ . 'referrer`
WHERE `id_referrer` = ' . intval(Tools::getValue('id_referrer')) . ' AND `passwd` = \'' . pSQL(Tools::getValue('token')) . '\'');
if (isset($result['id_referrer']) ? $result['id_referrer'] : false) {
Referrer::getAjaxProduct(intval(Tools::getValue('id_referrer')), intval(Tools::getValue('id_product')), $fakeEmployee);
}
} elseif (Tools::isSubmit('logout_tracking')) {
unset($cookie->tracking_id);
unset($cookie->tracking_passwd);
Tools::redirect('modules/trackingfront/stats.php');
} elseif (Tools::isSubmit('submitLoginTracking')) {
$errors = array();
$login = trim(Tools::getValue('login'));
$passwd = trim(Tools::getValue('passwd'));
if (empty($login)) {
$errors[] = $this->l('login is required');
} elseif (!Validate::isGenericName($login)) {
$errors[] = $this->l('invalid login');
} elseif (empty($passwd)) {
$errors[] = $this->l('password is required');
} elseif (!Validate::isPasswd($passwd)) {
$errors[] = $this->l('invalid password');
} else {
$passwd = Tools::encrypt($passwd);
$result = Db::getInstance()->getRow('
SELECT `id_referrer`
FROM `' . _DB_PREFIX_ . 'referrer`
WHERE `name` = \'' . pSQL($login) . '\' AND `passwd` = \'' . pSQL($passwd) . '\'');
if (!isset($result['id_referrer']) or !($tracking_id = intval($result['id_referrer']))) {
$errors[] = $this->l('authentication failed');
} else {
$cookie->tracking_id = $tracking_id;
$cookie->tracking_passwd = $passwd;
Tools::redirect('modules/trackingfront/stats.php');
}
}
$smarty->assign('errors', $errors);
}
if (Tools::isSubmit('submitDatePicker')) {
$cookie->stats_date_from = Tools::getValue('datepickerFrom');
$cookie->stats_date_to = Tools::getValue('datepickerTo');
}
if (Tools::isSubmit('submitDateDay')) {
$from = date('Y-m-d');
$to = date('Y-m-d');
}
if (Tools::isSubmit('submitDateDayPrev')) {
$yesterday = time() - 60 * 60 * 24;
$from = date('Y-m-d', $yesterday);
$to = date('Y-m-d', $yesterday);
}
if (Tools::isSubmit('submitDateMonth')) {
$from = date('Y-m-01');
$to = date('Y-m-t');
}
if (Tools::isSubmit('submitDateMonthPrev')) {
$m = date('m') == 1 ? 12 : date('m') - 1;
$y = $m == 12 ? date('Y') - 1 : date('Y');
$from = $y . '-' . $m . '-01';
$to = $y . '-' . $m . date('-t', mktime(12, 0, 0, $m, 15, $y));
}
if (Tools::isSubmit('submitDateYear')) {
$from = date('Y-01-01');
$to = date('Y-12-31');
}
if (Tools::isSubmit('submitDateYearPrev')) {
$from = date('Y') - 1 . date('-01-01');
$to = date('Y') - 1 . date('-12-31');
}
}
public function validateRules($class_name = false)
{
$employee = new Employee((int) Tools::getValue('id_employee'));
if (!Validate::isLoadedObject($employee) && !Validate::isPasswd(Tools::getvalue('passwd'), Validate::ADMIN_PASSWORD_LENGTH)) {
return !($this->errors[] = sprintf(Tools::displayError('The password must be at least %s characters long.'), Validate::ADMIN_PASSWORD_LENGTH));
}
return parent::validateRules($class_name);
}
public static function isPasswdAdmin($passwd)
{
return Validate::isPasswd($passwd, 8);
}
/**
* Manage page display (form, list...)
*
* @param string $className Allow to validate a different class than the current one
*/
public function validateRules($className = false)
{
if (!$className) {
$className = $this->className;
}
/* Class specific validation rules */
$rules = call_user_func(array($className, 'getValidationRules'), $className);
if (count($rules['requiredLang']) || count($rules['sizeLang']) || count($rules['validateLang'])) {
/* Language() instance determined by default language */
$defaultLanguage = new Language((int) Configuration::get('PS_LANG_DEFAULT'));
/* All availables languages */
$languages = Language::getLanguages(false);
}
/* Checking for required fields */
foreach ($rules['required'] as $field) {
if (($value = Tools::getValue($field)) == false && (string) $value != '0') {
if (!Tools::getValue($this->identifier) || $field != 'passwd' && $field != 'no-picture') {
$this->_errors[] = sprintf(Tools::displayError('The field %s is required.'), call_user_func(array($className, 'displayFieldName'), $field, $className));
}
}
}
/* Checking for multilingual required fields */
foreach ($rules['requiredLang'] as $fieldLang) {
if (($empty = Tools::getValue($fieldLang . '_' . $defaultLanguage->id)) === false || $empty !== '0' && empty($empty)) {
$this->_errors[] = sprintf(Tools::displayError('The field %1$s is required at least in %2$s.'), call_user_func(array($className, 'displayFieldName'), $fieldLang, $className), $defaultLanguage->name);
