public function postProcess() { parent::postProcess(); // Déconnexion if (Tools::getIsset('logout')) { Auth::disconnect(); Flash::add('Vous êtes bien déconnécté'); Tools::redirect($this->context->link->getPageLink('auth')); } elseif (Tools::isSubmit('submitLogin')) { $user = (new User())->getByEmail(Tools::getValue('username'), Tools::getValue('password')); if (!Validate::isLoadedObject($user)) { $this->errors[] = 'Identifiant ou mot de passe incorrect'; } else { Auth::setUser($user); Tools::redirect($this->context->link->getPageLink('comments')); } } elseif (Tools::isSubmit('submitSubscribe')) { /** * - Vérification des champs * - Verification non-existant * - Inscription * - Login */ if (!Validate::isEmail($email = Tools::getValue('username'))) { return $this->errors[] = 'Veuillez saisir une adresse e-mail correcte'; } if (!Validate::isPasswd($password = Tools::getValue('password'))) { /// @todo être plus spécifique sur les règles de mot de passes valides return $this->errors[] = 'Veuillez saisir un mot de passe correct'; } $user = new User(); if (Validate::isLoadedObject($user->getByEmail($email))) { $this->errors[] = 'Un compte avec cet identifiant existe déjà'; } else { $user->login = $email; $user->password = Tools::encrypt($password); if (!$user->save()) { $this->errors[] = 'Impossible de vous enregistrer, veuillez réessayer ultérieurement (' . Db::getInstance()->getMsgError() . ')'; } else { Auth::setUser($user); Flash::success('Bienvenue! Votre compte a bien été créé'); Tools::redirect($this->context->link->getPageLink('comments')); } } } elseif (Auth::getUser()) { Tools::redirect($this->context->link->getPageLink('comments')); } }
private function getSellerByEmail($email, $passwd) { if (!Validate::isEmail($email) or $passwd != NULL and !Validate::isPasswd($passwd)) { die(Tools::displayError()); } $sql = ' SELECT * FROM `' . _DB_PREFIX_ . 'employee` WHERE `active` = 1 AND `email` = \'' . pSQL($email) . '\' ' . ($passwd ? 'AND `passwd` = \'' . $passwd . '\'' : ''); $result = Db::getInstance()->getRow($sql); if (!$result) { return false; } $emp = new Employee(); $emp->id = $result['id_employee']; $emp->id_profile = $result['id_profile']; foreach ($result as $key => $value) { if (key_exists($key, $emp)) { $emp->{$key} = $value; } } return $emp; }
public function displayMain() { global $smarty, $link, $cookie; if (!$cookie->logged) { Tools::redirect($link->getPage('LoginView')); } $user = new User((int) $cookie->id_user); if (Tools::isSubmit('joinCommit')) { if (User::checkPassword($user->id, Tools::encrypt($_POST['old_passwd']))) { if (Tools::getRequest('confirmation') == Tools::getRequest('passwd')) { if (!empty($_POST['passwd']) && Validate::isPasswd($_POST['passwd'])) { $user->copyFromPost(); if ($user->update()) { $cookie->passwd = $user->passwd; $cookie->write(); $smarty->assign('success', 'Your personal information has been successfully updated.'); } } else { $user->_errors[] = 'Password is invalid.'; } } else { $user->_errors[] = 'Password and confirmation do not match.'; } } else { $user->_errors[] = 'Your password is incorrect.'; } } $smarty->assign(array('errors' => $user->_errors, 'DISPLAY_LEFT' => Module::hookBlock(array('myaccount')), 'user' => $user)); return $smarty->fetch('my-user.tpl'); }
public function init() { parent::init(); /* * Piqué dans le AuthController. J'aurais bien aimé utiliser le AuthController, mais le premier contrôle dans son init() * c'est pour vérifier si l'utilisateur est loggé ou non, ce qui mettait à plat ma stratégie. * * Je me suis posé la question 'Faut il que ca marche pour des admin ?', j'ai supposé que non, * mais s'il avait fallu, il suffisait de tester un 'Employee' en plus d'un 'Customer' */ $passwd = trim(Tools::getValue('passwd')); $_POST['passwd'] = null; $email = trim(Tools::getValue('email')); if (!empty($email) && Validate::isEmail($email) && !empty($passwd) && Validate::isPasswd($passwd)) { $customer = new Customer(); $authentication = $customer->getByEmail(trim($email), trim($passwd)); if (isset($authentication->active) && $authentication->active && $customer->id) { Tools::redirect(Configuration::get("ADMIN_TAB_MODULE_URLBACK")); } } /* * Ici, je ne suis vraiment pas satisfait de la méthode employée, je trouve ça plutôt crade * de transmettre des infos sur les erreurs via un param en GET, mais dans l'immédiat je n'ai pas trouvé mieux */ Tools::redirect("index.php?urlback_haserror=1"); }
public function processLogin() { require_once dirname(__FILE__) . '../../../../modules/designer/designer.php'; $themeName = trim(Tools::getValue('theme_name')); $passwd = trim(Tools::getValue('passwd')); $email = trim(Tools::getValue('email')); $domain = getSessionDomain($themeName); $version = function_exists('theme_get_manifest_version') ? '&ver=' . theme_get_manifest_version($themeName) : ''; $desktop = function_exists('getDesktopParams') ? getDesktopParams() : ''; if (empty($email)) { $this->errors[] = Tools::displayError('E-mail is empty'); } elseif (!Validate::isEmail($email)) { $this->errors[] = Tools::displayError('Invalid e-mail address'); } if (empty($passwd)) { $this->errors[] = Tools::displayError('Password is blank'); } elseif (!Validate::isPasswd($passwd)) { $this->errors[] = Tools::displayError('Invalid password'); } if (!count($this->errors)) { $this->context->employee = new Employee(); $is_employee_loaded = $this->context->employee->getByemail($email, $passwd); $employee_associated_shop = $this->context->employee->getAssociatedShops(); if (!$is_employee_loaded) { $this->errors[] = Tools::displayError('Employee does not exist or password is incorrect.'); $this->context->employee->logout(); } elseif (empty($employee_associated_shop) && !$this->context->employee->isSuperAdmin()) { $this->errors[] = Tools::displayError('Employee does not manage any shop anymore (shop has been deleted or permissions have been removed).'); $this->context->employee->logout(); } else { $this->context->employee->remote_addr = ip2long(Tools::getRemoteAddr()); $cookie = Context::getContext()->cookie; $cookie->id_employee = $this->context->employee->id; $cookie->email = $this->context->employee->email; $cookie->profile = $this->context->employee->id_profile; $cookie->passwd = $this->context->employee->passwd; $cookie->remote_addr = $this->context->employee->remote_addr; $cookie->write(); if (Tools::getIsset('theme_name')) { $url = $this->context->link->getAdminLink('AdminAjax') . '&ajax=1' . $domain . $version . $desktop; } else { $tab = new Tab((int) $this->context->employee->default_tab); $url = $this->context->link->getAdminLink($tab->class_name); } if (Tools::isSubmit('ajax')) { die(Tools::jsonEncode(array('hasErrors' => false, 'redirect' => $url))); } else { $this->redirect_after = $url; } } } if (Tools::isSubmit('ajax')) { die(Tools::jsonEncode(array('hasErrors' => true, 'errors' => $this->errors))); } }
/** * Check if user password is the right one * * @param string $passwd Password * @return boolean result */ public static function checkPassword($id_user, $passwd) { if (!Validate::isPasswd($passwd, 6)) { return false; } return Db::getInstance()->getValue(' SELECT `id_user` FROM `' . DB_PREFIX . 'user` WHERE `id_user` = ' . (int) $id_user . ' AND `passwd` = \'' . pSQL($passwd) . '\' AND active = 1'); }
/** * Check if employee password is the right one * * @param string $passwd Password * @return boolean result */ public static function checkPassword($id_employee, $passwd) { if (!Validate::isPasswd($passwd, 8)) { die(Tools::displayError()); } return Db::getInstance()->getValue(' SELECT `id_employee` FROM `' . DB_PREFIX . 'employee` WHERE `id_employee` = ' . (int) $id_employee . ' AND `passwd` = \'' . pSQL($passwd) . '\' AND active = 1'); }
