Esempio n. 1
0
/**
 * Check to see if customer salt string matches
 *
 * Function will check to see if the unsalted customer hash string $customerString and the customer id $customerID match against the salted
 * customer hash string $saltedString
 *
 * @access public
 * @param string $saltedString The salted customer hash string to compare to
 * @param string $customerString The unsalted customer hash string
 * @param int $customerId The customer ID
 * @return bool TRUE if the salted and unsalted strings match, FALSE if no match or if any of the arguments are invalid/empty
 */
function CustomerHashCheck($saltedString, $customerString, $customerId)
{
    if ($saltedString == '' || $customerString == '' || !isId($customerId)) {
        return false;
    }
    $customerString = CustomerHashCreate($customerString, $customerId);
    if ($customerString === $saltedString) {
        return true;
    }
    return false;
}
Esempio n. 2
0
 /**
  *	Send the email to confirm the change
  */
 private function SendPasswordEmail()
 {
     /*
     	Include the email API class
     */
     if (isset($_POST['email'])) {
         $email = trim($_POST['email']);
         // Does an account with the email address exist?
         if ($this->AccountWithEmailAlreadyExists($email)) {
             // Is the current password right?
             $query = sprintf("select customerid, customertoken from [|PREFIX|]customers where isguest = 0 AND lower(custconemail)='%s'", $GLOBALS['ISC_CLASS_DB']->Quote(isc_strtolower($email)));
             $result = $GLOBALS['ISC_CLASS_DB']->Query($query);
             if ($row = $GLOBALS['ISC_CLASS_DB']->Fetch($result)) {
                 // The account exists, let's create a new temporary token to be used to verify the email that will be sent
                 $customer_id = $row['customerid'];
                 $storeRandom = md5(uniqid(mt_rand(), true) . $_SERVER['HTTP_USER_AGENT'] . $_SERVER['REMOTE_ADDR'] . $_SERVER['REQUEST_TIME']);
                 $linkRandom = CustomerHashCreate($storeRandom, $customer_id);
                 $UpdatedCustomer = array("customerpasswordresettoken" => $storeRandom, "customerpasswordresetemail" => $email);
                 if ($GLOBALS['ISC_CLASS_DB']->UpdateQuery("customers", $UpdatedCustomer, "customerid='" . $GLOBALS['ISC_CLASS_DB']->Quote($customer_id) . "'")) {
                     // Send the email
                     $data = sprintf("c=%d&t=%s", $customer_id, $linkRandom);
                     $link = sprintf("%s/login.php?action=change_password&%s", $GLOBALS['ShopPath'], $data);
                     $store_name = GetConfig('StoreName');
                     $email_message = sprintf(GetLang('ForgotPassEmailMessage'), $store_name, $link, $link);
                     // Create a new email API object to send the email
                     require_once ISC_BASE_PATH . "/lib/email.php";
                     $obj_email = GetEmailClass();
                     $obj_email->Set('CharSet', GetConfig('CharacterSet'));
                     $obj_email->From(GetConfig('OrderEmail'), $store_name);
                     $obj_email->Set("Subject", sprintf(GetLang('ForgotPassEmailSubject'), $store_name));
                     $obj_email->AddBody("html", $email_message);
                     $obj_email->AddRecipient($email, "", "h");
                     $email_result = $obj_email->Send();
                     // If the email was sent ok, show a confirmation message
                     if ($email_result['success']) {
                         $this->ShowLoginPage("ForgotPassEmailSent");
                     } else {
                         // Email error
                         $this->ResetPassword("internal_error");
                     }
                 } else {
                     // Database error
                     $this->ResetPassword("internal_error");
                 }
             } else {
                 // Bad password
                 $this->ResetPassword("bad_password");
             }
         } else {
             // No account with that email address
             $this->ResetPassword("bad_email");
         }
     } else {
         $this->ResetPassword();
     }
 }