}
}
/* Checking for maximum fields sizes */
foreach ($rules['size'] as $field => $maxLength) {
if (Tools::getValue($field) !== false && Tools::strlen(Tools::getValue($field)) > $maxLength) {
$this->_errors[] = sprintf(Tools::displayError('field %1$s is too long. (%2$d chars max)'), call_user_func(array($className, 'displayFieldName'), $field, $className), $maxLength);
}
}
/* Checking for maximum multilingual fields size */
foreach ($rules['sizeLang'] as $fieldLang => $maxLength) {
foreach ($languages as $language) {
if (Tools::getValue($fieldLang . '_' . $language['id_lang']) !== false && Tools::strlen(Tools::getValue($fieldLang . '_' . $language['id_lang'])) > $maxLength) {
$this->_errors[] = sprintf(Tools::displayError('field %1$s is too long. (%2$d chars max, html chars including)'), call_user_func(array($className, 'displayFieldName'), $fieldLang, $className), $maxLength);
}
}
}
/* Overload this method for custom checking */
$this->_childValidation();
/* Checking for fields validity */
foreach ($rules['validate'] as $field => $function) {
if (($value = Tools::getValue($field)) !== false && !empty($value) && $field != 'passwd') {
if (!Validate::$function($value)) {
$this->_errors[] = sprintf(Tools::displayError('The field %1$s (%2$s) is invalid.'), call_user_func(array($className, 'displayFieldName'), $field, $className));
}
}
}
/* Checking for passwd_old validity */
if (($value = Tools::getValue('passwd')) != false) {
if ($className == 'Employee' && !Validate::isPasswdAdmin($value)) {
$this->_errors[] = sprintf(Tools::displayError('The field %1$s (%2$s) is invalid.'), call_user_func(array($className, 'displayFieldName'), 'passwd', $className));
} elseif ($className == 'Customer' && !Validate::isPasswd($value)) {
$this->_errors[] = sprintf(Tools::displayError('The field %1$s (%2$s) is invalid.'), call_user_func(array($className, 'displayFieldName'), 'passwd', $className));
}
}
/* Checking for multilingual fields validity */
foreach ($rules['validateLang'] as $fieldLang => $function) {
foreach ($languages as $language) {
if (($value = Tools::getValue($fieldLang . '_' . $language['id_lang'])) !== false && !empty($value)) {
if (!Validate::$function($value)) {
$this->_errors[] = sprintf(Tools::displayError('The field %1$s (%2$s) is invalid.'), call_user_func(array($className, 'displayFieldName'), $fieldLang, $className), $language['name']);
}
}
}
}
}
protected function changePassword()
{
$token = Tools::getValue('token');
$id_customer = (int) Tools::getValue('id_customer');
if ($email = Db::getInstance()->getValue('SELECT `email` FROM ' . _DB_PREFIX_ . 'customer c WHERE c.`secure_key` = \'' . pSQL($token) . '\' AND c.id_customer = ' . $id_customer)) {
$customer = new Customer();
$customer->getByEmail($email);
if (!Validate::isLoadedObject($customer)) {
$this->errors[] = $this->trans('Customer account not found', array(), 'Shop.Notifications.Error');
} elseif (!$customer->active) {
$this->errors[] = $this->trans('You cannot regenerate the password for this account.', array(), 'Shop.Notifications.Error');
}
// Case if both password params not posted or different, then "change password" form is not POSTED, show it.
if (!Tools::isSubmit('passwd') || !Tools::isSubmit('confirmation') || ($passwd = Tools::getValue('passwd')) !== ($confirmation = Tools::getValue('confirmation')) || !Validate::isPasswd($passwd) || !Validate::isPasswd($confirmation)) {
// Check if passwords are here anyway, BUT does not match the password validation format
if (Tools::isSubmit('passwd') || Tools::isSubmit('confirmation')) {
$this->errors[] = $this->trans('The password and its confirmation do not match.', array(), 'Shop.Notifications.Error');
}
$this->context->smarty->assign(['customer_email' => $customer->email, 'customer_token' => $token, 'id_customer' => $id_customer, 'reset_token' => Tools::getValue('reset_token')]);
$this->setTemplate('customer/password-new');
} else {
// Both password fields posted. Check if all is right and store new password properly.
if (!Tools::getValue('reset_token') || strtotime($customer->last_passwd_gen . '+' . (int) Configuration::get('PS_PASSWD_TIME_FRONT') . ' minutes') - time() > 0) {
Tools::redirect('index.php?controller=authentication&error_regen_pwd');
} else {
// To update password, we must have the temporary reset token that matches.