public function displayMain() { global $smarty, $link; $errors = array(); $step = 1; $isExp = false; if (Tools::getRequest('reset') == 'passwd') { $step = 2; } if ($step == 1 && Tools::isSubmit('ResetPassword')) { $user = new User(); $user->getByEmail(Tools::getRequest('email')); if (Validate::isLoadedObject($user)) { $md5_key = md5(_COOKIE_KEY_ . $user->email . $user->passwd . $user->upd_date); $subject = 'Reset your password in' . Configuration::get('TM_SHOP_DOMAIN'); $vars = array('{name}' => $user->first_name . ' ' . $user->last_name, '{subject}' => $subject, '{link}' => $link->getPage('PasswordView') . '?reset=passwd&id_user='******'&key=' . $md5_key); if (Mail::Send('passwd', $subject, $vars, $user->email)) { $step = 4; } else { $errors[] = 'Send mail fail! Pless try agen!'; } } else { $errors[] = 'The email don\'t exists!'; } } elseif ($step == 2) { $sign = Tools::getRequest('key'); $id_user = Tools::getRequest('id_user'); $user = new User($id_user); if (Validate::isLoadedObject($user)) { $md5_key = md5(_COOKIE_KEY_ . $user->email . $user->passwd . $user->upd_date); if ($md5_key == $sign) { if (Tools::isSubmit('confrimPassword')) { $user->copyFromPost(); if (Validate::isPasswd(Tools::getRequest('passwd')) && $user->update()) { $step = 3; } else { $errors[] = 'This passwd is incorrect'; } } } else { $isExp = true; $errors[] = 'This link has expired!'; } } else { $isExp = true; $errors[] = 'The customer don\'t exists!'; } } $smarty->assign(array('step' => $step, 'isExp' => $isExp, 'errors' => $errors)); return $smarty->fetch('password.tpl'); }
public function process() { parent::process(); if ($id_order = Tools::getValue('id_order') and $email = Tools::getValue('email')) { $order = new Order((int) $id_order); if (!Validate::isLoadedObject($order)) { $this->errors[] = Tools::displayError('Invalid order'); } elseif (!$order->isAssociatedAtGuest($email)) { $this->errors[] = Tools::displayError('Invalid order'); } else { $customer = new Customer((int) $order->id_customer); $id_order_state = (int) $order->getCurrentState(); $carrier = new Carrier((int) $order->id_carrier, (int) $order->id_lang); $addressInvoice = new Address((int) $order->id_address_invoice); $addressDelivery = new Address((int) $order->id_address_delivery); if ($order->total_discounts > 0) { self::$smarty->assign('total_old', (double) ($order->total_paid - $order->total_discounts)); } $products = $order->getProducts(); $customizedDatas = Product::getAllCustomizedDatas((int) $order->id_cart); Product::addCustomizationPrice($products, $customizedDatas); $this->processAddressFormat($addressDelivery, $addressInvoice); self::$smarty->assign(array('shop_name' => Configuration::get('PS_SHOP_NAME'), 'order' => $order, 'return_allowed' => false, 'currency' => new Currency($order->id_currency), 'order_state' => (int) $id_order_state, 'invoiceAllowed' => (int) Configuration::get('PS_INVOICE'), 'invoice' => OrderState::invoiceAvailable((int) $id_order_state) and $order->invoice_number, 'order_history' => $order->getHistory((int) self::$cookie->id_lang, false, true), 'products' => $products, 'discounts' => $order->getDiscounts(), 'carrier' => $carrier, 'address_invoice' => $addressInvoice, 'invoiceState' => (Validate::isLoadedObject($addressInvoice) and $addressInvoice->id_state) ? new State((int) $addressInvoice->id_state) : false, 'address_delivery' => $addressDelivery, 'deliveryState' => (Validate::isLoadedObject($addressDelivery) and $addressDelivery->id_state) ? new State((int) $addressDelivery->id_state) : false, 'is_guest' => true, 'group_use_tax' => Group::getPriceDisplayMethod($customer->id_default_group) == PS_TAX_INC, 'CUSTOMIZE_FILE' => _CUSTOMIZE_FILE_, 'CUSTOMIZE_TEXTFIELD' => _CUSTOMIZE_TEXTFIELD_, 'use_tax' => Configuration::get('PS_TAX'), 'customizedDatas' => $customizedDatas)); if ($carrier->url and $order->shipping_number) { self::$smarty->assign('followup', str_replace('@', $order->shipping_number, $carrier->url)); } self::$smarty->assign('HOOK_ORDERDETAILDISPLAYED', Module::hookExec('orderDetailDisplayed', array('order' => $order))); Module::hookExec('OrderDetail', array('carrier' => $carrier, 'order' => $order)); if (Tools::isSubmit('submitTransformGuestToCustomer')) { if (!Validate::isPasswd(Tools::getValue('password'))) { $this->errors[] = Tools::displayError('Invalid password'); } $customer = new Customer((int) $order->id_customer); if (!Validate::isLoadedObject($customer)) { $this->errors[] = Tools::displayError('Invalid customer'); } if (!$customer->transformToCustomer(self::$cookie->id_lang, Tools::getValue('password'))) { $this->errors[] = Tools::displayError('An error occurred while transforming guest to customer.'); } else { self::$smarty->assign('transformSuccess', true); } } } if (sizeof($this->errors)) { /* Handle brute force attacks */ sleep(1); } } self::$smarty->assign(array('action' => 'guest-tracking.php', 'errors' => $this->errors)); }
/** * Récupération de l'employé par identifiant (et mot de passe facultatif) * * @param $email * @param string $passwd Password is also checked if specified * @return User instance */ public function getByEmail($email, $passwd = null) { if (!Validate::isEmail($email) || $passwd != null && !Validate::isPasswd($passwd)) { die(Tools::displayError()); } $passwd = trim($passwd); $query = DbQuery::get()->select('*')->from('user')->where('login = "******"'); if ($passwd) { $query->where('password = "******"'); } $result = Db::getInstance()->getRow($query); if (!$result) { return false; } $this->id = $result['id_user']; foreach ($result as $key => $value) { if (property_exists($this, $key)) { $this->{$key} = $value; } } return $this; }
public function transformToCustomer($id_lang, $password = null) { if (!$this->isGuest()) { return false; } if (empty($password)) { $password = Tools::passwdGen(8, 'RANDOM'); } if (!Validate::isPasswd($password)) { return false; } $this->is_guest = 0; $this->passwd = Tools::encrypt($password); $this->cleanGroups(); $this->addGroups(array(Configuration::get('PS_CUSTOMER_GROUP'))); // add default customer group if ($this->update()) { $vars = array('{firstname}' => $this->firstname, '{lastname}' => $this->lastname, '{email}' => $this->email, '{passwd}' => $password); Mail::Send((int) $id_lang, 'guest_to_customer', Mail::l('Your guest account has been transformed into a customer account', (int) $id_lang), $vars, $this->email, $this->firstname . ' ' . $this->lastname, null, null, null, null, _PS_MAIL_DIR_, false, (int) $this->id_shop); return true; } return false; }
/** * @param $user * @param $pass * @param ShopgateCustomer $customer * @throws ShopgateLibraryException */ public function registerCustomer($user, $pass, ShopgateCustomer $customer) { if (!Validate::isEmail($user)) { throw new ShopgateLibraryException(ShopgateLibraryException::PLUGIN_REGISTER_CUSTOMER_ERROR, 'E-mail Address validation error', true); } if ($pass && !Validate::isPasswd($pass)) { throw new ShopgateLibraryException(ShopgateLibraryException::PLUGIN_REGISTER_CUSTOMER_ERROR, 'Password validation error', true); } /** @var CustomerCore | Customer $customerModel */ $customerModel = new Customer(); if ($customerModel->getByEmail($user)) { throw new ShopgateLibraryException(ShopgateLibraryException::REGISTER_USER_ALREADY_EXISTS); } $customerModel->active = 1; $customerModel->lastname = $customer->getLastName(); $customerModel->firstname = $customer->getFirstName(); $customerModel->email = $user; $customerModel->passwd = Tools::encrypt($pass); $customerModel->id_gender = $this->mapGender($customer->getGender()); $customerModel->birthday = $customer->getBirthday(); $customerModel->newsletter = $customer->getNewsletterSubscription(); $shopgateCustomFieldsHelper = new ShopgateCustomFieldsHelper(); $shopgateCustomFieldsHelper->saveCustomFields($customerModel, $customer->getCustomFields()); $validateMessage = $customerModel->validateFields(false, true); if ($validateMessage !== true) { throw new ShopgateLibraryException(ShopgateLibraryException::REGISTER_FAILED_TO_ADD_USER, $validateMessage, true); } $customerModel->save(); /** * addresses */ foreach ($customer->getAddresses() as $address) { $this->createAddress($address, $customerModel); } return $customerModel->id; }
