public function forgotPassword($idclient, $pass) { $hash = new \PasswordHash\PasswordHash(); $sql = 'UPDATE client SET password = :password WHERE idclient = :idclient'; $stmt = Db::getInstance()->prepare($sql); $stmt->bindValue('idclient', $idclient); $stmt->bindValue('password', $hash->HashPassword($pass)); try { $stmt->execute(); } catch (Exception $e) { throw new FrontendException($e->getMessage()); } return true; }
public function authProccessQuick($login, $password, $autologin) { $objResponse = new xajaxResponse(); $login = App::getModel('formprotection')->cropDangerousCode($login); $password = App::getModel('formprotection')->cropDangerousCode($password); $hash = new \PasswordHash\PasswordHash(); $sql = 'SELECT idclient,disable,password FROM client WHERE login = :login AND viewid=:viewid'; $stmt = Db::getInstance()->prepare($sql); $stmt->bindValue('login', $hash->HashLogin($login)); $stmt->bindValue('viewid', Helper::getViewId()); $stmt->execute(); $rs = $stmt->fetch(); if ($rs) { if ($rs['disable'] == 0) { if ($hash->CheckPassword($password, $rs['password'])) { $result = $rs['idclient']; } else { $result = 0; } } else { $result = -1; } } else { $result = 0; } if ($result > 0) { if (isset($result)) { App::getModel('clientlogin')->setAutologinKey($result); } Session::setActiveClientid($result); $this->checkClientGroup(); $this->setLoginTime(); App::getModel('client')->saveClientData(); $misingCart = App::getModel('missingcart')->checkMissingCartForClient(Session::getActiveClientid()); if (is_array($misingCart) && $misingCart != 0) { App::getModel('cart')->addProductsToCartFromMissingCart($misingCart); App::getModel('missingcart')->cleanMissingCart(Session::getActiveClientid()); } $objResponse->script("window.location.reload(false);"); } elseif ($result < 0) { $message = _('TXT_BLOKED_USER'); $objResponse->assign("login-error", "innerHTML", $message); $objResponse->script("\$('#login-error').show();"); } else { $message = _('ERR_BAD_LOGIN_OR_PASSWORD'); $objResponse->assign("login-error", "innerHTML", $message); $objResponse->script("\$('#login-error').show();"); } return $objResponse; }
protected function addOrder($Data) { Db::getInstance()->beginTransaction(); $email = $Data['email']; $password = Core::passwordGenerate(); $hash = new \PasswordHash\PasswordHash(); $sql = 'SELECT idclient FROM client WHERE login = :login'; $stmt = Db::getInstance()->prepare($sql); $stmt->bindValue('login', $hash->HashLogin($email)); $stmt->execute(); $rs = $stmt->fetch(); if ($rs) { // Update } else { $sql = 'INSERT INTO client (login, password, disable, viewid) VALUES (:login, :password, :disable, :viewid)'; $stmt = Db::getInstance()->prepare($sql); $stmt->bindValue('login', $hash->HashLogin($email)); $stmt->bindValue('password', $hash->HashPassword($password)); $stmt->bindValue('disable', isset($Data['disable']) ? $Data['disable'] : 0); $stmt->bindValue('viewid', Helper::getViewId()); try { $stmt->execute(); } catch (Exception $e) { throw new FrontendException($e->getMessage()); } $idClient = Db::getInstance()->lastInsertId(); $sql = 'INSERT INTO clientdata SET firstname = AES_ENCRYPT(:firstname, :encryptionKey), surname = AES_ENCRYPT(:surname, :encryptionKey), email = AES_ENCRYPT(:email, :encryptionKey), phone = AES_ENCRYPT(:phone, :encryptionKey), phone2 = AES_ENCRYPT(:phone2, :encryptionKey), description = AES_ENCRYPT(:description, :encryptionKey), clientgroupid = 10, clientid = :clientid '; $stmt = Db::getInstance()->prepare($sql); $stmt->bindValue('clientid', $idClient); $stmt->bindValue('firstname', $Data['firstname']); $stmt->bindValue('surname', $Data['surname']); $stmt->bindValue('email', $Data['email']); $stmt->bindValue('phone', $Data['phone']); $stmt->bindValue('phone2', !empty($Data['phone2']) ? $Data['phone2'] : ''); $stmt->bindValue('description', !empty($Data['description']) ? $Data['description'] : ''); $stmt->bindValue('encryptionKey', Session::getActiveEncryptionKeyValue()); try { $stmt->execute(); } catch (Exception $e) { throw new FrontendException($e->getMessage()); } $sql = 'INSERT INTO clientaddress SET clientid = :clientid, main = :main, firstname = AES_ENCRYPT(:firstname, :encryptionKey), surname = AES_ENCRYPT(:surname, :encryptionKey), companyname = AES_ENCRYPT(:companyname, :encryptionKey), street = AES_ENCRYPT(:street, :encryptionKey), streetno = AES_ENCRYPT(:streetno, :encryptionKey), placeno = AES_ENCRYPT(:placeno, :encryptionKey), postcode = AES_ENCRYPT(:postcode, :encryptionKey), nip = AES_ENCRYPT(:nip, :encryptionKey), placename = AES_ENCRYPT(:placename, :encryptionKey), countryid = :countryid ON DUPLICATE KEY UPDATE firstname = AES_ENCRYPT(:firstname, :encryptionKey), surname = AES_ENCRYPT(:surname, :encryptionKey), companyname = AES_ENCRYPT(:companyname, :encryptionKey), street = AES_ENCRYPT(:street, :encryptionKey), streetno = AES_ENCRYPT(:streetno, :encryptionKey), placeno = AES_ENCRYPT(:placeno, :encryptionKey), postcode = AES_ENCRYPT(:postcode, :encryptionKey), nip = AES_ENCRYPT(:nip, :encryptionKey), placename = AES_ENCRYPT(:placename, :encryptionKey), countryid = :countryid'; $stmt = Db::getInstance()->prepare($sql); $stmt->bindValue('encryptionKey', Session::getActiveEncryptionKeyValue()); $stmt->bindValue('clientid', $idClient); $stmt->bindValue('main', 1); $stmt->bindValue('firstname', $Data['firstname']); $stmt->bindValue('surname', $Data['surname']); $stmt->bindValue('companyname', $Data['companyname']); $stmt->bindValue('street', $Data['street']); $stmt->bindValue('streetno', $Data['streetno']); $stmt->bindValue('postcode', $Data['postcode']); $stmt->bindValue('placeno', $Data['placeno']); $stmt->bindValue('nip', $Data['nip']); $stmt->bindValue('placename', $Data['placename']); $stmt->bindValue('countryid', $this->getCountryByName($Data['country'])); try { $stmt->execute(); } catch (Exception $e) { throw new FrontendException($e->getMessage()); } $sql = 'INSERT INTO clientaddress SET clientid = :clientid, main = :main, firstname = AES_ENCRYPT(:firstname, :encryptionKey), surname = AES_ENCRYPT(:surname, :encryptionKey), companyname = AES_ENCRYPT(:companyname, :encryptionKey), street = AES_ENCRYPT(:street, :encryptionKey), streetno = AES_ENCRYPT(:streetno, :encryptionKey), placeno = AES_ENCRYPT(:placeno, :encryptionKey), postcode = AES_ENCRYPT(:postcode, :encryptionKey), nip = AES_ENCRYPT(:nip, :encryptionKey), placename = AES_ENCRYPT(:placename, :encryptionKey), countryid = :countryid ON DUPLICATE KEY UPDATE firstname = AES_ENCRYPT(:firstname, :encryptionKey), surname = AES_ENCRYPT(:surname, :encryptionKey), companyname = AES_ENCRYPT(:companyname, :encryptionKey), street = AES_ENCRYPT(:street, :encryptionKey), streetno = AES_ENCRYPT(:streetno, :encryptionKey), placeno = AES_ENCRYPT(:placeno, :encryptionKey), postcode = AES_ENCRYPT(:postcode, :encryptionKey), nip = AES_ENCRYPT(:nip, :encryptionKey), placename = AES_ENCRYPT(:placename, :encryptionKey), countryid = :countryid'; $stmt = Db::getInstance()->prepare($sql); $stmt->bindValue('encryptionKey', Session::getActiveEncryptionKeyValue()); $stmt->bindValue('clientid', $idClient); $stmt->bindValue('main', 0); $stmt->bindValue('firstname', $Data['firstname']); $stmt->bindValue('surname', $Data['surname']); $stmt->bindValue('companyname', $Data['companyname']); $stmt->bindValue('street', !empty($Data['street2']) ? $Data['street2'] : $Data['street']); $stmt->bindValue('streetno', !empty($Data['streetno2']) ? $Data['streetno2'] : $Data['streetno']); $stmt->bindValue('postcode', !empty($Data['postcode2']) ? $Data['postcode2'] : $Data['postcode']); $stmt->bindValue('placeno', !empty($Data['placeno2']) ? $Data['placeno2'] : $Data['placeno']); $stmt->bindValue('nip', $Data['nip']); $stmt->bindValue('placename', !empty($Data['placename2']) ? $Data['placename2'] : $Data['placename']); $stmt->bindValue('countryid', $this->getCountryByName(!empty($Data['country2']) ? $Data['country2'] : $Data['country'])); try { $stmt->execute(); } catch (Exception $e) { throw new FrontendException($e->getMessage()); } } Db::getInstance()->commit(); }