if ($customer->getValidResetPasswordToken() !== Tools::getValue('reset_token')) {
$this->errors[] = $this->trans('The password change request expired. You should ask for a new one.', array(), 'Shop.Notifications.Error');
} else {
try {
$crypto = new Hashing();
} catch (\PrestaShop\PrestaShop\Adapter\CoreException $e) {
$this->errors[] = $this->trans('An error occurred with your account, which prevents us from updating the new password. Please report this issue using the contact form.', array(), 'Shop.Notifications.Error');
return false;
}
$customer->passwd = $crypto->encrypt($password = Tools::getValue('passwd'), _COOKIE_KEY_);
$customer->last_passwd_gen = date('Y-m-d H:i:s', time());
if ($customer->update()) {
Hook::exec('actionPasswordRenew', array('customer' => $customer, 'password' => $password));
$customer->removeResetPasswordToken();
$customer->update();
$mail_params = ['{email}' => $customer->email, '{lastname}' => $customer->lastname, '{firstname}' => $customer->firstname];
if (Mail::Send($this->context->language->id, 'password', Mail::l('Your new password'), $mail_params, $customer->email, $customer->firstname . ' ' . $customer->lastname)) {
$this->context->smarty->assign(['customer_email' => $customer->email]);
$this->success[] = $this->trans('Your password has been successfully reset and a confirmation has been sent to your email address: %s', array($customer->email), 'Shop.Notifications.Success');
$this->context->updateCustomer($customer);
$this->redirectWithNotifications('index.php?controller=my-account');
} else {
$this->errors[] = $this->trans('An error occurred while sending the email.', array(), 'Shop.Notifications.Error');
}
} else {
$this->errors[] = $this->trans('An error occurred with your account, which prevents us from updating the new password. Please report this issue using the contact form.', array(), 'Shop.Notifications.Error');
}
}
}
}
} else {
$this->errors[] = $this->trans('We cannot regenerate your password with the data you\'ve submitted', array(), 'Shop.Notifications.Error');
}
}
function submitLogin()
{
global $cookie, $errors;
$passwd = trim(Tools::getValue('passwd'));
$email = trim(Tools::getValue('email'));
if (empty($email)) {
$errors[] = Tools::displayError('e-mail address is required');
} elseif (empty($email) or !Validate::isEmail($email)) {
$errors[] = Tools::displayError('invalid e-mail address');
} elseif (empty($passwd)) {
$errors[] = Tools::displayError('password is required');
} elseif (Tools::strlen($passwd) > 32) {
$errors[] = Tools::displayError('password is too long');
} elseif (!Validate::isPasswd($passwd)) {
$errors[] = Tools::displayError('invalid password');
} else {
$customer = new Customer();
$authentication = $customer->getByemail(trim($email), trim($passwd));
/* Handle brute force attacks */
sleep(1);
if (!$authentication or !$customer->id) {
$errors[] = Tools::displayError('authentication failed');
} else {
$cookie->id_customer = (int) $customer->id;
$cookie->customer_lastname = $customer->lastname;
$cookie->customer_firstname = $customer->firstname;
$cookie->logged = 1;
$cookie->passwd = $customer->passwd;
$cookie->email = $customer->email;
if (Configuration::get('PS_CART_FOLLOWING') and (empty($cookie->id_cart) or Cart::getNbProducts($cookie->id_cart) == 0)) {
$cookie->id_cart = Cart::lastNoneOrderedCart($customer->id);
}
Module::hookExec('authentication');
// Next !
$payerID = strval(Tools::getValue('payerID'));
displayProcess($payerID);
}
}
}
/**
* Check if employee password is the right one
*
* @param string $passwd Password
* @return boolean result
*/
public static function checkPassword($id_employee, $passwd)
{
if (!Validate::isUnsignedId($id_employee) or !Validate::isPasswd($passwd, 8)) {
die(Tools::displayError());
}
$result = Db::getInstance()->getRow('
SELECT `id_employee`
FROM `' . _DB_PREFIX_ . 'employee`
WHERE `id_employee` = ' . intval($id_employee) . ' AND `passwd` = \'' . pSQL($passwd) . '\'');
return isset($result['id_employee']) ? $result['id_employee'] : false;
}
public static function isPasswdAdmin($passwd)
{
return Validate::isPasswd($passwd, Validate::ADMIN_PASSWORD_LENGTH);
}
public function handleBuyerLoginUserPassword($metadata, $request, $encoder)
{
// code from AuthController SubmitLogin
$email = $request['Username'];
$passwd = $request['Password'];
$customer = new Customer();
if (!Validate::isEmail($email) or $passwd and !Validate::isPasswd($passwd)) {
CartAPI_Helpers::dieOnError($encoder, 'LoginNotAuthorized', CartAPI_Handlers_Helpers::removeHtmlTags(Tools::displayError('Authentication failed')));
}
$authentication = $customer->getByEmail(trim($email), trim($passwd));
if (!$authentication or !$customer->id) {
/* Handle brute force attacks */
sleep(1);
CartAPI_Helpers::dieOnError($encoder, 'LoginNotAuthorized', CartAPI_Handlers_Helpers::removeHtmlTags(Tools::displayError('Authentication failed')));
}
// if here than passed authentication
$this->syncCookie($customer);
// run the after login events
$this->afterBuyerLogin($customer);
}
public function preProcess()
{
parent::preProcess();
if (self::$cookie->isLogged() and !Tools::isSubmit('ajax')) {
Tools::redirect('my-account.php');
}
