Пример #1
0
 public function forgotPassword($idclient, $pass)
 {
     $hash = new \PasswordHash\PasswordHash();
     $sql = 'UPDATE client SET password = :password WHERE idclient = :idclient';
     $stmt = Db::getInstance()->prepare($sql);
     $stmt->bindValue('idclient', $idclient);
     $stmt->bindValue('password', $hash->HashPassword($pass));
     try {
         $stmt->execute();
     } catch (Exception $e) {
         throw new FrontendException($e->getMessage());
     }
     return true;
 }
Пример #2
0
 public function authProccessQuick($login, $password, $autologin)
 {
     $objResponse = new xajaxResponse();
     $login = App::getModel('formprotection')->cropDangerousCode($login);
     $password = App::getModel('formprotection')->cropDangerousCode($password);
     $hash = new \PasswordHash\PasswordHash();
     $sql = 'SELECT idclient,disable,password FROM client WHERE login = :login AND viewid=:viewid';
     $stmt = Db::getInstance()->prepare($sql);
     $stmt->bindValue('login', $hash->HashLogin($login));
     $stmt->bindValue('viewid', Helper::getViewId());
     $stmt->execute();
     $rs = $stmt->fetch();
     if ($rs) {
         if ($rs['disable'] == 0) {
             if ($hash->CheckPassword($password, $rs['password'])) {
                 $result = $rs['idclient'];
             } else {
                 $result = 0;
             }
         } else {
             $result = -1;
         }
     } else {
         $result = 0;
     }
     if ($result > 0) {
         if (isset($result)) {
             App::getModel('clientlogin')->setAutologinKey($result);
         }
         Session::setActiveClientid($result);
         $this->checkClientGroup();
         $this->setLoginTime();
         App::getModel('client')->saveClientData();
         $misingCart = App::getModel('missingcart')->checkMissingCartForClient(Session::getActiveClientid());
         if (is_array($misingCart) && $misingCart != 0) {
             App::getModel('cart')->addProductsToCartFromMissingCart($misingCart);
             App::getModel('missingcart')->cleanMissingCart(Session::getActiveClientid());
         }
         $objResponse->script("window.location.reload(false);");
     } elseif ($result < 0) {
         $message = _('TXT_BLOKED_USER');
         $objResponse->assign("login-error", "innerHTML", $message);
         $objResponse->script("\$('#login-error').show();");
     } else {
         $message = _('ERR_BAD_LOGIN_OR_PASSWORD');
         $objResponse->assign("login-error", "innerHTML", $message);
         $objResponse->script("\$('#login-error').show();");
     }
     return $objResponse;
 }
Пример #3
0
    protected function addOrder($Data)
    {
        Db::getInstance()->beginTransaction();
        $email = $Data['email'];
        $password = Core::passwordGenerate();
        $hash = new \PasswordHash\PasswordHash();
        $sql = 'SELECT idclient FROM client WHERE login = :login';
        $stmt = Db::getInstance()->prepare($sql);
        $stmt->bindValue('login', $hash->HashLogin($email));
        $stmt->execute();
        $rs = $stmt->fetch();
        if ($rs) {
            // Update
        } else {
            $sql = 'INSERT INTO client (login, password, disable, viewid)
					VALUES (:login, :password, :disable, :viewid)';
            $stmt = Db::getInstance()->prepare($sql);
            $stmt->bindValue('login', $hash->HashLogin($email));
            $stmt->bindValue('password', $hash->HashPassword($password));
            $stmt->bindValue('disable', isset($Data['disable']) ? $Data['disable'] : 0);
            $stmt->bindValue('viewid', Helper::getViewId());
            try {
                $stmt->execute();
            } catch (Exception $e) {
