/** * Start forms process * @see FrontController::postProcess() */ public function postProcess() { if (Tools::isSubmit('email')) { if (!($email = Tools::getValue('email')) || !Validate::isEmail($email)) { $this->errors[] = Tools::displayError('Invalid e-mail address'); } else { $customer = new Customer(); $customer->getByemail($email); if (!Validate::isLoadedObject($customer)) { $this->errors[] = Tools::displayError('There is no account registered to this e-mail address.'); } elseif (!$customer->active) { $this->errors[] = Tools::displayError('You cannot regenerate the password for this account.'); } elseif (strtotime($customer->last_passwd_gen . '+' . (int) ($min_time = Configuration::get('PS_PASSWD_TIME_FRONT')) . ' minutes') - time() > 0) { $this->errors[] = sprintf(Tools::displayError('You can regenerate your password only every %d minute(s)'), (int) $min_time); } else { $mail_params = array('{email}' => $customer->email, '{lastname}' => $customer->lastname, '{firstname}' => $customer->firstname, '{url}' => $this->context->link->getPageLink('password', true, null, 'token=' . $customer->secure_key . '&id_customer=' . (int) $customer->id)); if (Mail::Send($this->context->language->id, 'password_query', Mail::l('Password query confirmation'), $mail_params, $customer->email, $customer->firstname . ' ' . $customer->lastname)) { $this->context->smarty->assign(array('confirmation' => 2, 'email' => $customer->email)); } else { $this->errors[] = Tools::displayError('Error occurred while sending the e-mail.'); } } } } elseif (($token = Tools::getValue('token')) && ($id_customer = (int) Tools::getValue('id_customer'))) { $email = Db::getInstance()->getValue('SELECT `email` FROM ' . _DB_PREFIX_ . 'customer c WHERE c.`secure_key` = \'' . pSQL($token) . '\' AND c.id_customer = ' . (int) $id_customer); if ($email) { $customer = new Customer(); $customer->getByemail($email); if (!Validate::isLoadedObject($customer)) { $this->errors[] = Tools::displayError('Customer account not found'); } elseif (!$customer->active) { $this->errors[] = Tools::displayError('You cannot regenerate the password for this account.'); } elseif (strtotime($customer->last_passwd_gen . '+' . (int) Configuration::get('PS_PASSWD_TIME_FRONT') . ' minutes') - time() > 0) { Tools::redirect('index.php?controller=authentication&error_regen_pwd'); } else { $customer->passwd = Tools::encrypt($password = Tools::passwdGen(MIN_PASSWD_LENGTH)); $customer->last_passwd_gen = date('Y-m-d H:i:s', time()); if ($customer->update()) { Hook::exec('actionPasswordRenew', array('customer' => $customer, 'password' => $password)); $mail_params = array('{email}' => $customer->email, '{lastname}' => $customer->lastname, '{firstname}' => $customer->firstname, '{passwd}' => $password); if (Mail::Send($this->context->language->id, 'password', Mail::l('Your new password'), $mail_params, $customer->email, $customer->firstname . ' ' . $customer->lastname)) { $this->context->smarty->assign(array('confirmation' => 1, 'email' => $customer->email)); } else { $this->errors[] = Tools::displayError('Error occurred while sending the e-mail.'); } } else { $this->errors[] = Tools::displayError('An error occurred with your account and your new password cannot be sent to your e-mail. Please report your problem using the contact form.'); } } } else { $this->errors[] = Tools::displayError('We cannot regenerate your password with the data you submitted'); } } elseif (Tools::getValue('token') || Tools::getValue('id_customer')) { $this->errors[] = Tools::displayError('We cannot regenerate your password with the data you submitted'); } }