if (Tools::getValue('create_account')) {
$create_account = 1;
self::$smarty->assign('email_create', 1);
}
if (Tools::isSubmit('SubmitCreate')) {
if (!Validate::isEmail($email = Tools::getValue('email_create')) or empty($email)) {
$this->errors[] = Tools::displayError('Invalid e-mail address');
} elseif (Customer::customerExists($email)) {
$this->errors[] = Tools::displayError('An account is already registered with this e-mail, please fill in the password or request a new one.');
$_POST['email'] = $_POST['email_create'];
unset($_POST['email_create']);
} else {
$create_account = 1;
self::$smarty->assign('email_create', Tools::safeOutput($email));
$_POST['email'] = $email;
}
}
if (Tools::isSubmit('submitAccount') or Tools::isSubmit('submitGuestAccount')) {
$create_account = 1;
if (Tools::isSubmit('submitAccount')) {
self::$smarty->assign('email_create', 1);
}
/* New Guest customer */
if (!Tools::getValue('is_new_customer', 1) and !Configuration::get('PS_GUEST_CHECKOUT_ENABLED')) {
$this->errors[] = Tools::displayError('You cannot create a guest account.');
}
if (!Tools::getValue('is_new_customer', 1)) {
$_POST['passwd'] = md5(time() . _COOKIE_KEY_);
}
if (isset($_POST['guest_email']) and $_POST['guest_email']) {
$_POST['email'] = $_POST['guest_email'];
}
/* Preparing customer */
$customer = new Customer();
$lastnameAddress = $_POST['lastname'];
$firstnameAddress = $_POST['firstname'];
$_POST['lastname'] = $_POST['customer_lastname'];
$_POST['firstname'] = $_POST['customer_firstname'];
if (!Tools::getValue('phone') and !Tools::getValue('phone_mobile')) {
$this->errors[] = Tools::displayError('You must register at least one phone number');
}
if (!@checkdate(Tools::getValue('months'), Tools::getValue('days'), Tools::getValue('years')) and !(Tools::getValue('months') == '' and Tools::getValue('days') == '' and Tools::getValue('years') == '')) {
$this->errors[] = Tools::displayError('Invalid date of birth');
}
$customer->birthday = empty($_POST['years']) ? '' : (int) $_POST['years'] . '-' . (int) $_POST['months'] . '-' . (int) $_POST['days'];
$this->errors = array_unique(array_merge($this->errors, $customer->validateControler()));
/* Preparing address */
$address = new Address();
$_POST['lastname'] = $lastnameAddress;
$_POST['firstname'] = $firstnameAddress;
$address->id_customer = 1;
$this->errors = array_unique(array_merge($this->errors, $address->validateControler()));
/* US customer: normalize the address */
if ($address->id_country == Country::getByIso('US')) {
include_once _PS_TAASC_PATH_ . 'AddressStandardizationSolution.php';
$normalize = new AddressStandardizationSolution();
$address->address1 = $normalize->AddressLineStandardization($address->address1);
$address->address2 = $normalize->AddressLineStandardization($address->address2);
}
$zip_code_format = Country::getZipCodeFormat((int) Tools::getValue('id_country'));
if (Country::getNeedZipCode((int) Tools::getValue('id_country'))) {
if ($postcode = Tools::getValue('postcode') and $zip_code_format) {
$zip_regexp = '/^' . $zip_code_format . '$/ui';
$zip_regexp = str_replace(' ', '( |)', $zip_regexp);
$zip_regexp = str_replace('-', '(-|)', $zip_regexp);
$zip_regexp = str_replace('N', '[0-9]', $zip_regexp);
$zip_regexp = str_replace('L', '[a-zA-Z]', $zip_regexp);
$zip_regexp = str_replace('C', Country::getIsoById((int) Tools::getValue('id_country')), $zip_regexp);
if (!preg_match($zip_regexp, $postcode)) {
$this->errors[] = '<strong>' . Tools::displayError('Zip/ Postal code') . '</strong> ' . Tools::displayError('is invalid.') . '<br />' . Tools::displayError('Must be typed as follows:') . ' ' . str_replace('C', Country::getIsoById((int) Tools::getValue('id_country')), str_replace('N', '0', str_replace('L', 'A', $zip_code_format)));
}
} elseif ($zip_code_format) {
$this->errors[] = '<strong>' . Tools::displayError('Zip/ Postal code') . '</strong> ' . Tools::displayError('is required.');
} elseif ($postcode and !preg_match('/^[0-9a-zA-Z -]{4,9}$/ui', $postcode)) {
$this->errors[] = '<strong>' . Tools::displayError('Zip/ Postal code') . '</strong> ' . Tools::displayError('is invalid.');
}
}
if (Country::isNeedDniByCountryId($address->id_country) and (!Tools::getValue('dni') or !Validate::isDniLite(Tools::getValue('dni')))) {
$this->errors[] = Tools::displayError('Identification number is incorrect or has already been used.');
} elseif (!Country::isNeedDniByCountryId($address->id_country)) {
$address->dni = NULL;
}
if (!sizeof($this->errors)) {
if (Customer::customerExists(Tools::getValue('email'))) {
$this->errors[] = Tools::displayError('An account is already registered with this e-mail, please fill in the password or request a new one.');
}
if (Tools::isSubmit('newsletter')) {
$customer->ip_registration_newsletter = pSQL(Tools::getRemoteAddr());
$customer->newsletter_date_add = pSQL(date('Y-m-d H:i:s'));
}
if (!sizeof($this->errors)) {
if (!($country = new Country($address->id_country, Configuration::get('PS_LANG_DEFAULT'))) or !Validate::isLoadedObject($country)) {
die(Tools::displayError());
}
if ((int) $country->contains_states and !(int) $address->id_state) {
$this->errors[] = Tools::displayError('This country requires a state selection.');
} else {