                throw new FrontendException($e->getMessage());
            }
            $idClient = Db::getInstance()->lastInsertId();
            $sql = 'INSERT INTO clientdata SET
					firstname = AES_ENCRYPT(:firstname, :encryptionKey),
					surname = AES_ENCRYPT(:surname, :encryptionKey),
					email = AES_ENCRYPT(:email, :encryptionKey),
					phone = AES_ENCRYPT(:phone, :encryptionKey),
					phone2 = AES_ENCRYPT(:phone2, :encryptionKey),
					description = AES_ENCRYPT(:description, :encryptionKey),
					clientgroupid = 10,
					clientid = :clientid
			';
            $stmt = Db::getInstance()->prepare($sql);
            $stmt->bindValue('clientid', $idClient);
            $stmt->bindValue('firstname', $Data['firstname']);
            $stmt->bindValue('surname', $Data['surname']);
            $stmt->bindValue('email', $Data['email']);
            $stmt->bindValue('phone', $Data['phone']);
            $stmt->bindValue('phone2', !empty($Data['phone2']) ? $Data['phone2'] : '');
            $stmt->bindValue('description', !empty($Data['description']) ? $Data['description'] : '');
            $stmt->bindValue('encryptionKey', Session::getActiveEncryptionKeyValue());
            try {
                $stmt->execute();
            } catch (Exception $e) {
                throw new FrontendException($e->getMessage());
            }
            $sql = 'INSERT INTO clientaddress SET
					clientid	= :clientid,
					main		= :main,
					firstname 	= AES_ENCRYPT(:firstname, :encryptionKey),
					surname   	= AES_ENCRYPT(:surname, :encryptionKey),
					companyname	= AES_ENCRYPT(:companyname, :encryptionKey),
					street		= AES_ENCRYPT(:street, :encryptionKey),
					streetno	= AES_ENCRYPT(:streetno, :encryptionKey),
					placeno		= AES_ENCRYPT(:placeno, :encryptionKey),
					postcode	= AES_ENCRYPT(:postcode, :encryptionKey),
					nip		= AES_ENCRYPT(:nip, :encryptionKey),
					placename	= AES_ENCRYPT(:placename, :encryptionKey),
					countryid	= :countryid
				ON DUPLICATE KEY UPDATE
					firstname 	= AES_ENCRYPT(:firstname, :encryptionKey),
					surname   	= AES_ENCRYPT(:surname, :encryptionKey),
					companyname	= AES_ENCRYPT(:companyname, :encryptionKey),
					street		= AES_ENCRYPT(:street, :encryptionKey),
					streetno	= AES_ENCRYPT(:streetno, :encryptionKey),
					placeno		= AES_ENCRYPT(:placeno, :encryptionKey),
					postcode	= AES_ENCRYPT(:postcode, :encryptionKey),
					nip		= AES_ENCRYPT(:nip, :encryptionKey),
					placename	= AES_ENCRYPT(:placename, :encryptionKey),
					countryid	= :countryid';
            $stmt = Db::getInstance()->prepare($sql);
            $stmt->bindValue('encryptionKey', Session::getActiveEncryptionKeyValue());
            $stmt->bindValue('clientid', $idClient);
            $stmt->bindValue('main', 1);
            $stmt->bindValue('firstname', $Data['firstname']);
            $stmt->bindValue('surname', $Data['surname']);
            $stmt->bindValue('companyname', $Data['companyname']);
            $stmt->bindValue('street', $Data['street']);
            $stmt->bindValue('streetno', $Data['streetno']);
            $stmt->bindValue('postcode', $Data['postcode']);
            $stmt->bindValue('placeno', $Data['placeno']);
            $stmt->bindValue('nip', $Data['nip']);
            $stmt->bindValue('placename', $Data['placename']);
            $stmt->bindValue('countryid', $this->getCountryByName($Data['country']));
            try {
                $stmt->execute();
            } catch (Exception $e) {
                throw new FrontendException($e->getMessage());
            }
            $sql = 'INSERT INTO clientaddress SET
					clientid	= :clientid,
					main		= :main,