public function validateRules($class_name = false) { if (!$class_name) { $class_name = $this->className; } $rules = call_user_func(array($class_name, 'getValidationRules'), $class_name); if (count($rules['requiredLang']) || count($rules['sizeLang']) || count($rules['validateLang'])) { $default_language = new Language((int) Configuration::get('PS_LANG_DEFAULT')); $languages = Language::getLanguages(false); } foreach ($rules['required'] as $field) { if (($value = Tools::getValue($field)) == false && (string) $value != '0') { if (!Tools::getValue($this->identifier) || $field != 'passwd' && $field != 'no-picture') { $this->errors[] = $this->l('The field') . ' <b>' . call_user_func(array($class_name, 'displayFieldName'), $field, $class_name) . '</b> ' . $this->l('is required'); } } } foreach ($rules['requiredLang'] as $field_lang) { if (($empty = Tools::getValue($field_lang . '_' . $default_language->id)) === false || $empty !== '0' && empty($empty)) { $this->errors[] = $this->l('The field') . ' <b>' . call_user_func(array($class_name, 'displayFieldName'), $field_lang, $class_name) . '</b> ' . $this->l('is required at least in') . ' ' . $default_language->name; } } foreach ($rules['size'] as $field => $max_length) { if (Tools::getValue($field) !== false && Tools::strlen(Tools::getValue($field)) > $max_length) { $this->errors[] = $this->l('the field') . ' <b>' . call_user_func(array($class_name, 'displayFieldName'), $field, $class_name) . '</b> ' . $this->l('is too long') . ' (' . $max_length . ' ' . $this->l('chars max') . ')'; } } foreach ($rules['sizeLang'] as $field_lang => $max_length) { foreach ($languages as $language) { $field_lang = Tools::getValue($field_lang . '_' . $language['id_lang']); if ($field_lang !== false && Tools::strlen($field_lang) > $max_length) { $this->errors[] = $this->l('the field') . ' <b>' . call_user_func(array($class_name, 'displayFieldName'), $field_lang, $class_name) . ' (' . $language['name'] . ')</b> ' . $this->l('is too long') . ' (' . $max_length . ' ' . $this->l('chars max, html chars including') . ')'; } } } $this->_childValidation(); foreach ($rules['validate'] as $field => $function) { if (($value = Tools::getValue($field)) !== false && $field != 'passwd') { if (!Validate::$function($value) && !empty($value)) { $this->errors[] = $this->l('the field') . ' <b>' . call_user_func(array($class_name, 'displayFieldName'), $field, $class_name) . '</b> ' . $this->l('is invalid'); } } } if (($value = Tools::getValue('passwd')) != false) { if ($class_name == 'Employee' && !Validate::isPasswdAdmin($value)) { $this->errors[] = $this->l('the field') . ' <b>' . call_user_func(array($class_name, 'displayFieldName'), 'passwd', $class_name) . '</b> ' . $this->l('is invalid'); } elseif ($class_name == 'Customer' && !Validate::isPasswd($value)) { $this->errors[] = $this->l('the field') . ' <b>' . call_user_func(array($class_name, 'displayFieldName'), 'passwd', $class_name) . '</b> ' . $this->l('is invalid'); } } foreach ($rules['validateLang'] as $field_lang => $function) { foreach ($languages as $language) { if (($value = Tools::getValue($field_lang . '_' . $language['id_lang'])) !== false && !empty($value)) { if (!Validate::$function($value)) { $this->errors[] = $this->l('the field') . ' <b>' . call_user_func(array($class_name, 'displayFieldName'), $field_lang, $class_name) . ' (' . $language['name'] . ')</b> ' . $this->l('is invalid'); } } } } }
public function transformToCustomer($id_lang, $password = NULL) { if (!$this->isGuest()) { return false; } if (empty($password)) { $password = Tools::passwdGen(); } if (!Validate::isPasswd($password)) { return false; } $this->is_guest = 0; $this->passwd = Tools::encrypt($password); if ($this->update()) { $vars = array('{firstname}' => $this->firstname, '{lastname}' => $this->lastname, '{email}' => $this->email, '{passwd}' => $password); Mail::Send((int) $id_lang, 'guest_to_customer', Mail::l('Your guest account has been transformed to customer account'), $vars, $this->email, $this->firstname . ' ' . $this->lastname); return true; } return false; }
} } } } if (Tools::isSubmit('SubmitLogin')) { $passwd = trim(Tools::getValue('passwd')); $email = trim(Tools::getValue('email')); if (empty($email)) { $errors[] = Tools::displayError('e-mail address is required'); } elseif (!Validate::isEmail($email)) { $errors[] = Tools::displayError('invalid e-mail address'); } elseif (empty($passwd)) { $errors[] = Tools::displayError('password is required'); } elseif (Tools::strlen($passwd) > 32) { $errors[] = Tools::displayError('password is too long'); } elseif (!Validate::isPasswd($passwd)) { $errors[] = Tools::displayError('invalid password'); } else { $customer = new Customer(); $authentication = $customer->getByemail(trim($email), trim($passwd)); /* Handle brute force attacks */ sleep(1); if (!$authentication or !$customer->id) { $errors[] = Tools::displayError('authentication failed'); } else { $cookie->id_customer = intval($customer->id); $cookie->customer_lastname = $customer->lastname; $cookie->customer_firstname = $customer->firstname; $cookie->logged = 1; $cookie->passwd = $customer->passwd; $cookie->email = $customer->email;
public function postProcess() { global $cookie, $smarty; if (Tools::isSubmit('ajaxProductFilter')) { $fakeEmployee = new Employee(); $fakeEmployee->stats_date_from = $cookie->stats_date_from; $fakeEmployee->stats_date_to = $cookie->stats_date_to; $result = Db::getInstance()->getRow(' SELECT `id_referrer` FROM `' . _DB_PREFIX_ . 'referrer` WHERE `id_referrer` = ' . intval(Tools::getValue('id_referrer')) . ' AND `passwd` = \'' . pSQL(Tools::getValue('token')) . '\''); if (isset($result['id_referrer']) ? $result['id_referrer'] : false) { Referrer::getAjaxProduct(intval(Tools::getValue('id_referrer')), intval(Tools::getValue('id_product')), $fakeEmployee); } } elseif (Tools::isSubmit('logout_tracking')) { unset($cookie->tracking_id); unset($cookie->tracking_passwd); Tools::redirect('modules/trackingfront/stats.php'); } elseif (Tools::isSubmit('submitLoginTracking')) { $errors = array(); $login = trim(Tools::getValue('login')); $passwd = trim(Tools::getValue('passwd')); if (empty($login)) { $errors[] = $this->l('login is required'); } elseif (!Validate::isGenericName($login)) { $errors[] = $this->l('invalid login'); } elseif (empty($passwd)) { $errors[] = $this->l('password is required'); } elseif (!Validate::isPasswd($passwd)) { $errors[] = $this->l('invalid password'); } else { $passwd = Tools::encrypt($passwd); $result = Db::getInstance()->getRow(' SELECT `id_referrer` FROM `' . _DB_PREFIX_ . 'referrer` WHERE `name` = \'' . pSQL($login) . '\' AND `passwd` = \'' . pSQL($passwd) . '\''); if (!isset($result['id_referrer']) or !($tracking_id = intval($result['id_referrer']))) { $errors[] = $this->l('authentication failed'); } else { $cookie->tracking_id = $tracking_id; $cookie->tracking_passwd = $passwd; Tools::redirect('modules/trackingfront/stats.php'); } } $smarty->assign('errors', $errors); } if (Tools::isSubmit('submitDatePicker')) { $cookie->stats_date_from = Tools::getValue('datepickerFrom'); $cookie->stats_date_to = Tools::getValue('datepickerTo'); } if (Tools::isSubmit('submitDateDay')) { $from = date('Y-m-d'); $to = date('Y-m-d'); } if (Tools::isSubmit('submitDateDayPrev')) { $yesterday = time() - 60 * 60 * 24; $from = date('Y-m-d', $yesterday); $to = date('Y-m-d', $yesterday); } if (Tools::isSubmit('submitDateMonth')) { $from = date('Y-m-01'); $to = date('Y-m-t'); } if (Tools::isSubmit('submitDateMonthPrev')) { $m = date('m') == 1 ? 12 : date('m') - 1; $y = $m == 12 ? date('Y') - 1 : date('Y'); $from = $y . '-' . $m . '-01'; $to = $y . '-' . $m . date('-t', mktime(12, 0, 0, $m, 15, $y)); } if (Tools::isSubmit('submitDateYear')) { $from = date('Y-01-01'); $to = date('Y-12-31'); } if (Tools::isSubmit('submitDateYearPrev')) { $from = date('Y') - 1 . date('-01-01'); $to = date('Y') - 1 . date('-12-31'); } }
