/** * {@inheritDoc} */ public function processPost($request) { $translator = $this->get('translator'); $emailAddress = $request->request->get('email_address'); $account = $this->container->get('accountService')->getAccountForEmailAddress($emailAddress); if (null === $account || Account::REGISTERED != $account->getType()) { $this->get('session.flash_bag')->error($translator->trans("Sorry, there is no account with the email address '%email%'.", array('%email%' => $emailAddress))); return $this->findView(); } $encoder = $this->get('security.encoder_factory')->getEncoder($account); $minLength = $this->get('settingsService')->get('zenmagick.base.security.authentication.minPasswordLength', 8); $newPassword = Toolbox::random($minLength, Toolbox::RANDOM_MIXED); $newEncodedPassword = $encoder->encodePassword($newPassword); // update account password (encrypted) $this->container->get('accountService')->setAccountPassword($account->getId(), $newEncodedPassword); // send email (clear text) $settingsService = $this->container->get('settingsService'); $message = $this->container->get('messageBuilder')->createMessage('password_forgotten', true, $request, array('password' => $newPassword)); $message->setSubject($translator->trans('Forgotten Password - %store_name%', array('%store_name%' => $settingsService->get('storeName'))))->setTo($emailAddress, $account->getFullName())->setFrom($settingsService->get('storeEmail')); $this->container->get('mailer')->send($message); $this->container->get('event_dispatcher')->dispatch('password_changed', new GenericEvent($this, array('controller' => $this, 'account' => $account, 'clearPassword' => $newPassword))); // report success $this->get('session.flash_bag')->success($translator->trans('A new password has been sent to your email address.')); return $this->findView('success'); }
/** * {@inheritDoc} */ public function encodePassword($raw, $salt = null) { $password = ''; for ($i = 0; $i < 10; $i++) { $password .= Toolbox::random(Toolbox::RANDOM_MIXED); } $salt = substr(md5($password), 0, 2); $password = md5($salt . $raw) . ':' . $salt; return $password; }
/** * {@inheritDoc} */ public function processPost($request) { $email = $request->request->get('email'); $adminUserService = $this->container->get('adminUserService'); $user = $adminUserService->getUserForEmail($email); $translator = $this->get('translator'); if (null === $user) { $message = $translator->trans("Sorry, there is no account with that email address '%s'.", array('%email%' => $email)); $this->get('session.flash_bag')->error($message); return $this->findView(); } $encoder = $this->get('security.encoder_factory')->getEncoder($user); $minLength = $this->get('settingsService')->get('zenmagick.base.security.authentication.minPasswordLength', 8); $newPassword = Toolbox::random($minLength, Toolbox::RANDOM_MIXED); $newEncrpytedPassword = $encoder->encodePassword($newPassword); $user->setPassword($newEncrpytedPassword); $adminUserService->updateUser($user); $message = $this->container->get('messageBuilder')->createMessage('reset_password', false, $request, array('newPassword' => $newPassword)); $message->setSubject($translator->trans('New password request'))->setTo($email)->setFrom($this->container->get('settingsService')->get('storeEmail')); $this->container->get('mailer')->send($message); // report success $this->get('session.flash_bag')->success($translator->trans('A new password has been sent to your email address.')); return $this->findView('success'); }
/** * Method to generate a cart ID * * @param length of ID to generate * @return string cart ID */ public function generate_cart_id($length = 5) { return \ZenMagick\Base\Toolbox::random($length, 'digits'); }
/** * Event callback to inject the required JS. */ public function onFinaliseContent($event) { $request = $event->getArgument('request'); $trackingType = $this->get('trackingType'); if (in_array($request->getRequestId(), array('product_info', 'shopping_cart')) && null !== $this->recommendationsLoadedFor) { // TODO: won't work with minify $scriptFile = 'ga' == $trackingType ? 'liftsuggest.js' : 'liftsuggest_traditional.js'; $protocol = $request->isSecure() ? 'https://' : 'http://'; $code1 = sprintf('<script type="text/javascript" src="%swww.liftsuggest.com/js/%s?cache=%s"></script>', $protocol, $scriptFile, Toolbox::random(10, Toolbox::RANDOM_DIGITS)); $code2 = $this->getTrackerCode($request); if (Toolbox::asBoolean($this->get('debug'))) { $code1 = str_replace('<script', '<!--script', $code1); $code1 = str_replace('</script>', '/script-->', $code1); $code2 = str_replace('<script', '<!--script', $code2); $code2 = str_replace('</script>', '/script-->', $code2); } $content = $event->getArgument('content'); if ('ga' == $trackingType) { $content = preg_replace('/<\\/head>/', $code1 . '</head>', $content, 1); $content = preg_replace('/pageTracker._trackPageview\\(/', $code2 . 'pageTracker._trackPageview(', $content, 1); } elseif ('as' == $trackingType) { $content = preg_replace('/<\\/body>/', $code1 . $code2 . '</body>', $content, 1); } $event->setArgument('content', $content); } }