					firstname 	= AES_ENCRYPT(:firstname, :encryptionKey),
					surname   	= AES_ENCRYPT(:surname, :encryptionKey),
					companyname	= AES_ENCRYPT(:companyname, :encryptionKey),
					street		= AES_ENCRYPT(:street, :encryptionKey),
					streetno	= AES_ENCRYPT(:streetno, :encryptionKey),
					placeno		= AES_ENCRYPT(:placeno, :encryptionKey),
					postcode	= AES_ENCRYPT(:postcode, :encryptionKey),
					nip		= AES_ENCRYPT(:nip, :encryptionKey),
					placename	= AES_ENCRYPT(:placename, :encryptionKey),
					countryid	= :countryid
				ON DUPLICATE KEY UPDATE
					firstname 	= AES_ENCRYPT(:firstname, :encryptionKey),
					surname   	= AES_ENCRYPT(:surname, :encryptionKey),
					companyname	= AES_ENCRYPT(:companyname, :encryptionKey),
					street		= AES_ENCRYPT(:street, :encryptionKey),
					streetno	= AES_ENCRYPT(:streetno, :encryptionKey),
					placeno		= AES_ENCRYPT(:placeno, :encryptionKey),
					postcode	= AES_ENCRYPT(:postcode, :encryptionKey),
					nip		= AES_ENCRYPT(:nip, :encryptionKey),
					placename	= AES_ENCRYPT(:placename, :encryptionKey),
					countryid	= :countryid';
            $stmt = Db::getInstance()->prepare($sql);
            $stmt->bindValue('encryptionKey', Session::getActiveEncryptionKeyValue());
            $stmt->bindValue('clientid', $idClient);
            $stmt->bindValue('main', 0);
            $stmt->bindValue('firstname', $Data['firstname']);
            $stmt->bindValue('surname', $Data['surname']);
            $stmt->bindValue('companyname', $Data['companyname']);
            $stmt->bindValue('street', !empty($Data['street2']) ? $Data['street2'] : $Data['street']);
            $stmt->bindValue('streetno', !empty($Data['streetno2']) ? $Data['streetno2'] : $Data['streetno']);
            $stmt->bindValue('postcode', !empty($Data['postcode2']) ? $Data['postcode2'] : $Data['postcode']);
            $stmt->bindValue('placeno', !empty($Data['placeno2']) ? $Data['placeno2'] : $Data['placeno']);
            $stmt->bindValue('nip', $Data['nip']);
            $stmt->bindValue('placename', !empty($Data['placename2']) ? $Data['placename2'] : $Data['placename']);
            $stmt->bindValue('countryid', $this->getCountryByName(!empty($Data['country2']) ? $Data['country2'] : $Data['country']));
            try {
                $stmt->execute();
            } catch (Exception $e) {
                throw new FrontendException($e->getMessage());
            }
        }
        Db::getInstance()->commit();
    }
Пример #4
0
    public function editClientActive($active, $id, $viewid, $login, $autoassign)
    {
        $hash = new \PasswordHash\PasswordHash();
        $sql = 'UPDATE client SET 
					disable		=	:disable, 
					viewid		=	:viewid,
					login		=	:login,
					autoassign	=	:autoassign
				WHERE idclient=:id';
        $stmt = Db::getInstance()->prepare($sql);
        $stmt->bindValue('disable', (int) $active);
        $stmt->bindValue('viewid', $viewid);
        $stmt->bindValue('autoassign', $autoassign);
        $stmt->bindValue('id', $id);
        $stmt->bindValue('login', $hash->HashLogin($login));
        try {
            $stmt->execute();
        } catch (Exception $e) {
            throw new CoreException(_('ERR_CLIENT_ACTIVE_UPDATE'), 1, $e->getMessage());
        }
        if ((int) $active == 1) {
            $sql = 'DELETE FROM sessionhandler WHERE clientid = :id';
            $stmt = Db::getInstance()->prepare($sql);
            $stmt->bindValue('id', $id);
            try {
                $stmt->execute();
            } catch (Exception $e) {
                throw new CoreException(_('ERR_CLIENT_ACTIVE_UPDATE'), 1, $e->getMessage());
            }
        }
        return true;
    }
Пример #5
0