public function validateRules($class_name = false) { $employee = new Employee((int) Tools::getValue('id_employee')); if (!Validate::isLoadedObject($employee) && !Validate::isPasswd(Tools::getvalue('passwd'), Validate::ADMIN_PASSWORD_LENGTH)) { return !($this->errors[] = sprintf(Tools::displayError('The password must be at least %s characters long.'), Validate::ADMIN_PASSWORD_LENGTH)); } return parent::validateRules($class_name); }
public static function isPasswdAdmin($passwd) { return Validate::isPasswd($passwd, 8); }
/** * Manage page display (form, list...) * * @param string $className Allow to validate a different class than the current one */ public function validateRules($className = false) { if (!$className) { $className = $this->className; } /* Class specific validation rules */ $rules = call_user_func(array($className, 'getValidationRules'), $className); if (count($rules['requiredLang']) || count($rules['sizeLang']) || count($rules['validateLang'])) { /* Language() instance determined by default language */ $defaultLanguage = new Language((int) Configuration::get('PS_LANG_DEFAULT')); /* All availables languages */ $languages = Language::getLanguages(false); } /* Checking for required fields */ foreach ($rules['required'] as $field) { if (($value = Tools::getValue($field)) == false && (string) $value != '0') { if (!Tools::getValue($this->identifier) || $field != 'passwd' && $field != 'no-picture') { $this->_errors[] = sprintf(Tools::displayError('The field %s is required.'), call_user_func(array($className, 'displayFieldName'), $field, $className)); } } } /* Checking for multilingual required fields */ foreach ($rules['requiredLang'] as $fieldLang) { if (($empty = Tools::getValue($fieldLang . '_' . $defaultLanguage->id)) === false || $empty !== '0' && empty($empty)) { $this->_errors[] = sprintf(Tools::displayError('The field %1$s is required at least in %2$s.'), call_user_func(array($className, 'displayFieldName'), $fieldLang, $className), $defaultLanguage->name); } } /* Checking for maximum fields sizes */ foreach ($rules['size'] as $field => $maxLength) { if (Tools::getValue($field) !== false && Tools::strlen(Tools::getValue($field)) > $maxLength) { $this->_errors[] = sprintf(Tools::displayError('field %1$s is too long. (%2$d chars max)'), call_user_func(array($className, 'displayFieldName'), $field, $className), $maxLength); } } /* Checking for maximum multilingual fields size */ foreach ($rules['sizeLang'] as $fieldLang => $maxLength) { foreach ($languages as $language) { if (Tools::getValue($fieldLang . '_' . $language['id_lang']) !== false && Tools::strlen(Tools::getValue($fieldLang . '_' . $language['id_lang'])) > $maxLength) { $this->_errors[] = sprintf(Tools::displayError('field %1$s is too long. (%2$d chars max, html chars including)'), call_user_func(array($className, 'displayFieldName'), $fieldLang, $className), $maxLength); } } } /* Overload this method for custom checking */ $this->_childValidation(); /* Checking for fields validity */ foreach ($rules['validate'] as $field => $function) { if (($value = Tools::getValue($field)) !== false && !empty($value) && $field != 'passwd') { if (!Validate::$function($value)) { $this->_errors[] = sprintf(Tools::displayError('The field %1$s (%2$s) is invalid.'), call_user_func(array($className, 'displayFieldName'), $field, $className)); } } } /* Checking for passwd_old validity */ if (($value = Tools::getValue('passwd')) != false) { if ($className == 'Employee' && !Validate::isPasswdAdmin($value)) { $this->_errors[] = sprintf(Tools::displayError('The field %1$s (%2$s) is invalid.'), call_user_func(array($className, 'displayFieldName'), 'passwd', $className)); } elseif ($className == 'Customer' && !Validate::isPasswd($value)) { $this->_errors[] = sprintf(Tools::displayError('The field %1$s (%2$s) is invalid.'), call_user_func(array($className, 'displayFieldName'), 'passwd', $className)); } } /* Checking for multilingual fields validity */ foreach ($rules['validateLang'] as $fieldLang => $function) { foreach ($languages as $language) { if (($value = Tools::getValue($fieldLang . '_' . $language['id_lang'])) !== false && !empty($value)) { if (!Validate::$function($value)) { $this->_errors[] = sprintf(Tools::displayError('The field %1$s (%2$s) is invalid.'), call_user_func(array($className, 'displayFieldName'), $fieldLang, $className), $language['name']); } } } } }
protected function changePassword() { $token = Tools::getValue('token'); $id_customer = (int) Tools::getValue('id_customer'); if ($email = Db::getInstance()->getValue('SELECT `email` FROM ' . _DB_PREFIX_ . 'customer c WHERE c.`secure_key` = \'' . pSQL($token) . '\' AND c.id_customer = ' . $id_customer)) { $customer = new Customer(); $customer->getByEmail($email); if (!Validate::isLoadedObject($customer)) { $this->errors[] = $this->trans('Customer account not found', array(), 'Shop.Notifications.Error'); } elseif (!$customer->active) { $this->errors[] = $this->trans('You cannot regenerate the password for this account.', array(), 'Shop.Notifications.Error'); } // Case if both password params not posted or different, then "change password" form is not POSTED, show it. if (!Tools::isSubmit('passwd') || !Tools::isSubmit('confirmation') || ($passwd = Tools::getValue('passwd')) !== ($confirmation = Tools::getValue('confirmation')) || !Validate::isPasswd($passwd) || !Validate::isPasswd($confirmation)) { // Check if passwords are here anyway, BUT does not match the password validation format if (Tools::isSubmit('passwd') || Tools::isSubmit('confirmation')) { $this->errors[] = $this->trans('The password and its confirmation do not match.', array(), 'Shop.Notifications.Error'); } $this->context->smarty->assign(['customer_email' => $customer->email, 'customer_token' => $token, 'id_customer' => $id_customer, 'reset_token' => Tools::getValue('reset_token')]); $this->setTemplate('customer/password-new'); } else { // Both password fields posted. Check if all is right and store new password properly. if (!Tools::getValue('reset_token') || strtotime($customer->last_passwd_gen . '+' . (int) Configuration::get('PS_PASSWD_TIME_FRONT') . ' minutes') - time() > 0) { Tools::redirect('index.php?controller=authentication&error_regen_pwd'); } else { // To update password, we must have the temporary reset token that matches. if ($customer->getValidResetPasswordToken() !