public function process() { parent::process(); if (Tools::isSubmit('email')) { if (!($email = Tools::getValue('email')) or !Validate::isEmail($email)) { $this->errors[] = Tools::displayError('Invalid e-mail address'); } else { $customer = new Customer(); $customer->getByemail($email); if (!Validate::isLoadedObject($customer)) { $this->errors[] = Tools::displayError('There is no account registered to this e-mail address.'); } else { if (strtotime($customer->last_passwd_gen . '+' . (int) ($min_time = Configuration::get('PS_PASSWD_TIME_FRONT')) . ' minutes') - time() > 0) { $this->errors[] = Tools::displayError('You can regenerate your password only every') . ' ' . (int) $min_time . ' ' . Tools::displayError('minute(s)'); } else { if (Mail::Send((int) self::$cookie->id_lang, 'password_query', Mail::l('Password query confirmation'), array('{email}' => $customer->email, '{lastname}' => $customer->lastname, '{firstname}' => $customer->firstname, '{url}' => self::$link->getPageLink('password.php', true) . '?token=' . $customer->secure_key . '&id_customer=' . (int) $customer->id), $customer->email, $customer->firstname . ' ' . $customer->lastname)) { self::$smarty->assign(array('confirmation' => 2, 'email' => $customer->email)); } else { $this->errors[] = Tools::displayError('Error occurred when sending the e-mail.'); } } } } } elseif (($token = Tools::getValue('token')) && ($id_customer = (int) Tools::getValue('id_customer'))) { $email = Db::getInstance()->getValue('SELECT `email` FROM ' . _DB_PREFIX_ . 'customer c WHERE c.`secure_key` = \'' . pSQL($token) . '\' AND c.id_customer = ' . (int) $id_customer); if ($email) { $customer = new Customer(); $customer->getByemail($email); if (strtotime($customer->last_passwd_gen . '+' . (int) ($min_time = Configuration::get('PS_PASSWD_TIME_FRONT')) . ' minutes') - time() > 0) { Tools::redirect('authentication.php?error_regen_pwd'); } else { $customer->passwd = Tools::encrypt($password = Tools::passwdGen((int) MIN_PASSWD_LENGTH)); $customer->last_passwd_gen = date('Y-m-d H:i:s', time()); if ($customer->update()) { if (Mail::Send((int) self::$cookie->id_lang, 'password', Mail::l('Your password'), array('{email}' => $customer->email, '{lastname}' => $customer->lastname, '{firstname}' => $customer->firstname, '{passwd}' => $password), $customer->email, $customer->firstname . ' ' . $customer->lastname)) { self::$smarty->assign(array('confirmation' => 1, 'email' => $customer->email)); } else { $this->errors[] = Tools::displayError('Error occurred when sending the e-mail.'); } } else { $this->errors[] = Tools::displayError('An error occurred with your account and your new password cannot be sent to your e-mail. Please report your problem using the contact form.'); } } } else { $this->errors[] = Tools::displayError('We cannot regenerate your password with the data you submitted'); } } elseif (($token = Tools::getValue('token')) || ($id_customer = Tools::getValue('id_customer'))) { $this->errors[] = Tools::displayError('We cannot regenerate your password with the data you submitted'); } }
if (Tools::isSubmit('SubmitLogin')) { $passwd = trim(Tools::getValue('passwd')); $email = trim(Tools::getValue('email')); if (empty($email)) { $errors[] = Tools::displayError('e-mail address is required'); } elseif (!Validate::isEmail($email)) { $errors[] = Tools::displayError('invalid e-mail address'); } elseif (empty($passwd)) { $errors[] = Tools::displayError('password is required'); } elseif (Tools::strlen($passwd) > 32) { $errors[] = Tools::displayError('password is too long'); } elseif (!Validate::isPasswd($passwd)) { $errors[] = Tools::displayError('invalid password'); } else { $customer = new Customer(); $authentication = $customer->getByemail(trim($email), trim($passwd)); /* Handle brute force attacks */ sleep(1); if (!$authentication or !$customer->id) { $errors[] = Tools::displayError('authentication failed'); } else { $cookie->id_customer = intval($customer->id); $cookie->customer_lastname = $customer->lastname; $cookie->customer_firstname = $customer->firstname; $cookie->logged = 1; $cookie->passwd = $customer->passwd; $cookie->email = $customer->email; if (Configuration::get('PS_CART_FOLLOWING') and (empty($cookie->id_cart) or Cart::getNbProducts($cookie->id_cart) == 0)) { $cookie->id_cart = intval(Cart::lastNoneOrderedCart(intval($customer->id))); } $id_address = intval(Address::getFirstCustomerAddressId(intval($customer->id)));