    public function changeUsersPassword($id, $password)
    {
        $hash = new \PasswordHash\PasswordHash();
        $sql = 'UPDATE user SET password=:password
					WHERE iduser=:id';
        $stmt = Db::getInstance()->prepare($sql);
        $stmt->bindValue('password', $hash->HashPassword($password));
        $stmt->bindValue('id', $id);
        try {
            $stmt->execute();
        } catch (Exception $e) {
            throw new CoreException(_('ERR_PASSWORD_USER_FORGOT'), 13, $e->getMessage());
            return false;
        }
        return true;
    }
Пример #6
0
 public function index()
 {
     $formPass = new SimpleForm\Form(array('name' => 'changePassword', 'action' => '', 'method' => 'post'));
     $oldPassword = $formPass->AddChild(new SimpleForm\Elements\Password(array('name' => 'password', 'label' => _('TXT_PASSWORD'), 'rules' => array(new SimpleForm\Rules\Required(_('ERR_EMPTY_PASSWORD'))))));
     $newPassword = $formPass->AddChild(new SimpleForm\Elements\Password(array('name' => 'newpassword', 'label' => _('TXT_PASSWORD_NEW'), 'rules' => array(new SimpleForm\Rules\Required(_('ERR_EMPTY_PASSWORD')), new SimpleForm\Rules\MinLength(_('ERR_PASSWORD_NEW_INVALID'), 6)))));
     $formPass->AddChild(new SimpleForm\Elements\Password(array('name' => 'confirmpassword', 'label' => _('TXT_PASSWORD_REPEAT'), 'rules' => array(new SimpleForm\Rules\Required(_('ERR_EMPTY_CONFIRM_PASSWORD')), new SimpleForm\Rules\Compare(_('ERR_PASSWORDS_NOT_COMPATIBILE'), $newPassword)))));
     if ($formPass->Validate()) {
         $formData = $formPass->getSubmitValues();
         $BaseTable = $this->model->getClientPass();
         $PostValidatePass = $formData['password'];
         $hash = new \PasswordHash\PasswordHash();
         if ($hash->CheckPassword($PostValidatePass, $BaseTable['password'])) {
             $this->model->updateClientPass($formData['newpassword']);
             $email = Session::getActiveClientEmail();
             $this->registry->template->assign('PASS_NEW', $formData['newpassword']);
             App::getModel('mailer')->sendEmail(array('template' => 'editPassword', 'email' => array($email), 'bcc' => false, 'subject' => _('TXT_PASSWORD_EDIT'), 'viewid' => Helper::getViewId()));
             Session::setVolatileChangePassOk(1, false);
             App::redirectUrl($this->registry->router->generate('frontend.clientsettings', true));
         } else {
             Session::setVolatileOldPassError(1, false);
         }
     }
     $this->registry->template->assign('formPass', $formPass->getForm());
     $erroroldpass = Session::getVolatileOldPassError();
     if ($erroroldpass[0] == 1) {
         $this->registry->template->assign('error', _('TXT_ERROR_OLD_PASSWORD'));
     }
     $changepassok = Session::getVolatileChangePassOk();
     if ($changepassok[0] == 1) {
         $this->registry->template->assign('success', _('TXT_DATA_CHANGED_MAIL_SEND'));
     }
     $formUserEmail = new SimpleForm\Form(array('name' => 'changeEmail', 'action' => '', 'method' => 'post'));
     $newEmail = $formUserEmail->AddChild(new SimpleForm\Elements\TextField(array('name' => 'email', 'label' => _('TXT_EMAIL'), 'rules' => array(new SimpleForm\Rules\Required(_('ERR_EMPTY_EMAIL')), new SimpleForm\Rules\Email(_('ERR_WRONG_EMAIL'))))));
     $formUserEmail->AddChild(new SimpleForm\Elements\TextField(array('name' => 'phone', 'label' => _('TXT_PHONE'), 'rules' => array(new SimpleForm\Rules\Required(_('ERR_EMPTY_PHONE')), new SimpleForm\Rules\Format(_('ERR_WRONG_FORMAT'), '/^[0-9 -+]+$/')))));
     $formUserEmail->AddChild(new SimpleForm\Elements\TextField(array('name' => 'phone2', 'label' => _('TXT_ADDITIONAL_PHONE'), 'rules' => array(new SimpleForm\Rules\Format(_('ERR_WRONG_FORMAT'), '/^[0-9 -+]+$/')))));