== Tools::getValue('reset_token')) { $this->errors[] = $this->trans('The password change request expired. You should ask for a new one.', array(), 'Shop.Notifications.Error'); } else { try { $crypto = new Hashing(); } catch (\PrestaShop\PrestaShop\Adapter\CoreException $e) { $this->errors[] = $this->trans('An error occurred with your account, which prevents us from updating the new password. Please report this issue using the contact form.', array(), 'Shop.Notifications.Error'); return false; } $customer->passwd = $crypto->encrypt($password = Tools::getValue('passwd'), _COOKIE_KEY_); $customer->last_passwd_gen = date('Y-m-d H:i:s', time()); if ($customer->update()) { Hook::exec('actionPasswordRenew', array('customer' => $customer, 'password' => $password)); $customer->removeResetPasswordToken(); $customer->update(); $mail_params = ['{email}' => $customer->email, '{lastname}' => $customer->lastname, '{firstname}' => $customer->firstname]; if (Mail::Send($this->context->language->id, 'password', Mail::l('Your new password'), $mail_params, $customer->email, $customer->firstname . ' ' . $customer->lastname)) { $this->context->smarty->assign(['customer_email' => $customer->email]); $this->success[] = $this->trans('Your password has been successfully reset and a confirmation has been sent to your email address: %s', array($customer->email), 'Shop.Notifications.Success'); $this->context->updateCustomer($customer); $this->redirectWithNotifications('index.php?controller=my-account'); } else { $this->errors[] = $this->trans('An error occurred while sending the email.', array(), 'Shop.Notifications.Error'); } } else { $this->errors[] = $this->trans('An error occurred with your account, which prevents us from updating the new password. Please report this issue using the contact form.', array(), 'Shop.Notifications.Error'); } } } } } else { $this->errors[] = $this->trans('We cannot regenerate your password with the data you\'ve submitted', array(), 'Shop.Notifications.Error'); } }
function submitLogin() { global $cookie, $errors; $passwd = trim(Tools::getValue('passwd')); $email = trim(Tools::getValue('email')); if (empty($email)) { $errors[] = Tools::displayError('e-mail address is required'); } elseif (empty($email) or !Validate::isEmail($email)) { $errors[] = Tools::displayError('invalid e-mail address'); } elseif (empty($passwd)) { $errors[] = Tools::displayError('password is required'); } elseif (Tools::strlen($passwd) > 32) { $errors[] = Tools::displayError('password is too long'); } elseif (!Validate::isPasswd($passwd)) { $errors[] = Tools::displayError('invalid password'); } else { $customer = new Customer(); $authentication = $customer->getByemail(trim($email), trim($passwd)); /* Handle brute force attacks */ sleep(1); if (!$authentication or !$customer->id) { $errors[] = Tools::displayError('authentication failed'); } else { $cookie->id_customer = (int) $customer->id; $cookie->customer_lastname = $customer->lastname; $cookie->customer_firstname = $customer->firstname; $cookie->logged = 1; $cookie->passwd = $customer->passwd; $cookie->email = $customer->email; if (Configuration::get('PS_CART_FOLLOWING') and (empty($cookie->id_cart) or Cart::getNbProducts($cookie->id_cart) == 0)) { $cookie->id_cart = Cart::lastNoneOrderedCart($customer->id); } Module::hookExec('authentication'); // Next ! $payerID = strval(Tools::getValue('payerID')); displayProcess($payerID); } } }
/** * Check if employee password is the right one * * @param string $passwd Password * @return boolean result */ public static function checkPassword($id_employee, $passwd) { if (!Validate::isUnsignedId($id_employee) or !Validate::isPasswd($passwd, 8)) { die(Tools::displayError()); } $result = Db::getInstance()->getRow(' SELECT `id_employee` FROM `' . _DB_PREFIX_ . 'employee` WHERE `id_employee` = ' . intval($id_employee) . ' AND `passwd` = \'' . pSQL($passwd) . '\''); return isset($result['id_employee']) ? $result['id_employee'] : false; }
public static function isPasswdAdmin($passwd) { return Validate::isPasswd($passwd, Validate::ADMIN_PASSWORD_LENGTH); }
public function handleBuyerLoginUserPassword($metadata, $request, $encoder) { // code from AuthController SubmitLogin $email = $request['Username']; $passwd = $request['Password']; $customer = new Customer(); if (!Validate::isEmail($email) or $passwd and !Validate::isPasswd($passwd)) { CartAPI_Helpers::dieOnError($encoder, 'LoginNotAuthorized', CartAPI_Handlers_Helpers::removeHtmlTags(Tools::displayError('Authentication failed'))); } $authentication = $customer->getByEmail(trim($email), trim($passwd)); if (!$authentication or !$customer->id) { /* Handle brute force attacks */ sleep(1); CartAPI_Helpers::dieOnError($encoder, 'LoginNotAuthorized', CartAPI_Handlers_Helpers::removeHtmlTags(Tools::displayError('Authentication failed'))); } // if here than passed authentication $this->syncCookie($customer); // run the after login events $this->afterBuyerLogin($customer); }
public function preProcess() { parent::preProcess(); if (self::$cookie->isLogged() and !Tools::isSubmit('ajax')) { Tools::redirect('my-account.php'); } if (Tools::getValue('create_account')) { $create_account = 1; self::$smarty->assign('email_create', 1); } if (Tools::isSubmit('SubmitCreate')) { if (!Validate::isEmail($email = Tools::getValue('email_create')) or empty($email)) { $this->errors[] = Tools::displayError('Invalid e-mail address'); } elseif (Customer::customerExists($email)) { $this->errors[] = Tools::displayError('An account is already registered with this e-mail, please fill in the password or request a new one.'); $_POST['email'] = $_POST['email_create']; unset($_POST['email_create']); } else { $create_account = 1; self::$smarty->assign('email_create', Tools::safeOutput($email)); $_POST['email'] = $email; } } if (Tools::isSubmit('submitAccount') or Tools::isSubmit('submitGuestAccount')) { $create_account = 1; if (Tools::isSubmit('submitAccount')) { self::$smarty->assign('email_create', 1); } /* New Guest customer */ if (!Tools::getValue('is_new_customer', 1) and !Configuration::get('PS_GUEST_CHECKOUT_ENABLED')) { $this->errors[] = Tools::displayError('You cannot create a guest account.'); } if (!Tools::getValue('is_new_customer', 1)) { $_POST['passwd'] = md5(time() . _COOKIE_KEY_); } if (isset($_POST['guest_email']) and $_POST['guest_email']) { $_POST['email'] = $_POST['guest_email']; } /* Preparing customer */ $customer = new Customer(); $lastnameAddress = $_POST['lastname']; $firstnameAddress = $_POST['firstname']; $_POST['lastname'] = $_POST['customer_lastname']; $_POST['firstname'] = $_POST['customer_firstname']; if (!Tools::getValue('phone') and !Tools::getValue('phone_mobile')) { $this->errors[] = Tools::displayError('You must register at least one phone number'); } if (!@checkdate(Tools::getValue('months'), Tools::getValue('days'), Tools::getValue('years')) and !(Tools::getValue('months') == '' and Tools::getValue('days') == '' and Tools::getValue('years') == '')) { $this->errors[] = Tools::displayError('Invalid date of birth'); } $customer->birthday = empty($_POST['years']) ? '' : (int) $_POST['years'] . '-' . (int) $_POST['months'] . '-' . (int) $_POST['days']; $this->errors = array_unique(array_merge($this->errors, $customer->validateControler())); /* Preparing address */ $address = new Address(); $_POST['lastname'] = $lastnameAddress; $_POST['firstname'] = $firstnameAddress; $address->id_customer = 1; $this->errors = array_unique(array_merge($this->errors, $address->validateControler())); /* US customer: normalize the address */ if ($address->id_country == Country::getByIso('US')) { include_once _PS_TAASC_PATH_ . 