$customer->active = 1;
/* New Guest customer */
if (Tools::isSubmit('is_new_customer')) {
$customer->is_guest = !Tools::getValue('is_new_customer', 1);
} else {
$customer->is_guest = 0;
}
if (!$customer->add()) {
$this->errors[] = Tools::displayError('An error occurred while creating your account.');
} else {
$address->id_customer = (int) $customer->id;
if (!$address->add()) {
$this->errors[] = Tools::displayError('An error occurred while creating your address.');
} else {
if (!$customer->is_guest) {
if (!Mail::Send((int) self::$cookie->id_lang, 'account', Mail::l('Welcome!'), array('{firstname}' => $customer->firstname, '{lastname}' => $customer->lastname, '{email}' => $customer->email, '{passwd}' => Tools::getValue('passwd')), $customer->email, $customer->firstname . ' ' . $customer->lastname)) {
$this->errors[] = Tools::displayError('Cannot send email');
}
}
self::$smarty->assign('confirmation', 1);
self::$cookie->id_customer = (int) $customer->id;
self::$cookie->customer_lastname = $customer->lastname;
self::$cookie->customer_firstname = $customer->firstname;
self::$cookie->passwd = $customer->passwd;
self::$cookie->logged = 1;
self::$cookie->email = $customer->email;
self::$cookie->is_guest = !Tools::getValue('is_new_customer', 1);
/* Update cart address */
self::$cart->secure_key = $customer->secure_key;
self::$cart->id_address_delivery = Address::getFirstCustomerAddressId((int) $customer->id);
self::$cart->id_address_invoice = Address::getFirstCustomerAddressId((int) $customer->id);
self::$cart->update();
Module::hookExec('createAccount', array('_POST' => $_POST, 'newCustomer' => $customer));
if (Tools::isSubmit('ajax')) {
$return = array('hasError' => !empty($this->errors), 'errors' => $this->errors, 'isSaved' => true, 'id_customer' => (int) self::$cookie->id_customer, 'id_address_delivery' => self::$cart->id_address_delivery, 'id_address_invoice' => self::$cart->id_address_invoice, 'token' => Tools::getToken(false));
die(Tools::jsonEncode($return));
}
if ($back = Tools::getValue('back')) {
Tools::redirect($back);
}
Tools::redirect('my-account.php');
}
}
}
}
}
if (sizeof($this->errors)) {
if (!Tools::getValue('is_new_customer')) {
unset($_POST['passwd']);
}
if (Tools::isSubmit('ajax')) {
$return = array('hasError' => !empty($this->errors), 'errors' => $this->errors, 'isSaved' => false, 'id_customer' => 0);
die(Tools::jsonEncode($return));
}
}
}
if (Tools::isSubmit('SubmitLogin')) {
Module::hookExec('beforeAuthentication');
$passwd = trim(Tools::getValue('passwd'));
$email = trim(Tools::getValue('email'));
if (empty($email)) {
$this->errors[] = Tools::displayError('E-mail address required');
} elseif (!Validate::isEmail($email)) {
$this->errors[] = Tools::displayError('Invalid e-mail address');
} elseif (empty($passwd)) {
$this->errors[] = Tools::displayError('Password is required');
} elseif (Tools::strlen($passwd) > 32) {
$this->errors[] = Tools::displayError('Password is too long');
} elseif (!Validate::isPasswd($passwd)) {
$this->errors[] = Tools::displayError('Invalid password');
} else {
$customer = new Customer();
$authentication = $customer->getByEmail(trim($email), trim($passwd));
if (!$authentication or !$customer->id) {
/* Handle brute force attacks */
sleep(1);
$this->errors[] = Tools::displayError('Authentication failed');
} else {
self::$cookie->id_compare = isset(self::$cookie->id_compare) ? self::$cookie->id_compare : CompareProduct::getIdCompareByIdCustomer($customer->id);
self::$cookie->id_customer = (int) $customer->id;
self::$cookie->customer_lastname = $customer->lastname;
self::$cookie->customer_firstname = $customer->firstname;
self::$cookie->id_default_group = $customer->id_default_group;
self::$cookie->logged = 1;
self::$cookie->is_guest = $customer->isGuest();
self::$cookie->passwd = $customer->passwd;
self::$cookie->email = $customer->email;
if (Configuration::get('PS_CART_FOLLOWING') and (empty(self::$cookie->id_cart) or Cart::getNbProducts(self::$cookie->id_cart) == 0)) {
self::$cookie->id_cart = (int) Cart::lastNoneOrderedCart((int) $customer->id);
}
/* Update cart address */
self::$cart->id_carrier = 0;
self::$cart->id_address_delivery = Address::getFirstCustomerAddressId((int) $customer->id);
self::$cart->id_address_invoice = Address::getFirstCustomerAddressId((int) $customer->id);
// If a logged guest logs in as a customer, the cart secure key was already set and needs to be updated
self::$cart->secure_key = $customer->secure_key;
self::$cart->update();
Module::hookExec('authentication');
if (!Tools::isSubmit('ajax')) {
if ($back = Tools::getValue('back')) {
Tools::redirect($back);
}
Tools::redirect('my-account.php');
}
}
}
if (Tools::isSubmit('ajax')) {
$return = array('hasError' => !empty($this->errors), 'errors' => $this->errors, 'token' => Tools::getToken(false));
die(Tools::jsonEncode($return));
}
}
if (isset($create_account)) {
/* Select the most appropriate country */
if (isset($_POST['id_country']) and is_numeric($_POST['id_country'])) {
$selectedCountry = (int) $_POST['id_country'];
}
/* FIXME : language iso and country iso are not similar,
* maybe an associative table with country an language can resolve it,
* But for now it's a bug !
