/**
* Prepare data for the \XLite\Controller\Customer\Login
*
* @param \stdClass $user Drupal user profile
* @param array|null $edit Data from request
*
* @return array
*/
protected function getProfileDataLogin(\stdClass $user, $edit)
{
$data = $this->getProfileData($user, $edit, false);
// On the "Reset password" page user can log in without entering a password.
// It's the reason to introduce the "log in using secret token" approach
list($result, $timestamp, $hash) = $this->isResetPasswordPage();
// Only start LC log in procedure after Drupal hash string is checked
if ($result && user_pass_rehash($data['password'], $timestamp, $data['login_time']) === $hash) {
$token = \XLite\Core\Converter::generateRandomToken();
// Save token in session and pass it to LC controller. Strings must match
$data[\XLite\Controller\Customer\Login::SECURE_TOKEN] = $token;
\XLite\Core\Auth::getInstance()->setSecureHash($token);
}
return $data;
}