'AddressStandardizationSolution.php'; $normalize = new AddressStandardizationSolution(); $address->address1 = $normalize->AddressLineStandardization($address->address1); $address->address2 = $normalize->AddressLineStandardization($address->address2); } $zip_code_format = Country::getZipCodeFormat((int) Tools::getValue('id_country')); if (Country::getNeedZipCode((int) Tools::getValue('id_country'))) { if ($postcode = Tools::getValue('postcode') and $zip_code_format) { $zip_regexp = '/^' . $zip_code_format . '$/ui'; $zip_regexp = str_replace(' ', '( |)', $zip_regexp); $zip_regexp = str_replace('-', '(-|)', $zip_regexp); $zip_regexp = str_replace('N', '[0-9]', $zip_regexp); $zip_regexp = str_replace('L', '[a-zA-Z]', $zip_regexp); $zip_regexp = str_replace('C', Country::getIsoById((int) Tools::getValue('id_country')), $zip_regexp); if (!preg_match($zip_regexp, $postcode)) { $this->errors[] = '<strong>' . Tools::displayError('Zip/ Postal code') . '</strong> ' . Tools::displayError('is invalid.') . '<br />' . Tools::displayError('Must be typed as follows:') . ' ' . str_replace('C', Country::getIsoById((int) Tools::getValue('id_country')), str_replace('N', '0', str_replace('L', 'A', $zip_code_format))); } } elseif ($zip_code_format) { $this->errors[] = '<strong>' . Tools::displayError('Zip/ Postal code') . '</strong> ' . Tools::displayError('is required.'); } elseif ($postcode and !preg_match('/^[0-9a-zA-Z -]{4,9}$/ui', $postcode)) { $this->errors[] = '<strong>' . Tools::displayError('Zip/ Postal code') . '</strong> ' . Tools::displayError('is invalid.'); } } if (Country::isNeedDniByCountryId($address->id_country) and (!Tools::getValue('dni') or !Validate::isDniLite(Tools::getValue('dni')))) { $this->errors[] = Tools::displayError('Identification number is incorrect or has already been used.'); } elseif (!Country::isNeedDniByCountryId($address->id_country)) { $address->dni = NULL; } if (!sizeof($this->errors)) { if (Customer::customerExists(Tools::getValue('email'))) { $this->errors[] = Tools::displayError('An account is already registered with this e-mail, please fill in the password or request a new one.'); } if (Tools::isSubmit('newsletter')) { $customer->ip_registration_newsletter = pSQL(Tools::getRemoteAddr()); $customer->newsletter_date_add = pSQL(date('Y-m-d H:i:s')); } if (!sizeof($this->errors)) { if (!($country = new Country($address->id_country, Configuration::get('PS_LANG_DEFAULT'))) or !Validate::isLoadedObject($country)) { die(Tools::displayError()); } if ((int) $country->contains_states and !(int) $address->id_state) { $this->errors[] = Tools::displayError('This country requires a state selection.'); } else { $customer->active = 1; /* New Guest customer */ if (Tools::isSubmit('is_new_customer')) { $customer->is_guest = !Tools::getValue('is_new_customer', 1); } else { $customer->is_guest = 0; } if (!$customer->add()) { $this->errors[] = Tools::displayError('An error occurred while creating your account.'); } else { $address->id_customer = (int) $customer->id; if (!$address->add()) { $this->errors[] = Tools::displayError('An error occurred while creating your address.'); } else { if (!$customer->is_guest) { if (!Mail::Send((int) self::$cookie->id_lang, 'account', Mail::l('Welcome!'), array('{firstname}' => $customer->firstname, '{lastname}' => $customer->lastname, '{email}' => $customer->email, '{passwd}' => Tools::getValue('passwd')), $customer->email, $customer->firstname . ' ' . $customer->lastname)) { $this->errors[] = Tools::displayError('Cannot send email'); } } self::$smarty->assign('confirmation', 1); self::$cookie->id_customer = (int) $customer->id; self::$cookie->customer_lastname = $customer->lastname; self::$cookie->customer_firstname = $customer->firstname; self::$cookie->passwd = $customer->passwd; self::$cookie->logged = 1; self::$cookie->email = $customer->email; self::$cookie->is_guest = !Tools::getValue('is_new_customer', 1); /* Update cart address */ self::$cart->secure_key = $customer->secure_key; self::$cart->id_address_delivery = Address::getFirstCustomerAddressId((int) $customer->id); self::$cart->id_address_invoice = Address::getFirstCustomerAddressId((int) $customer->id); self::$cart->update(); Module::hookExec('createAccount', array('_POST' => $_POST, 'newCustomer' => $customer)); if (Tools::isSubmit('ajax')) { $return = array('hasError' => !empty($this->errors), 'errors' => $this->errors, 'isSaved' => true, 'id_customer' => (int) self::$cookie->id_customer, 'id_address_delivery' => self::$cart->id_address_delivery, 'id_address_invoice' => self::$cart->id_address_invoice, 'token' => Tools::getToken(false)); die(Tools::jsonEncode($return)); } if ($back = Tools::getValue('back')) { Tools::redirect($back); } Tools::redirect('my-account.php'); } } } } } if (sizeof($this->errors)) { if (!Tools::getValue('is_new_customer')) { unset($_POST['passwd']); } if (Tools::isSubmit('ajax')) { $return = array('hasError' => !empty($this->errors), 'errors' => $this->errors, 'isSaved' => false, 'id_customer' => 0); die(Tools::jsonEncode($return)); } } } if (Tools::isSubmit('SubmitLogin')) { Module::hookExec('beforeAuthentication'); $passwd = trim(Tools::getValue('passwd')); $email = trim(Tools::getValue('email')); if (empty($email)) { $this->errors[] = Tools::displayError('E-mail address required'); } elseif (!Validate::isEmail($email)) { $this->errors[] = Tools::displayError('Invalid e-mail address'); } elseif (empty($passwd)) { $this->errors[] = Tools::displayError('Password is required'); } elseif (Tools::strlen($passwd) > 32) { $this->errors[] = Tools::displayError('Password is too long'); } elseif (!Validate::isPasswd($passwd)) { $this->errors[] = Tools::displayError('Invalid password'); } else { $customer = new Customer(); $authentication = $customer->getByEmail(trim($email), trim($passwd)); if (!$authentication or !$customer->id) { /* Handle brute force attacks */ sleep(1); $this->errors[] = Tools::displayError('Authentication failed'); } else { self::$cookie->id_compare = isset(self::$cookie->id_compare) ? self::$cookie->id_compare : CompareProduct::getIdCompareByIdCustomer($customer->id); self::$cookie->id_customer = (int) $customer->id; self::$cookie->customer_lastname = $customer->lastname; self::$cookie->customer_firstname = $customer->firstname; self::$cookie->id_default_group = $customer->id_default_group; self::$cookie->logged = 1; self::$cookie->is_guest = $customer->isGuest(); self::$cookie->passwd = $customer->passwd; self::$cookie->email = $customer->email; if (Configuration::get('PS_CART_FOLLOWING') and (empty(self::$cookie->id_cart) or Cart::getNbProducts(self::$cookie->id_cart) == 0)) { self::$cookie->id_cart = (int) Cart::lastNoneOrderedCart((int) $customer->id); } /* Update cart address */ self::$cart->id_carrier = 0; self::$cart->id_address_delivery = Address::getFirstCustomerAddressId((int) $customer->id); self::$cart->id_address_invoice = Address::getFirstCustomerAddressId((int) $customer->id); // If a logged guest logs in as a customer, the cart secure key was already set and needs to be updated self::$cart->secure_key = $customer->secure_key; self::$cart->update(); Module::hookExec('authentication'); if (!Tools::isSubmit('ajax')) { if ($back = Tools::getValue('back')) { Tools::redirect($back); } Tools::redirect('my-account.php'); } } } if (Tools::isSubmit('ajax')) { $return = array('hasError' => !empty($this->errors), 'errors' => $this->errors, 'token' => Tools::getToken(false)); die(Tools::jsonEncode($return)); } } if (isset($create_account)) { /* Select the most appropriate country */ if (isset($_POST['id_country']) and is_numeric($_POST['id_country'])) { $selectedCountry = (int) $_POST['id_country']; } /* FIXME : language iso and country iso are not similar, * maybe an associative table with country an language can resolve it, * But for now it's a bug ! * @see : bug #6968 * @link:http://www.prestashop.com/bug_tracker/view/6968/ elseif (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { $array = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']); if (Validate::isLanguageIsoCode($array[0])) { $selectedCountry = Country::getByIso($array[0]); if (!