public function editClientActive($active, $id, $viewid, $login, $autoassign) { $hash = new \PasswordHash\PasswordHash(); $sql = 'UPDATE client SET disable = :disable, viewid = :viewid, login = :login, autoassign = :autoassign WHERE idclient=:id'; $stmt = Db::getInstance()->prepare($sql); $stmt->bindValue('disable', (int) $active); $stmt->bindValue('viewid', $viewid); $stmt->bindValue('autoassign', $autoassign); $stmt->bindValue('id', $id); $stmt->bindValue('login', $hash->HashLogin($login)); try { $stmt->execute(); } catch (Exception $e) { throw new CoreException(_('ERR_CLIENT_ACTIVE_UPDATE'), 1, $e->getMessage()); } if ((int) $active == 1) { $sql = 'DELETE FROM sessionhandler WHERE clientid = :id'; $stmt = Db::getInstance()->prepare($sql); $stmt->bindValue('id', $id); try { $stmt->execute(); } catch (Exception $e) { throw new CoreException(_('ERR_CLIENT_ACTIVE_UPDATE'), 1, $e->getMessage()); } } return true; }
public function changeUsersPassword($id, $password) { $hash = new \PasswordHash\PasswordHash(); $sql = 'UPDATE user SET password=:password WHERE iduser=:id'; $stmt = Db::getInstance()->prepare($sql); $stmt->bindValue('password', $hash->HashPassword($password)); $stmt->bindValue('id', $id); try { $stmt->execute(); } catch (Exception $e) { throw new CoreException(_('ERR_PASSWORD_USER_FORGOT'), 13, $e->getMessage()); return false; } return true; }
public function index() { $formPass = new SimpleForm\Form(array('name' => 'changePassword', 'action' => '', 'method' => 'post')); $oldPassword = $formPass->AddChild(new SimpleForm\Elements\Password(array('name' => 'password', 'label' => _('TXT_PASSWORD'), 'rules' => array(new SimpleForm\Rules\Required(_('ERR_EMPTY_PASSWORD')))))); $newPassword = $formPass->AddChild(new SimpleForm\Elements\Password(array('name' => 'newpassword', 'label' => _('TXT_PASSWORD_NEW'), 'rules' => array(new SimpleForm\Rules\Required(_('ERR_EMPTY_PASSWORD')), new SimpleForm\Rules\MinLength(_('ERR_PASSWORD_NEW_INVALID'), 6))))); $formPass->AddChild(new SimpleForm\Elements\Password(array('name' => 'confirmpassword', 'label' => _('TXT_PASSWORD_REPEAT'), 'rules' => array(new SimpleForm\Rules\Required(_('ERR_EMPTY_CONFIRM_PASSWORD')), new SimpleForm\Rules\Compare(_('ERR_PASSWORDS_NOT_COMPATIBILE'), $newPassword))))); if ($formPass->Validate()) { $formData = $formPass->getSubmitValues(); $BaseTable = $this->model->getClientPass(); $PostValidatePass = $formData['password']; $hash = new \PasswordHash\PasswordHash(); if ($hash->CheckPassword($PostValidatePass, $BaseTable['password'])) { $this->model->updateClientPass($formData['newpassword']); $email = Session::getActiveClientEmail(); $this->registry->template->assign('PASS_NEW', $formData['newpassword']); App::getModel('mailer')->sendEmail(array('template' => 'editPassword', 'email' => array($email), 'bcc' => false, 'subject' => _('TXT_PASSWORD_EDIT'), 'viewid' => Helper::getViewId())); Session::setVolatileChangePassOk(1, false); App::redirectUrl($this->registry->router->generate('frontend.clientsettings', true)); } else { Session::setVolatileOldPassError(1, false); } } $this->registry->template->assign('formPass', $formPass->getForm()); $erroroldpass = Session::getVolatileOldPassError(); if ($erroroldpass[0] == 1) { $this->registry->template->assign('error', _('TXT_ERROR_OLD_PASSWORD')); } $changepassok = Session::getVolatileChangePassOk(); if ($changepassok[0] == 