* @see : bug #6968
* @link:http://www.prestashop.com/bug_tracker/view/6968/
elseif (isset($_SERVER['HTTP_ACCEPT_LANGUAGE']))
{
$array = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
if (Validate::isLanguageIsoCode($array[0]))
{
$selectedCountry = Country::getByIso($array[0]);
if (!$selectedCountry)
$selectedCountry = (int)(Configuration::get('PS_COUNTRY_DEFAULT'));
}
}*/
if (!isset($selectedCountry)) {
$selectedCountry = (int) Configuration::get('PS_COUNTRY_DEFAULT');
}
if (Configuration::get('PS_RESTRICT_DELIVERED_COUNTRIES')) {
$countries = Carrier::getDeliveredCountries((int) self::$cookie->id_lang, true, true);
} else {
$countries = Country::getCountries((int) self::$cookie->id_lang, true);
}
self::$smarty->assign(array('countries' => $countries, 'sl_country' => isset($selectedCountry) ? $selectedCountry : 0, 'vat_management' => Configuration::get('VATNUMBER_MANAGEMENT')));
/* Call a hook to display more information on form */
self::$smarty->assign(array('HOOK_CREATE_ACCOUNT_FORM' => Module::hookExec('createAccountForm'), 'HOOK_CREATE_ACCOUNT_TOP' => Module::hookExec('createAccountTop')));
}
/* Generate years, months and days */
if (isset($_POST['years']) and is_numeric($_POST['years'])) {
$selectedYears = (int) $_POST['years'];
}
$years = Tools::dateYears();
if (isset($_POST['months']) and is_numeric($_POST['months'])) {
$selectedMonths = (int) $_POST['months'];
}
$months = Tools::dateMonths();
if (isset($_POST['days']) and is_numeric($_POST['days'])) {
$selectedDays = (int) $_POST['days'];
}
$days = Tools::dateDays();
self::$smarty->assign(array('years' => $years, 'sl_year' => isset($selectedYears) ? $selectedYears : 0, 'months' => $months, 'sl_month' => isset($selectedMonths) ? $selectedMonths : 0, 'days' => $days, 'sl_day' => isset($selectedDays) ? $selectedDays : 0));
self::$smarty->assign('newsletter', (int) Module::getInstanceByName('blocknewsletter')->active);
}
function signIn($POSTdata)
{
//Init variables
$unick = trim($POSTdata['playernick']);
$upass = trim($POSTdata['playerpassword']);
$umail = trim($POSTdata['playermail']);
$data = array();
$output = array();
//Check password copy
if ($upass != $POSTdata['playerpasswordcpy']) {
print 1;
exit;
}
$check = Db::q('SELECT * FROM ' . _DB_PREFIX_ . 'users WHERE playermail = "' . mysql_escape_string($umail) . '" LIMIT 1');
if (sizeof($check) >= 1) {
print 2;
die;
}
$error = array();
if (!Validate::isName($unick)) {
$error[] = 'Invalid nickname';
}
if (!Validate::isPasswd($upass)) {
$error[] = 'Invalid password';
}
if (!Validate::isEmail($umail)) {
$error[] = 'Invalid email';
}
//Validate
if (sizeof($error)) {
print 0;
die;
}
/*
==========================
2° step : save data
===========================
*/
Db::q('INSERT INTO ' . _DB_PREFIX_ . 'users (playernick, playermail, playerpassword) VALUES("' . mysql_real_escape_string($unick) . '", "' . mysql_real_escape_string($umail) . '", "' . md5($upass) . '")');
$check = Db::q('SELECT * FROM ' . _DB_PREFIX_ . 'users WHERE playermail = "' . mysql_real_escape_string($umail) . '"');
if (!sizeof($check)) {
print 0;
die;
}
Db::q('INSERT INTO ' . _DB_PREFIX_ . 'points
(id_player, points)
VALUES("' . $check[0]['id'] . '", "0")');
//Initialize saves data
Db::q('INSERT INTO ' . _DB_PREFIX_ . 'saves
(id_player, points, level, health, inventary)
VALUES("' . $check[0]['id'] . '", "0", "1", "100", 0)');
print 3;
die;
}
public function processLogin()
{
/* Check fields validity */
$passwd = trim(Tools::getValue('passwd'));
$email = trim(Tools::getValue('email'));
if (empty($email)) {
$this->errors[] = Tools::displayError('Email is empty.');
} elseif (!Validate::isEmail($email)) {
$this->errors[] = Tools::displayError('Invalid email address.');
}
if (empty($passwd)) {
$this->errors[] = Tools::displayError('The password field is blank.');
} elseif (!Validate::isPasswd($passwd)) {
$this->errors[] = Tools::displayError('Invalid password.');
}
if (!count($this->errors)) {
// Find employee
$this->context->employee = new Employee();
$is_employee_loaded = $this->context->employee->getByEmail($email, $passwd);
$employee_associated_shop = $this->context->employee->getAssociatedShops();
if (!$is_employee_loaded) {
$this->errors[] = Tools::displayError('The Employee does not exist, or the password provided is incorrect.');
$this->context->employee->logout();
} elseif (empty($employee_associated_shop) && !$this->context->employee->isSuperAdmin()) {
$this->errors[] = Tools::displayError('This employee does not manage the shop anymore (Either the shop has been deleted or permissions have been revoked).');
$this->context->employee->logout();
} else {
$this->context->employee->remote_addr = ip2long(Tools::getRemoteAddr());
// Update cookie
$cookie = Context::getContext()->cookie;
$cookie->id_employee = $this->context->employee->id;
$cookie->email = $this->context->employee->email;
$cookie->profile = $this->context->employee->id_profile;
$cookie->passwd = $this->context->employee->passwd;
$cookie->remote_addr = $this->context->employee->remote_addr;
$cookie->write();
// If there is a valid controller name submitted, redirect to it
if (isset($_POST['redirect']) && Validate::isControllerName($_POST['redirect'])) {
$url = $this->context->link->getAdminLink($_POST['redirect']);