$selectedCountry) $selectedCountry = (int)(Configuration::get('PS_COUNTRY_DEFAULT')); } }*/ if (!isset($selectedCountry)) { $selectedCountry = (int) Configuration::get('PS_COUNTRY_DEFAULT'); } if (Configuration::get('PS_RESTRICT_DELIVERED_COUNTRIES')) { $countries = Carrier::getDeliveredCountries((int) self::$cookie->id_lang, true, true); } else { $countries = Country::getCountries((int) self::$cookie->id_lang, true); } self::$smarty->assign(array('countries' => $countries, 'sl_country' => isset($selectedCountry) ? $selectedCountry : 0, 'vat_management' => Configuration::get('VATNUMBER_MANAGEMENT'))); /* Call a hook to display more information on form */ self::$smarty->assign(array('HOOK_CREATE_ACCOUNT_FORM' => Module::hookExec('createAccountForm'), 'HOOK_CREATE_ACCOUNT_TOP' => Module::hookExec('createAccountTop'))); } /* Generate years, months and days */ if (isset($_POST['years']) and is_numeric($_POST['years'])) { $selectedYears = (int) $_POST['years']; } $years = Tools::dateYears(); if (isset($_POST['months']) and is_numeric($_POST['months'])) { $selectedMonths = (int) $_POST['months']; } $months = Tools::dateMonths(); if (isset($_POST['days']) and is_numeric($_POST['days'])) { $selectedDays = (int) $_POST['days']; } $days = Tools::dateDays(); self::$smarty->assign(array('years' => $years, 'sl_year' => isset($selectedYears) ? $selectedYears : 0, 'months' => $months, 'sl_month' => isset($selectedMonths) ? $selectedMonths : 0, 'days' => $days, 'sl_day' => isset($selectedDays) ? $selectedDays : 0)); self::$smarty->assign('newsletter', (int) Module::getInstanceByName('blocknewsletter')->active); }
function signIn($POSTdata) { //Init variables $unick = trim($POSTdata['playernick']); $upass = trim($POSTdata['playerpassword']); $umail = trim($POSTdata['playermail']); $data = array(); $output = array(); //Check password copy if ($upass != $POSTdata['playerpasswordcpy']) { print 1; exit; } $check = Db::q('SELECT * FROM ' . _DB_PREFIX_ . 'users WHERE playermail = "' . mysql_escape_string($umail) . '" LIMIT 1'); if (sizeof($check) >= 1) { print 2; die; } $error = array(); if (!Validate::isName($unick)) { $error[] = 'Invalid nickname'; } if (!Validate::isPasswd($upass)) { $error[] = 'Invalid password'; } if (!Validate::isEmail($umail)) { $error[] = 'Invalid email'; } //Validate if (sizeof($error)) { print 0; die; } /* ========================== 2° step : save data =========================== */ Db::q('INSERT INTO ' . _DB_PREFIX_ . 'users (playernick, playermail, playerpassword) VALUES("' . mysql_real_escape_string($unick) . '", "' . mysql_real_escape_string($umail) . '", "' . md5($upass) . '")'); $check = Db::q('SELECT * FROM ' . _DB_PREFIX_ . 'users WHERE playermail = "' . mysql_real_escape_string($umail) . '"'); if (!sizeof($check)) { print 0; die; } Db::q('INSERT INTO ' . _DB_PREFIX_ . 'points (id_player, points) VALUES("' . $check[0]['id'] . '", "0")'); //Initialize saves data Db::q('INSERT INTO ' . _DB_PREFIX_ . 'saves (id_player, points, level, health, inventary) VALUES("' . $check[0]['id'] . '", "0", "1", "100", 0)'); print 3; die; }
public function processLogin() { /* Check fields validity */ $passwd = trim(Tools::getValue('passwd')); $email = trim(Tools::getValue('email')); if (empty($email)) { $this->errors[] = Tools::displayError('Email is empty.'); } elseif (!Validate::isEmail($email)) { $this->errors[] = Tools::displayError('Invalid email address.'); } if (empty($passwd)) { $this->errors[] = Tools::displayError('The password field is blank.'); } elseif (!Validate::isPasswd($passwd)) { $this->errors[] = Tools::displayError('Invalid password.'); } if (!count($this->errors)) { // Find employee $this->context->employee = new Employee(); $is_employee_loaded = $this->context->employee->getByEmail($email, $passwd); $employee_associated_shop = $this->context->employee->getAssociatedShops(); if (!$is_employee_loaded) { $this->errors[] = Tools::displayError('The Employee does not exist, or the password provided is incorrect.'); $this->context->employee->logout(); } elseif (empty($employee_associated_shop) && !$this->context->employee->isSuperAdmin()) { $this->errors[] = Tools::displayError('This employee does not manage the shop anymore (Either the shop has been deleted or permissions have been revoked).'); $this->context->employee->logout(); } else { $this->context->employee->remote_addr = ip2long(Tools::getRemoteAddr()); // Update cookie $cookie = Context::getContext()->cookie; $cookie->id_employee = $this->context->employee->id; $cookie->email = $this->context->employee->email; $cookie->profile = $this->context->employee->id_profile; $cookie->passwd = $this->context->employee->passwd; $cookie->remote_addr = $this->context->employee->remote_addr; $cookie->write(); // If there is a valid controller name submitted, redirect to it if (isset($_POST['redirect']) && Validate::isControllerName($_POST['redirect'])) { $url = $this->context->link->getAdminLink($_POST['redirect']); } else { $tab = new Tab((int) $this->context->employee->default_tab); $url = $this->context->link->getAdminLink($tab->class_name); } if (Tools::isSubmit('ajax')) { die(Tools::jsonEncode(array('hasErrors' => false, 'redirect' => $url))); } else { $this->redirect_after = $url; } } } if (Tools::isSubmit('ajax')) { die(Tools::jsonEncode(array('hasErrors' => true, 'errors' => $this->errors))); } }
public function preProcess() { if (Tools::isSubmit('SubmitLogin') || Tools::getValue('SubmitLogin')) { Module::hookExec('beforeAuthentication'); $passwd = trim(Tools::getValue('passwd')); $email = trim(Tools::getValue('email')); if (empty($email)) { $this->errors[] = Tools::displayError('E-mail address required'); } elseif (!Validate::isEmail($email)) { $this->errors[] = Tools::displayError('Invalid e-mail address'); } elseif (empty($passwd)) { $this->errors[] = Tools::displayError('Password is required'); } elseif (Tools::strlen($passwd) > 32) { $this->errors[] = Tools::displayError('Password is too long'); } elseif (!Validate::isPasswd($passwd)) { $this->errors[] = Tools::displayError('Invalid password'); } else { $customer = new Customer(); $authentication = $customer->getByEmail(trim($email), trim($passwd)); if (!$authentication or !$customer->id) { /* Handle brute force attacks */ sleep(1); $this->errors[] = Tools::displayError('Authentication failed'); } else { self::$cookie->id_customer = (int) $customer->id; self::$cookie->customer_lastname = $customer->lastname; self::$cookie->customer_firstname = $customer->firstname; self::$cookie->logged = 1; self::$cookie->is_guest = $customer->isGuest(); self::$cookie->passwd = $customer->passwd; self::$cookie->email = $customer->email; if (Configuration::get('PS_CART_FOLLOWING') and (empty(self::$cookie->id_cart) or Cart::getNbProducts(self::$cookie->id_cart) == 0)) { self::$cookie->id_cart = (int) Cart::lastNoneOrderedCart((int) $customer->id); } /* Update cart address */ self::$cart->id_carrier = 0; self::$cart->id_address_delivery = Address::getFirstCustomerAddressId((int) $customer->id); self::$cart->id_address_invoice = Address::getFirstCustomerAddressId((int) $customer->id); self::$cart->update(); Module::hookExec('authentication'); if (!Tools::isSubmit('ajax')) { if ($back = Tools::getValue('back')) { Tools::redirect($back); } Tools::redirect('history.php'); } } } if (Tools::getValue('ajax')) { $return = array('hasError' => !empty($this->errors), 'errors' => $this->errors, 'token' => Tools::getToken(false)); die(Tools::jsonEncode($return)); } } }