public function process() { parent::process(); if (Tools::isSubmit('SubmitPassword')) { $new_pass = Tools::getValue('new_password'); $retype_pass = Tools::getValue('retype_password'); if (strcmp($new_pass, $retype_pass)) { $errors[] = Tools::displayError("Password fields don't match. Please retype."); } else { $email = Tools::getValue('email'); $customer = new Customer(); $customer->getByemail($email); if (!Validate::isLoadedObject($customer)) { $errors[] = Tools::displayError('Could not retrieve the account information.'); } else { $customer->passwd = Tools::encrypt($new_pass); $customer->reset_token = NULL; $customer->reset_time = NULL; if ($customer->update()) { self::$cart->secure_key = $customer->secure_key; self::$cookie->id_customer = (int) $customer->id; self::$cookie->customer_lastname = $customer->lastname; self::$cookie->customer_firstname = $customer->firstname; self::$cookie->passwd = $customer->passwd; self::$cookie->logged = 1; self::$cookie->email = $customer->email; if (Configuration::get('PS_CART_FOLLOWING') and (empty(self::$cookie->id_cart) or Cart::getNbProducts(self::$cookie->id_cart) == 0)) { self::$cookie->id_cart = (int) Cart::lastNoneOrderedCart((int) $customer->id); } self::$cart->update(); Tools::redirect('index.php'); } else { $errors[] = Tools::displayError('error resetting the password'); } } } } else { if (Tools::isSubmit('email')) { if (!($email = Tools::getValue('email')) or !Validate::isEmail($email)) { $this->errors[] = Tools::displayError('Invalid e-mail address'); } else { $customer = new Customer(); $customer->getByemail($email); if (!Validate::isLoadedObject($customer)) { $this->errors[] = Tools::displayError('There is no account registered to this e-mail address.'); } else { if (strtotime($customer->last_passwd_gen . '+' . (int) ($min_time = Configuration::get('PS_PASSWD_TIME_FRONT')) . ' minutes') - time() > 0) { $this->errors[] = Tools::displayError('You can regenerate your password only every') . ' ' . (int) $min_time . ' ' . Tools::displayError('minute(s)'); } else { if (Mail::Send((int) self::$cookie->id_lang, 'password_query', Mail::l('Your password reset request at IndusDiva.com'), array('{email}' => $customer->email, '{lastname}' => $customer->lastname, '{firstname}' => $customer->firstname, '{url}' => self::$link->getPageLink('password.php', true) . '?token=' . $customer->secure_key . '&id_customer=' . (int) $customer->id), $customer->email, $customer->firstname . ' ' . $customer->lastname)) { self::$smarty->assign(array('confirmation' => 2, 'email' => $customer->email)); } else { $this->errors[] = Tools::displayError('Error occurred when sending the e-mail.'); } } } } } elseif (($token = Tools::getValue('token')) && ($id_customer = (int) Tools::getValue('id_customer'))) { $email = Db::getInstance()->getValue('SELECT `email` FROM ' . _DB_PREFIX_ . 'customer c WHERE c.`secure_key` = "' . pSQL($token) . '" AND c.id_customer=' . (int) $id_customer); if ($email) { $customer = new Customer(); $customer->getByemail($email); if (strtotime($customer->last_passwd_gen . '+' . (int) ($min_time = Configuration::get('PS_PASSWD_TIME_FRONT')) . ' minutes') - time() > 0) { Tools::redirect('authentication.php?error_regen_pwd'); } else { self::$smarty->assign(array('password_reset' => 1, 'email' => $customer->email)); /* $customer->passwd = Tools::encrypt($password = Tools::passwdGen((int)(MIN_PASSWD_LENGTH))); $customer->last_passwd_gen = date('Y-m-d H:i:s', time()); if ($customer->update()) { if (Mail::Send((int)(self::$cookie->id_lang), 'password', Mail::l('Your password'), array('{email}' => $customer->email, '{lastname}' => $customer->lastname, '{firstname}' => $customer->firstname, '{passwd}' => $password), $customer->email, $customer->firstname.' '.