public function processForgot() { if (_PS_MODE_DEMO_) { $this->errors[] = Tools::displayError('This functionality has been disabled.'); } elseif (!($email = trim(Tools::getValue('email_forgot')))) { $this->errors[] = Tools::displayError('Email is empty.'); } elseif (!Validate::isEmail($email)) { $this->errors[] = Tools::displayError('Invalid email address.'); } else { $employee = new Employee(); if (!$employee->getByEmail($email) || !$employee) { $this->errors[] = Tools::displayError('This account does not exist.'); } elseif (strtotime($employee->last_passwd_gen . '+' . Configuration::get('PS_PASSWD_TIME_BACK') . ' minutes') - time() > 0) { $this->errors[] = sprintf(Tools::displayError('You can regenerate your password only every %d minute(s)'), Configuration::get('PS_PASSWD_TIME_BACK')); } } if (!count($this->errors)) { $pwd = Tools::passwdGen(10, 'RANDOM'); $employee->passwd = Tools::encrypt($pwd); $employee->last_passwd_gen = date('Y-m-d H:i:s', time()); $params = array('{email}' => $employee->email, '{lastname}' => $employee->lastname, '{firstname}' => $employee->firstname, '{passwd}' => $pwd); if (Mail::Send($employee->id_lang, 'employee_password', Mail::l('Your new password', $employee->id_lang), $params, $employee->email, $employee->firstname . ' ' . $employee->lastname)) { // Update employee only if the mail can be sent Shop::setContext(Shop::CONTEXT_SHOP, (int) min($employee->getAssociatedShops())); $result = $employee->update(); if (!$result) { $this->errors[] = Tools::displayError('An error occurred while attempting to change your password.'); } else { die(Tools::jsonEncode(array('hasErrors' => false, 'confirm' => $this->l('Your password has been emailed to you.', 'AdminTab', false, false)))); } } else { die(Tools::jsonEncode(array('hasErrors' => true, 'errors' => array(Tools::displayError('An error occurred while attempting to change your password.'))))); } } elseif (Tools::isSubmit('ajax')) { die(Tools::jsonEncode(array('hasErrors' => true, 'errors' => $this->errors))); } }
public function hookActionObjectUpdateBefore($params) { // do not sync all updated object by default, // only if certain fields are updated self::$syncUpdatedObject = false; $object = $params['object']; // sync only if following fields are changed if ($object instanceof Employee) { $employee = new Employee(); $oldObject = $employee->getByEmail($object->email); if ($oldObject) { if ($object->lastname != $oldObject->lastname || $object->firstname != $oldObject->firstname || $object->email != $oldObject->email || $object->active != $oldObject->active) { self::$syncUpdatedObject = true; } } else { // sync if email change self::$syncUpdatedObject = true; } } elseif ($object instanceof Shop) { $oldShop = Shop::getShop($object->id); if ($object->name != $oldShop['name'] || $object->active != $oldShop['active']) { self::$syncUpdatedObject = true; } } }
public function processSave() { $employee = new Employee((int) Tools::getValue('id_employee')); // If the employee is editing its own account if ($this->restrict_edition) { $current_password = trim(Tools::getValue('old_passwd')); if (Tools::getValue('passwd') && (empty($current_password) || !Validate::isPasswdAdmin($current_password) || !$employee->getByEmail($employee->email, $current_password))) { $this->errors[] = Tools::displayError('Your current password is invalid.'); } elseif (Tools::getValue('passwd') && (!Tools::getValue('passwd2') || Tools::getValue('passwd') !== Tools::getValue('passwd2'))) { $this->errors[] = Tools::displayError('The confirmation password does not match.'); } $_POST['id_profile'] = $_GET['id_profile'] = $employee->id_profile; $_POST['active'] = $_GET['active'] = $employee->active; // Unset set shops foreach ($_POST as $postkey => $postvalue) { if (strstr($postkey, 'checkBoxShopAsso_' . $this->table) !== false) { unset($_POST[$postkey]); } } foreach ($_GET as $postkey => $postvalue) { if (strstr($postkey, 'checkBoxShopAsso_' . $this->table) !== false) { unset($_GET[$postkey]); } } // Add current shops associated to the employee $result = Shop::getShopById((int) $employee->id, $this->identifier, $this->table); foreach ($result as $row) { $key = 'checkBoxShopAsso_' . $this->table; if (!isset($_POST[$key])) { $_POST[$key] = array(); } if (!isset($_GET[$key])) { $_GET[$key] = array(); } $_POST[$key][$row['id_shop']] = 1; $_GET[$key][$row['id_shop']] = 1; } } else { $_POST['id_last_order'] = $employee->getLastElementsForNotify('order'); $_POST['id_last_customer_message'] = $employee->getLastElementsForNotify('customer_message'); $_POST['id_last_customer'] = $employee->getLastElementsForNotify('customer'); } //if profile is super admin, manually fill checkBoxShopAsso_employee because in the form they are disabled. if ($_POST['id_profile'] == _PS_ADMIN_PROFILE_) { $result = Db::getInstance()->executeS('SELECT id_shop FROM ' . _DB_PREFIX_ . 