/** * {@inheritDoc} */ public function processGet($request) { $translator = $this->get('translator'); $orderId = $request->query->get('order'); $id = $request->query->get('id'); if (null == $orderId || null == $id) { $this->get('session.flash_bag')->error($translator->trans('Download not found')); return $this->findView('error'); } $languageId = $request->getSession()->getLanguageId(); $order = $this->container->get('orderService')->getOrderForId($orderId, $languageId); $account = $this->getUser(); if ($account->getId() != $order->getAccountId()) { $this->get('session.flash_bag')->error($translator->trans('Order not found')); return $this->findView('error'); } $product = null; foreach ($order->getDownloads() as $download) { if ($download->getId() == $id) { $product = $download; } } if (null == $product || !$product->isDownloadable()) { $this->get('session.flash_bag')->error($translator->trans('No such download or download has expired.')); return $this->findView('error'); } if ($product->getMaxDays() > 0) { // ignore for unlimited downloads $query = "UPDATE %table.orders_products_download% SET download_count = download_count - 1\n WHERE orders_products_download_id = :id"; \ZMRuntime::getDatabase()->updateObj($query, array('id' => $id), 'orders_products_download'); } $settingsService = $this->container->get('settingsService'); $downloadBaseDir = $settingsService->get('downloadBaseDir'); $fileName = $product->getFilename(); $filePath = $downloadBaseDir . '/' . $fileName; $fileSize = $product->getFilesize(); $outputFileName = basename(str_replace(' ', '_', $fileName)); // Download by redirect. // @todo only works on windows >= Vista. Should have a warning somewhere. if ($settingsService->get('downloadByRedirect')) { // @todo use web accessible cache sub directory for downloadPubDir $pubDir = $settingsService->get('downloadPubDir'); if (empty($pubDir) || !is_writeable($pubDir)) { $this->get('session.flash_bag')->error($translator->trans('Could not write to public download directory.')); return $this->findView('error'); } /** * @todo this seems like an obvious race condition when more than one download is happening. * But i have heard no reports of it causing problems. INVESTIGATE!! */ $this->cleanTempDir($pubDir); $pubLocalDir = '.' . Toolbox::random(32); umask(00); mkdir($pubDir . '/' . $pubLocalDir, 0777, true); $target = $pubDir . '/' . $pubLocalDir . '/' . $outputFileName; $link = @symlink($filePath, $target); if ($link) { $url = $this->getRequest()->getUriForPath($target); return new RedirectResponse($url, 303); } } // Streaming downloads. // @todo offer a generic streaming method on the controller // and rely on HttpFoundation\Response if (headers_sent()) { $msg = 'Could not send download because headers were already sent.'; throw new ZMException($msg); } ini_set('zlib.output_compression', 'Off'); /** * Now send the file with header() magic * The "must-revalidate" and expiry times are used to prevent caching and fraudulent re-acquiring of files w/o redownloading. * Certain browsers require certain header combinations, especially when related to SSL mode and caching * * @todo rely on HttpFoundation\Response * @copyright the zencart developers */ header('Expires: Mon, 22 Jan 2002 00:00:00 GMT'); header('Last-Modified: ' . gmdate('D,d M Y H:i:s') . ' GMT'); if (preg_match('/msie/i', $request->server->get('HTTP_USER_AGENT'))) { header('Pragma: public'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Cache-Control: private', FALSE); header('Cache-Control: max-age=1'); // stores for only 1 second, which helps allow SSL downloads to work more reliably in IE } else { header('Cache-Control: no-cache, must-revalidate'); header('Pragma: no-cache'); } // force file to be downloaded. header('Content-Type: application/x-octet-stream'); header('Content-Type: application/force-download'); header('Content-Type: application/octet-stream'); header('Content-Type: application/download'); header('Content-Transfer-Encoding: binary'); header('Content-Disposition: attachment; filename="' . urlencode($outputFileName) . '"'); if ($fileSize > 0) { header('Content-Length: ' . (string) $fileSize); } if (!$settingsService->get('downloadInChunks')) { readfile($filePath); } else { @set_time_limit(1500); $fp = fopen($filePath, 'rb'); while (!feof($fp)) { echo fread($fp, 4096); flush(); } fclose($fp); return null; } }