$customer->lastname)) self::$smarty->assign(array('confirmation' => 1, 'email' => $customer->email)); else $this->errors[] = Tools::displayError('Error occurred when sending the e-mail.'); } else $this->errors[] = Tools::displayError('An error occurred with your account and your new password cannot be sent to your e-mail. Please report your problem using the contact form.'); */ } } else { $this->errors[] = Tools::displayError('We cannot regenerate your password with the data you submitted'); } } elseif (($token = Tools::getValue('token')) || ($id_customer = Tools::getValue('id_customer'))) { $this->errors[] = Tools::displayError('We cannot regenerate your password with the data you submitted'); } } }
function submitLogin() { global $cookie, $errors; $passwd = trim(Tools::getValue('passwd')); $email = trim(Tools::getValue('email')); if (empty($email)) { $errors[] = Tools::displayError('e-mail address is required'); } elseif (empty($email) or !Validate::isEmail($email)) { $errors[] = Tools::displayError('invalid e-mail address'); } elseif (empty($passwd)) { $errors[] = Tools::displayError('password is required'); } elseif (Tools::strlen($passwd) > 32) { $errors[] = Tools::displayError('password is too long'); } elseif (!Validate::isPasswd($passwd)) { $errors[] = Tools::displayError('invalid password'); } else { $customer = new Customer(); $authentication = $customer->getByemail(trim($email), trim($passwd)); /* Handle brute force attacks */ sleep(1); if (!$authentication or !$customer->id) { $errors[] = Tools::displayError('authentication failed'); } else { $cookie->id_customer = (int) $customer->id; $cookie->customer_lastname = $customer->lastname; $cookie->customer_firstname = $customer->firstname; $cookie->logged = 1; $cookie->passwd = $customer->passwd; $cookie->email = $customer->email; if (Configuration::get('PS_CART_FOLLOWING') and (empty($cookie->id_cart) or Cart::getNbProducts($cookie->id_cart) == 0)) { $cookie->id_cart = Cart::lastNoneOrderedCart($customer->id); } Module::hookExec('authentication'); // Next ! $payerID = strval(Tools::getValue('payerID')); displayProcess($payerID); } } }
<?php include dirname(__FILE__) . '/config/config.inc.php'; include dirname(__FILE__) . '/header.php'; define('MIN_PASSWD_LENGTH', 8); $errors = array(); if (Tools::isSubmit('email')) { if (!($email = Tools::getValue('email')) or !Validate::isEmail($email)) { $errors[] = Tools::displayError('invalid e-mail address'); } else { $customer = new Customer(); $customer->getByemail($email); if (!Validate::isLoadedObject($customer)) { $errors[] = Tools::displayError('there is no account registered to this e-mail address'); } else { if (strtotime($customer->last_passwd_gen . '+' . intval($min_time = Configuration::get('PS_PASSWD_TIME_FRONT')) . ' minutes') - time() > 0) { $errors[] = Tools::displayError('You can regenerate your password only each') . ' ' . intval($min_time) . ' ' . Tools::displayError('minute(s)'); } else { $customer->passwd = Tools::encrypt($password = Tools::passwdGen(intval(MIN_PASSWD_LENGTH))); $customer->last_passwd_gen = date('Y-m-d H:i:s', time()); if ($customer->update()) { Mail::Send(intval($cookie->id_lang), 'password', 'Your password', array('{email}' => $customer->email, '{lastname}' => $customer->lastname, '{firstname}' => $customer->firstname, '{passwd}' => $password), $customer->email, $customer->firstname . ' ' . $customer->lastname); $smarty->assign(array('confirmation' => 1, 'email' => $customer->email)); } else { $errors[] = Tools::displayError('error with your account and your new password cannot be sent to your e-mail; please report your problem using the contact form'); } } } } } $smarty->assign('errors', $errors);