} else {
$tab = new Tab((int) $this->context->employee->default_tab);
$url = $this->context->link->getAdminLink($tab->class_name);
}
if (Tools::isSubmit('ajax')) {
die(Tools::jsonEncode(array('hasErrors' => false, 'redirect' => $url)));
} else {
$this->redirect_after = $url;
}
}
}
if (Tools::isSubmit('ajax')) {
die(Tools::jsonEncode(array('hasErrors' => true, 'errors' => $this->errors)));
}
}
public function preProcess()
{
if (Tools::isSubmit('SubmitLogin') || Tools::getValue('SubmitLogin')) {
Module::hookExec('beforeAuthentication');
$passwd = trim(Tools::getValue('passwd'));
$email = trim(Tools::getValue('email'));
if (empty($email)) {
$this->errors[] = Tools::displayError('E-mail address required');
} elseif (!Validate::isEmail($email)) {
$this->errors[] = Tools::displayError('Invalid e-mail address');
} elseif (empty($passwd)) {
$this->errors[] = Tools::displayError('Password is required');
} elseif (Tools::strlen($passwd) > 32) {
$this->errors[] = Tools::displayError('Password is too long');
} elseif (!Validate::isPasswd($passwd)) {
$this->errors[] = Tools::displayError('Invalid password');
} else {
$customer = new Customer();
$authentication = $customer->getByEmail(trim($email), trim($passwd));
if (!$authentication or !$customer->id) {
/* Handle brute force attacks */
sleep(1);
$this->errors[] = Tools::displayError('Authentication failed');
} else {
self::$cookie->id_customer = (int) $customer->id;
self::$cookie->customer_lastname = $customer->lastname;
self::$cookie->customer_firstname = $customer->firstname;
self::$cookie->logged = 1;
self::$cookie->is_guest = $customer->isGuest();
self::$cookie->passwd = $customer->passwd;
self::$cookie->email = $customer->email;
if (Configuration::get('PS_CART_FOLLOWING') and (empty(self::$cookie->id_cart) or Cart::getNbProducts(self::$cookie->id_cart) == 0)) {
self::$cookie->id_cart = (int) Cart::lastNoneOrderedCart((int) $customer->id);
}
/* Update cart address */
self::$cart->id_carrier = 0;
self::$cart->id_address_delivery = Address::getFirstCustomerAddressId((int) $customer->id);
self::$cart->id_address_invoice = Address::getFirstCustomerAddressId((int) $customer->id);
self::$cart->update();
Module::hookExec('authentication');
if (!Tools::isSubmit('ajax')) {
if ($back = Tools::getValue('back')) {
Tools::redirect($back);
}
Tools::redirect('history.php');
}
}
}
if (Tools::getValue('ajax')) {
$return = array('hasError' => !empty($this->errors), 'errors' => $this->errors, 'token' => Tools::getToken(false));
die(Tools::jsonEncode($return));
}
}
}
/**
* Manage page display (form, list...)
*
* @param string $className Allow to validate a different class than the current one
*/
public function validateRules($className = false)
{
if (!$className) {
$className = $this->className;
}
/* Class specific validation rules */
$rules = call_user_func(array($className, 'getValidationRules'), $className);
if (sizeof($rules['requiredLang']) or sizeof($rules['sizeLang']) or sizeof($rules['validateLang'])) {
/* Language() instance determined by default language */
$defaultLanguage = new Language((int) Configuration::get('PS_LANG_DEFAULT'));
/* All availables languages */
$languages = Language::getLanguages(false);
}
/* Checking for required fields */
foreach ($rules['required'] as $field) {
if (($value = Tools::getValue($field)) == false and (string) $value != '0') {
if (!Tools::getValue($this->identifier) or $field != 'passwd' and $field != 'no-picture') {
$this->_errors[] = $this->l('the field') . ' <b>' . call_user_func(array($className, 'displayFieldName'), $field, $className) . '</b> ' . $this->l('is required');
}
}
}
/* Checking for multilingual required fields */
foreach ($rules['requiredLang'] as $fieldLang) {
if (($empty = Tools::getValue($fieldLang . '_' . $defaultLanguage->id)) === false or $empty !== '0' and empty($empty)) {
$this->_errors[] = $this->l('the field') . ' <b>' . call_user_func(array($className, 'displayFieldName'), $fieldLang, $className) . '</b> ' . $this->l('is required at least in') . ' ' . $defaultLanguage->name;
}
}
/* Checking for maximum fields sizes */
foreach ($rules['size'] as $field => $maxLength) {
if (Tools::getValue($field) !== false and Tools::strlen(Tools::getValue($field)) > $maxLength) {
$this->_errors[] = $this->l('the field') . ' <b>' . call_user_func(array($className, 'displayFieldName'), $field, $className) . '</b> ' . $this->l('is too long') . ' (' . $maxLength . ' ' . $this->l('chars max') . ')';
}
}
/* Checking for maximum multilingual fields size */
foreach ($rules['sizeLang'] as $fieldLang => $maxLength) {
foreach ($languages as $language) {
if (Tools::getValue($fieldLang . '_' . $language['id_lang']) !== false and Tools::strlen(Tools::getValue($fieldLang . '_' . $language['id_lang'])) > $maxLength) {
$this->_errors[] = $this->l('the field') . ' <b>' . call_user_func(array($className, 'displayFieldName'), $fieldLang, $className) . ' (' . $language['name'] . ')</b> ' . $this->l('is too long') . ' (' . $maxLength . ' ' . $this->l('chars max, html chars including') . ')';
}
}
}
/* Overload this method for custom checking */
$this->_childValidation();
/* Checking for fields validity */
foreach ($rules['validate'] as $field => $function) {