     $clientData = App::getModel('client')->getClient();
     $formUserEmail->Populate(array('email' => $clientData['email'], 'phone' => $clientData['phone'], 'phone2' => $clientData['phone2']));
     if ($formUserEmail->Validate()) {
         $formData = $formUserEmail->getSubmitValues();
         $this->model->updateClientPhone($formData['phone'], $formData['phone2']);
         if ($clientData['email'] != $formData['email']) {
             $result = $this->model->checkClientNewMail($formData);
             if ($result == 0) {
                 $changedMail = $this->model->updateClientEmail($formData);
                 $changedLogin = $this->model->updateClientLogin($formData['email']);
                 Session::killSession();
                 App::redirectUrl($this->registry->router->generate('frontend.clientlogin', true, array('param' => 'changed')));
             } else {
                 Session::setVolatileUserEmailDuplicateError(1, false);
             }
         } else {
             Session::setVolatileUserSettingsSaved(1, false);
         }
         App::redirectUrl($this->registry->router->generate('frontend.clientsettings', true));
     }
     $registrationok = Session::getVolatileRegistrationOk();
     if ($registrationok[0] == 1) {
         $this->registry->template->assign('registrationok', _('TXT_REGISTER_USER_OK'));
     }
     $errorMail = Session::getVolatileUserEmailDuplicateError();
     if ($errorMail[0] == 1) {
         $this->registry->template->assign('duplicateMailError', _('ERR_DUPLICATE_EMAIL'));
     }
     $settingsChanged = Session::getVolatileUserSettingsSaved();
     if ($settingsChanged[0] == 1) {
         $this->registry->template->assign('settingsSaved', _('TXT_SETTINGS_SAVED'));
     }
     $this->registry->template->assign('formEmail', $formUserEmail->getForm());
     $changedPasswd = Session::getVolatilePasswordChanged();
     if ($changedPasswd[0] == 1) {
         $this->registry->template->assign('changedPasswd', _('TXT_PASSWORD_CHANGED'));
     }
     return $this->registry->template->fetch($this->loadTemplate('index.tpl'));
 }
Пример #7
0
    protected function addUser($email, $password, $active = 1)
    {
        if ($email == '') {
            throw new CoreException(_('TXT_WRONG_EMAIL'), 1001, 'Email is blank -> mysql fix');
        }
        if ($password == NULL) {
            $password = '******';
        }
        $hash = new \PasswordHash\PasswordHash();
        $sql = 'INSERT INTO user SET
					login = :login,
					password = :password,
					active = :active';
        $stmt = Db::getInstance()->prepare($sql);
        $stmt->bindValue('login', $hash->HashLogin($email));
        $stmt->bindValue('password', $hash->HashPassword($password));
        $stmt->bindValue('active', $active);
        try {
            $stmt->execute();
        } catch (Exception $e) {
            throw new CoreException(_('ERR_USER_ADD'), 20, $e->getMessage());
        }
        return Db::getInstance()->lastInsertId();
    }
Пример #8
0
 public function updateClientLogin($login)
 {
     if (isset($login) && !empty($login)) {
         $hash = new \PasswordHash\PasswordHash();
         $sql = 'UPDATE client SET login = :login WHERE idclient = :idclient';
         $stmt = Db::getInstance()->prepare($sql);
         $stmt->bindValue('login', $hash->HashLogin($login));
         $stmt->bindValue('idclient', Session::getActiveClientid());
         try {
             $stmt->execute();
         } catch (Exception $e) {
             throw new FrontendException(_('ERR_LOGIN_CLIENT_UPDATE'), 18, $e->getMessage());
         }
     }
 }