/**
* Check to see if customer salt string matches
*
* Function will check to see if the unsalted customer hash string $customerString and the customer id $customerID match against the salted
* customer hash string $saltedString
*
* @access public
* @param string $saltedString The salted customer hash string to compare to
* @param string $customerString The unsalted customer hash string
* @param int $customerId The customer ID
* @return bool TRUE if the salted and unsalted strings match, FALSE if no match or if any of the arguments are invalid/empty
*/
function CustomerHashCheck($saltedString, $customerString, $customerId)
{
if ($saltedString == '' || $customerString == '' || !isId($customerId)) {
return false;
}
$customerString = CustomerHashCreate($customerString, $customerId);
if ($customerString === $saltedString) {
return true;
}
return false;
}
/**
* Send the email to confirm the change
*/
private function SendPasswordEmail()
{
/*
Include the email API class
*/
if (isset($_POST['email'])) {
$email = trim($_POST['email']);
// Does an account with the email address exist?
if ($this->AccountWithEmailAlreadyExists($email)) {
// Is the current password right?
$query = sprintf("select customerid, customertoken from [|PREFIX|]customers where isguest = 0 AND lower(custconemail)='%s'", $GLOBALS['ISC_CLASS_DB']->Quote(isc_strtolower($email)));
$result = $GLOBALS['ISC_CLASS_DB']->Query($query);
if ($row = $GLOBALS['ISC_CLASS_DB']->Fetch($result)) {
// The account exists, let's create a new temporary token to be used to verify the email that will be sent
$customer_id = $row['customerid'];
$storeRandom = md5(uniqid(mt_rand(), true) . $_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR'] . $_SERVER['REQUEST_TIME']);
$linkRandom = CustomerHashCreate($storeRandom, $customer_id);
$UpdatedCustomer = array("customerpasswordresettoken" => $storeRandom, "customerpasswordresetemail" => $email);
if ($GLOBALS['ISC_CLASS_DB']->UpdateQuery("customers", $UpdatedCustomer, "customerid='" . $GLOBALS['ISC_CLASS_DB']->Quote($customer_id) . "'")) {
// Send the email
$data = sprintf("c=%d&t=%s", $customer_id, $linkRandom);
$link = sprintf("%s/login.php?action=change_password&%s", $GLOBALS['ShopPath'], $data);
$store_name = GetConfig('StoreName');
$email_message = sprintf(GetLang('ForgotPassEmailMessage'), $store_name, $link, $link);
// Create a new email API object to send the email
require_once ISC_BASE_PATH . "/lib/email.php";
$obj_email = GetEmailClass();
$obj_email->Set('CharSet', GetConfig('CharacterSet'));
$obj_email->From(GetConfig('OrderEmail'), $store_name);
$obj_email->Set("Subject", sprintf(GetLang('ForgotPassEmailSubject'), $store_name));
$obj_email->AddBody("html", $email_message);
$obj_email->AddRecipient($email, "", "h");
$email_result = $obj_email->Send();
// If the email was sent ok, show a confirmation message
if ($email_result['success']) {
$this->ShowLoginPage("ForgotPassEmailSent");
} else {
// Email error
$this->ResetPassword("internal_error");
}
} else {
// Database error
$this->ResetPassword("internal_error");
}
} else {
// Bad password
$this->ResetPassword("bad_password");
}
} else {
// No account with that email address
$this->ResetPassword("bad_email");
}
} else {
$this->ResetPassword();
}
}