if (($value = Tools::getValue($field)) !== false and $field != 'passwd') {
if (!Validate::$function($value)) {
$this->_errors[] = $this->l('the field') . ' <b>' . call_user_func(array($className, 'displayFieldName'), $field, $className) . '</b> ' . $this->l('is invalid');
}
}
}
/* Checking for passwd_old validity */
if (($value = Tools::getValue('passwd')) != false) {
if ($className == 'Employee' and !Validate::isPasswdAdmin($value)) {
$this->_errors[] = $this->l('the field') . ' <b>' . call_user_func(array($className, 'displayFieldName'), 'passwd', $className) . '</b> ' . $this->l('is invalid');
} elseif ($className == 'Customer' and !Validate::isPasswd($value)) {
$this->_errors[] = $this->l('the field') . ' <b>' . call_user_func(array($className, 'displayFieldName'), 'passwd', $className) . '</b> ' . $this->l('is invalid');
}
}
/* Checking for multilingual fields validity */
foreach ($rules['validateLang'] as $fieldLang => $function) {
foreach ($languages as $language) {
if (($value = Tools::getValue($fieldLang . '_' . $language['id_lang'])) !== false and !empty($value)) {
if (!Validate::$function($value)) {
$this->_errors[] = $this->l('the field') . ' <b>' . call_user_func(array($className, 'displayFieldName'), $fieldLang, $className) . ' (' . $language['name'] . ')</b> ' . $this->l('is invalid');
}
}
}
}
}
public function postProcess()
{
if (Tools::isSubmit('deleteemployee') || Tools::isSubmit('status') || Tools::isSubmit('statusemployee')) {
/* PrestaShop demo mode */
if (_PS_MODE_DEMO_ && ($id_employee = Tools::getValue('id_employee') && (int) $id_employee == _PS_DEMO_MAIN_BO_ACCOUNT_)) {
$this->errors[] = Tools::displayError('This functionality has been disabled.');
return;
}
if ($this->context->employee->id == Tools::getValue('id_employee')) {
$this->errors[] = Tools::displayError('You cannot disable or delete your own account.');
return false;
}
$employee = new Employee(Tools::getValue('id_employee'));
if ($employee->isLastAdmin()) {
$this->errors[] = Tools::displayError('You cannot disable or delete the administrator account.');
return false;
}
// It is not possible to delete an employee if he manages warehouses
$warehouses = Warehouse::getWarehousesByEmployee((int) Tools::getValue('id_employee'));
if (Tools::isSubmit('deleteemployee') && count($warehouses) > 0) {
$this->errors[] = Tools::displayError('You cannot delete this account because it manages warehouses.
Check your warehouses first.');
return false;
}
} elseif (Tools::isSubmit('submitAddemployee')) {
$employee = new Employee((int) Tools::getValue('id_employee'));
if (!Validate::isLoadedObject($employee) && !Validate::isPasswd(Tools::getvalue('passwd'), 8)) {
$this->errors[] = Tools::displayError('You must specify a password with a minimum of eight characters.');
}
// If the employee is editing its own account
if ($this->restrict_edition) {
$_POST['id_profile'] = $_GET['id_profile'] = $employee->id_profile;
$_POST['active'] = $_GET['active'] = $employee->active;
// Unset set shops
foreach ($_POST as $postkey => $postvalue) {
if (strstr($postkey, 'checkBoxShopAsso_' . $this->table) !== false) {
unset($_POST[$postkey]);
}
}
foreach ($_GET as $postkey => $postvalue) {
if (strstr($postkey, 'checkBoxShopAsso_' . $this->table) !== false) {
unset($_GET[$postkey]);
}
}
// Add current shops associated to the employee
$result = Shop::getShopById((int) $employee->id, $this->identifier, $this->table);
foreach ($result as $row) {
$key = 'checkBoxShopAsso_' . $this->table;
if (!isset($_POST[$key])) {
$_POST[$key] = array();
}
if (!isset($_GET[$key])) {
$_GET[$key] = array();
}
$_POST[$key][$row['id_shop']] = 1;
$_GET[$key][$row['id_shop']] = 1;
}
}
//if profile is super admin, manually fill checkBoxShopAsso_employee because in the form they are disabled.
if ($_POST['id_profile'] == _PS_ADMIN_PROFILE_) {
$result = Db::getInstance()->executeS('SELECT id_shop FROM ' . _DB_PREFIX_ . 'shop');
foreach ($result as $row) {
$key = 'checkBoxShopAsso_' . $this->table;
if (!isset($_POST[$key])) {
$_POST[$key] = array();
}
if (!isset($_GET[$key])) {
$_GET[$key] = array();
}
$_POST[$key][$row['id_shop']] = 1;
$_GET[$key][$row['id_shop']] = 1;
}
}
if ($employee->isLastAdmin()) {
if (Tools::getValue('id_profile') != (int) _PS_ADMIN_PROFILE_) {
$this->errors[] = Tools::displayError('You should have at least one employee in the administrator
group.');
return false;
}
if (Tools::getvalue('active') == 0) {
$this->errors[] = Tools::displayError('You cannot disable or delete the administrator account.');
return false;
}
}
if (Tools::getValue('bo_theme_css')) {
$bo_theme = explode('|', Tools::getValue('bo_theme_css'));
$_POST['bo_theme'] = $bo_theme[0];
if (!in_array($bo_theme[0], scandir(_PS_ADMIN_DIR_ . DIRECTORY_SEPARATOR . 'themes'))) {
$this->errors[] = Tools::displayError('Invalid theme');
return false;
}
if (isset($bo_theme[1])) {
$_POST['bo_css'] = $bo_theme[1];
}
}
$assos = $this->getSelectedAssoShop($this->table);
if (!$assos && ($this->table = 'employee')) {
if (Shop::isFeatureActive() && _PS_ADMIN_PROFILE_ != $_POST['id_profile']) {
$this->errors[] = Tools::displayError('The employee must be associated with at least one shop.');
}
}
}
return parent::postProcess();
}