'shop'); foreach ($result as $row) { $key = 'checkBoxShopAsso_' . $this->table; if (!isset($_POST[$key])) { $_POST[$key] = array(); } if (!isset($_GET[$key])) { $_GET[$key] = array(); } $_POST[$key][$row['id_shop']] = 1; $_GET[$key][$row['id_shop']] = 1; } } if ($employee->isLastAdmin()) { if (Tools::getValue('id_profile') != (int) _PS_ADMIN_PROFILE_) { $this->errors[] = Tools::displayError('You should have at least one employee in the administrator group.'); return false; } if (Tools::getvalue('active') == 0) { $this->errors[] = Tools::displayError('You cannot disable or delete the administrator account.'); return false; } } if (Tools::getValue('bo_theme_css')) { $bo_theme = explode('|', Tools::getValue('bo_theme_css')); $_POST['bo_theme'] = $bo_theme[0]; if (!in_array($bo_theme[0], scandir(_PS_ADMIN_DIR_ . DIRECTORY_SEPARATOR . 'themes'))) { $this->errors[] = Tools::displayError('Invalid theme'); return false; } if (isset($bo_theme[1])) { $_POST['bo_css'] = $bo_theme[1]; } } $assos = $this->getSelectedAssoShop($this->table); if (!$assos && ($this->table = 'employee')) { if (Shop::isFeatureActive() && _PS_ADMIN_PROFILE_ != $_POST['id_profile']) { $this->errors[] = Tools::displayError('The employee must be associated with at least one shop.'); } } if (count($this->errors)) { return false; } return parent::processSave(); }
define('_PS_JSONAPI_DIR_', getcwd()); define('PS_JSONAPI_DIR', _PS_JSONAPI_DIR_); // Retro-compatibility include PS_JSONAPI_DIR . '/../config/config.inc.php'; include PS_JSONAPI_DIR . '/../admin12/functions.php'; if ($_SERVER['REQUEST_METHOD'] === 'GET') { $email = Tools::getValue('email'); $password = Tools::getValue('password'); $db = Db::getInstance(); if (empty($email) || empty($password)) { $res = false; $token = null; } else { $emp = new Employee(); $res = $emp->getByEmail($email, $password, true); if ($res) { $api_access = array("*****@*****.**", "*****@*****.**", "*****@*****.**", "*****@*****.**"); if ((int) $res->id_profile === 10 || in_array($email, $api_access)) { $token = $emp->generateToken($email); } else { $res = false; $token = null; } } } $response = array('auth_status' => $res ? 'success' : 'failure', 'token' => $token); $response = Tools::jsonEncode($response); $callback = Tools::getValue('callback', false); if ($callback) { $response = $callback . '(' . $response . ');';
public static function edit_employee($email, $password = NULL, $profile = NULL, $firstname = NULL, $lastname = NULL) { if (!Validate::isEmail($email)) { echo "{$email} is not a valid email address\n"; return false; } $employee = new Employee(); if (!$employee->getByEmail($email)) { echo "Could not find an employee with email {$email}\n"; return false; } if ($password != NULL) { $employee->passwd = md5(_COOKIE_KEY_ . $password); } if ($profile != NULL) { if (!Validate::isInt($profile)) { echo "{$profile} is not a valid profile ID\n"; return false; } $employee->id_profile = $profile; } if ($firstname != NULL) { $employee->firstname = $firstname; } if ($lastname != NULL) { $employee->lastname = $lastname; } $res = $employee->update(); if ($res) { echo "Successfully updated user {$email}\n"; return true; } else { echo "Error, could not update user {$email}\n"; return false; } }
<?php include_once dirname(__FILE__) . "/../../config/config.php"; if (array_key_exists('submitLogin', $_POST)) { $passwd = pSQL(Tools::getRequest('passwd')); $email = pSQL(Tools::getRequest('email')); if (!Validate::isEmail($email) or $passwd != NULL and !Validate::isPasswd($passwd)) { die(json_encode(array('hasErrors' => true, 'errors' => array('邮箱或密码不能为空!')))); } $employee = new Employee(); if ($employee->getByEmail($email) && $employee->passwd == Tools::encrypt($passwd)) { /* Creating cookie */ $cookie->ad_id_employee = $employee->id; $cookie->ad_name = $employee->name; $cookie->ad_email = $employee->email; $cookie->ad_passwd = $employee->passwd; $cookie->ad_remote_addr = ip2long(Tools::getRemoteAddr()); $cookie->write(); die(json_encode(array('hasErrors' => false))); } else { die(json_encode(array('hasErrors' => true, 'errors' => array('邮箱或密码有误!')))); } }