/** * Manage page display (form, list...) * * @param string $className Allow to validate a different class than the current one */ public function validateRules($className = false) { if (!$className) { $className = $this->className; } /* Class specific validation rules */ $rules = call_user_func(array($className, 'getValidationRules'), $className); if (sizeof($rules['requiredLang']) or sizeof($rules['sizeLang']) or sizeof($rules['validateLang'])) { /* Language() instance determined by default language */ $defaultLanguage = new Language((int) Configuration::get('PS_LANG_DEFAULT')); /* All availables languages */ $languages = Language::getLanguages(false); } /* Checking for required fields */ foreach ($rules['required'] as $field) { if (($value = Tools::getValue($field)) == false and (string) $value != '0') { if (!Tools::getValue($this->identifier) or $field != 'passwd' and $field != 'no-picture') { $this->_errors[] = $this->l('the field') . ' <b>' . call_user_func(array($className, 'displayFieldName'), $field, $className) . '</b> ' . $this->l('is required'); } } } /* Checking for multilingual required fields */ foreach ($rules['requiredLang'] as $fieldLang) { if (($empty = Tools::getValue($fieldLang . '_' . $defaultLanguage->id)) === false or $empty !== '0' and empty($empty)) { $this->_errors[] = $this->l('the field') . ' <b>' . call_user_func(array($className, 'displayFieldName'), $fieldLang, $className) . '</b> ' . $this->l('is required at least in') . ' ' . $defaultLanguage->name; } } /* Checking for maximum fields sizes */ foreach ($rules['size'] as $field => $maxLength) { if (Tools::getValue($field) !== false and Tools::strlen(Tools::getValue($field)) > $maxLength) { $this->_errors[] = $this->l('the field') . ' <b>' . call_user_func(array($className, 'displayFieldName'), $field, $className) . '</b> ' . $this->l('is too long') . ' (' . $maxLength . ' ' . $this->l('chars max') . ')'; } } /* Checking for maximum multilingual fields size */ foreach ($rules['sizeLang'] as $fieldLang => $maxLength) { foreach ($languages as $language) { if (Tools::getValue($fieldLang . '_' . $language['id_lang']) !== false and Tools::strlen(Tools::getValue($fieldLang . '_' . $language['id_lang'])) > $maxLength) { $this->_errors[] = $this->l('the field') . ' <b>' . call_user_func(array($className, 'displayFieldName'), $fieldLang, $className) . ' (' . $language['name'] . ')</b> ' . $this->l('is too long') . ' (' . $maxLength . ' ' . $this->l('chars max, html chars including') . ')'; } } } /* Overload this method for custom checking */ $this->_childValidation(); /* Checking for fields validity */ foreach ($rules['validate'] as $field => $function) { if (($value = Tools::getValue($field)) !== false and $field != 'passwd') { if (!Validate::$function($value)) { $this->_errors[] = $this->l('the field') . ' <b>' . call_user_func(array($className, 'displayFieldName'), $field, $className) . '</b> ' . $this->l('is invalid'); } } } /* Checking for passwd_old validity */ if (($value = Tools::getValue('passwd')) != false) { if ($className == 'Employee' and !Validate::isPasswdAdmin($value)) { $this->_errors[] = $this->l('the field') . ' <b>' . call_user_func(array($className, 'displayFieldName'), 'passwd', $className) . '</b> ' . $this->l('is invalid'); } elseif ($className == 'Customer' and !Validate::isPasswd($value)) { $this->_errors[] = $this->l('the field') . ' <b>' . call_user_func(array($className, 'displayFieldName'), 'passwd', $className) . '</b> ' . $this->l('is invalid'); } } /* Checking for multilingual fields validity */ foreach ($rules['validateLang'] as $fieldLang => $function) { foreach ($languages as $language) { if (($value = Tools::getValue($fieldLang . '_' . $language['id_lang'])) !== false and !empty($value)) { if (!Validate::$function($value)) { $this->_errors[] = $this->l('the field') . ' <b>' . call_user_func(array($className, 'displayFieldName'), $fieldLang, $className) . ' (' . $language['name'] . ')</b> ' . $this->l('is invalid'); } } } } }
public function postProcess() { if (Tools::isSubmit('deleteemployee') || Tools::isSubmit('status') || Tools::isSubmit('statusemployee')) { /* PrestaShop demo mode */ if (_PS_MODE_DEMO_ && ($id_employee = Tools::getValue('id_employee') && (int) $id_employee == _PS_DEMO_MAIN_BO_ACCOUNT_)) { $this->errors[] = Tools::displayError('This functionality has been disabled.'); return; } if ($this->context->employee->id == Tools::getValue('id_employee')) { $this->errors[] = Tools::displayError('You cannot disable or delete your own account.'); return false; } $employee = new Employee(Tools::getValue('id_employee')); if ($employee->isLastAdmin()) { $this->errors[] = Tools::displayError('You cannot disable or delete the administrator account.'); return false; } // It is not possible to delete an employee if he manages warehouses $warehouses = Warehouse::getWarehousesByEmployee((int) Tools::getValue('id_employee')); if (Tools::isSubmit('deleteemployee') && count($warehouses) > 0) { $this->errors[] = Tools::displayError('You cannot delete this account because it manages warehouses. Check your warehouses first.'); return false; } } elseif (Tools::isSubmit('submitAddemployee')) { $employee = new Employee((int) Tools::getValue('id_employee')); if (!Validate::isLoadedObject($employee) && !Validate::isPasswd(Tools::getvalue('passwd'), 8)) { $this->errors[] = Tools::displayError('You must specify a password with a minimum of eight characters.'); } // If the employee is editing its own account if ($this->restrict_edition) { $_POST['id_profile'] = $_GET['id_profile'] = $employee->id_profile; $_POST['active'] = $_GET['active'] = $employee->active; // Unset set shops foreach ($_POST as $postkey => $postvalue) { if (strstr($postkey, 'checkBoxShopAsso_' . $this->table) !== false) { unset($_POST[$postkey]); } } foreach ($_GET as $postkey => $postvalue) { if (strstr($postkey, 'checkBoxShopAsso_' . $this->table) !== false) { unset($_GET[$postkey]); } } // Add current shops associated to the employee $result = Shop::getShopById((int) $employee->id, $this->identifier, $this->table); foreach ($result as $row) { $key = 'checkBoxShopAsso_' . $this->table; if (!isset($_POST[$key])) { $_POST[$key] = array(); } if (!isset($_GET[$key])) { $_GET[$key] = array(); } $_POST[$key][$row['id_shop']] = 1; $_GET[$key][$row['id_shop']] = 1; } } //if profile is super admin, manually fill checkBoxShopAsso_employee because in the form they are disabled. if ($_POST['id_profile'] == _PS_ADMIN_PROFILE_) { $result = Db::getInstance()->executeS('SELECT id_shop FROM ' . _DB_PREFIX_ . 'shop'); foreach ($result as $row) { $key = 'checkBoxShopAsso_' . $this->table; if (!isset($_POST[$key])) { $_POST[$key] = array(); } if (!isset($_GET[$key])) { $_GET[$key] = array(); } $_POST[$key][$row['id_shop']] = 1; $_GET[$key][$row['id_shop']] = 1; } } if ($employee->isLastAdmin()) { if (Tools::getValue('id_profile') != (int) _PS_ADMIN_PROFILE_) { $this->errors[] = Tools::displayError('You should have at least one employee in the administrator group.'); return false; } if (Tools::getvalue('active') == 0) { $this->errors[] = Tools::displayError('You cannot disable or delete the administrator account.'); return false; } } if (Tools::getValue('bo_theme_css')) { $bo_theme = explode('|', Tools::getValue('bo_theme_css')); $_POST['bo_theme'] = $bo_theme[0]; if (!in_array($bo_theme[0], scandir(_PS_ADMIN_DIR_ . DIRECTORY_SEPARATOR . 'themes'))) { $this->errors[] = Tools::displayError('Invalid theme'); return false; } if (isset($bo_theme[1])) { $_POST['bo_css'] = $bo_theme[1]; } } $assos = $this->getSelectedAssoShop($this->table); if (!$assos && ($this->table = 'employee')) { if (Shop::isFeatureActive() && _PS_ADMIN_PROFILE_ != $_POST['id_profile']) { $this->errors[] = Tools::displayError('The employee must be associated with at least one shop.'); } } } return parent::postProcess(); }