1) { $this->registry->template->assign('success', _('TXT_DATA_CHANGED_MAIL_SEND')); } $formUserEmail = new SimpleForm\Form(array('name' => 'changeEmail', 'action' => '', 'method' => 'post')); $newEmail = $formUserEmail->AddChild(new SimpleForm\Elements\TextField(array('name' => 'email', 'label' => _('TXT_EMAIL'), 'rules' => array(new SimpleForm\Rules\Required(_('ERR_EMPTY_EMAIL')), new SimpleForm\Rules\Email(_('ERR_WRONG_EMAIL')))))); $formUserEmail->AddChild(new SimpleForm\Elements\TextField(array('name' => 'phone', 'label' => _('TXT_PHONE'), 'rules' => array(new SimpleForm\Rules\Required(_('ERR_EMPTY_PHONE')), new SimpleForm\Rules\Format(_('ERR_WRONG_FORMAT'), '/^[0-9 -+]+$/'))))); $formUserEmail->AddChild(new SimpleForm\Elements\TextField(array('name' => 'phone2', 'label' => _('TXT_ADDITIONAL_PHONE'), 'rules' => array(new SimpleForm\Rules\Format(_('ERR_WRONG_FORMAT'), '/^[0-9 -+]+$/'))))); $clientData = App::getModel('client')->getClient(); $formUserEmail->Populate(array('email' => $clientData['email'], 'phone' => $clientData['phone'], 'phone2' => $clientData['phone2'])); if ($formUserEmail->Validate()) { $formData = $formUserEmail->getSubmitValues(); $this->model->updateClientPhone($formData['phone'], $formData['phone2']); if ($clientData['email'] != $formData['email']) { $result = $this->model->checkClientNewMail($formData); if ($result == 0) { $changedMail = $this->model->updateClientEmail($formData); $changedLogin = $this->model->updateClientLogin($formData['email']); Session::killSession(); App::redirectUrl($this->registry->router->generate('frontend.clientlogin', true, array('param' => 'changed'))); } else { Session::setVolatileUserEmailDuplicateError(1, false); } } else { Session::setVolatileUserSettingsSaved(1, false); } App::redirectUrl($this->registry->router->generate('frontend.clientsettings', true)); } $registrationok = Session::getVolatileRegistrationOk(); if ($registrationok[0] == 1) { $this->registry->template->assign('registrationok', _('TXT_REGISTER_USER_OK')); } $errorMail = Session::getVolatileUserEmailDuplicateError(); if ($errorMail[0] == 1) { $this->registry->template->assign('duplicateMailError', _('ERR_DUPLICATE_EMAIL')); } $settingsChanged = Session::getVolatileUserSettingsSaved(); if ($settingsChanged[0] == 1) { $this->registry->template->assign('settingsSaved', _('TXT_SETTINGS_SAVED')); } $this->registry->template->assign('formEmail', $formUserEmail->getForm()); $changedPasswd = Session::getVolatilePasswordChanged(); if ($changedPasswd[0] == 1) { $this->registry->template->assign('changedPasswd', _('TXT_PASSWORD_CHANGED')); } return $this->registry->template->fetch($this->loadTemplate('index.tpl')); }
protected function addUser($email, $password, $active = 1) { if ($email == '') { throw new CoreException(_('TXT_WRONG_EMAIL'), 1001, 'Email is blank -> mysql fix'); } if ($password == NULL) { $password = '******'; } $hash = new \PasswordHash\PasswordHash(); $sql = 'INSERT INTO user SET login = :login, password = :password, active = :active'; $stmt = Db::getInstance()->prepare($sql); $stmt->bindValue('login', $hash->HashLogin($email)); $stmt->bindValue('password', $hash->HashPassword($password)); $stmt->bindValue('active', $active); try { $stmt->execute(); } catch (Exception $e) { throw new CoreException(_('ERR_USER_ADD'), 20, $e->getMessage()); } return Db::getInstance()->lastInsertId(); }
public function updateClientLogin($login) { if (isset($login) && !empty($login)) { $hash = new \PasswordHash\PasswordHash(); $sql = 'UPDATE client SET login = :login WHERE idclient = :idclient'; $stmt = Db::getInstance()->prepare($sql); $stmt->bindValue('login', $hash->HashLogin($login)); $stmt->bindValue('idclient', Session::getActiveClientid()); try { $stmt->execute(); } catch (Exception $e) { throw new FrontendException(_('ERR_LOGIN_CLIENT_UPDATE'), 18, $e->getMessage()); } } }