$key_default = 1; } } Configuration::updateValue('MPR_PS_Version', $Version); //$serv = _DB_SERVER_; //$user = _DB_USER_; //$pass = _DB_PASSWD_; $base = _DB_NAME_; $prefix = _DB_PREFIX_; //echo($base.",,".$prefix.",,".$key_default); echo $base . ",," . $prefix . ",," . $current_key; } } else { $employee = new Employee(); //ppp($employee); $is_employee_loaded = $employee->getByEmail($email, $password); if (!$is_employee_loaded) { echo "0,,employee logging has failed"; } else { $current_key = Configuration::get('MPR_Encryption_Key'); $key_default = 0; if ($current_key == "") { Configuration::updateValue('MPR_Encryption_Key', 'AABBCCDDEEFFGGHH'); $key_default = 1; $current_key = 'AABBCCDDEEFFGGHH'; } else { if ($current_key == 'AABBCCDDEEFFGGHH') { $key_default = 1; } } Configuration::updateValue('MPR_PS_Version', $Version);
public function processReset() { if (_PS_MODE_DEMO_) { $this->errors[] = $this->trans('This functionality has been disabled.', array(), 'Admin.Notifications.Error'); } elseif (!($reset_token_value = trim(Tools::getValue('reset_token')))) { // hidden fields $this->errors[] = $this->trans('Some identification information is missing.', array(), 'Admin.Login.Notification'); } elseif (!($id_employee = trim(Tools::getValue('id_employee')))) { $this->errors[] = $this->trans('Some identification information is missing.', array(), 'Admin.Login.Notification'); } elseif (!($reset_email = trim(Tools::getValue('reset_email')))) { $this->errors[] = $this->trans('Some identification information is missing.', array(), 'Admin.Login.Notification'); } elseif (!($reset_password = trim(Tools::getValue('reset_passwd')))) { // password (twice) $this->errors[] = $this->trans('The password is missing: please enter your new password.', array(), 'Admin.Login.Notification'); } elseif (!Validate::isPasswd($reset_password)) { $this->errors[] = $this->trans('The password is not in a valid format.', array(), 'Admin.Login.Notification'); } elseif (!($reset_confirm = trim(Tools::getValue('reset_confirm')))) { $this->errors[] = $this->trans('The confirmation is empty: please fill in the password confirmation as well.', array(), 'Admin.Login.Notification'); } elseif ($reset_password !== $reset_confirm) { $this->errors[] = $this->trans('The password and its confirmation do not match. Please double check both passwords.', array(), 'Admin.Login.Notification'); } else { $employee = new Employee(); if (!$employee->getByEmail($reset_email) || !$employee || $employee->id != $id_employee) { // check matching employee id with its email $this->errors[] = $this->trans('This account does not exist.', array(), 'Admin.Login.Notification'); } elseif (strtotime($employee->last_passwd_gen . '+' . Configuration::get('PS_PASSWD_TIME_BACK') . ' minutes') - time() > 0) { $this->errors[] = sprintf($this->trans('You can reset your password every %d minute(s) only. Please try again later.', array(), 'Admin.Login.Notification'), Configuration::get('PS_PASSWD_TIME_BACK')); } elseif ($employee->getValidResetPasswordToken() !== $reset_token_value) { // To update password, we must have the temporary reset token that matches. $this->errors[] = $this->trans('Your password reset request expired. Please start again.', array(), 'Admin.Login.Notification'); } } if (!count($this->errors)) { $employee->passwd = Tools::encrypt($reset_password); $employee->last_passwd_gen = date('Y-m-d H:i:s', time()); $params = array('{email}' => $employee->email, '{lastname}' => $employee->lastname, '{firstname}' => $employee->firstname); if (Mail::Send($employee->id_lang, 'password', Mail::l('Your new password', $employee->id_lang), $params, $employee->email, $employee->firstname . ' ' . $employee->lastname)) { // Update employee only if the mail can be sent Shop::setContext(Shop::CONTEXT_SHOP, (int) min($employee->getAssociatedShops())); $result = $employee->update(); if (!$result) { $this->errors[] = $this->trans('An error occurred while attempting to change your password.', array(), 'Admin.Login.Notification'); } else { $employee->removeResetPasswordToken(); // Delete temporary reset token $employee->update(); die(Tools::jsonEncode(array('hasErrors' => false, 'confirm' => $this->l('The password has been changed successfully.', 'AdminTab', false, false)))); } } else { die(Tools::jsonEncode(array('hasErrors' => true, 'errors' => array($this->trans('An error occurred while attempting to change your password.', array(), 'Admin.Login.Notification'))))); } } elseif (Tools::isSubmit('ajax')) { die(Tools::jsonEncode(array('hasErrors' => true, 'errors' => $this->errors))); } }