public function processForgot()
{
if (_PS_MODE_DEMO_) {
$this->errors[] = Tools::displayError('This functionality has been disabled.');
} elseif (!($email = trim(Tools::getValue('email_forgot')))) {
$this->errors[] = Tools::displayError('Email is empty.');
} elseif (!Validate::isEmail($email)) {
$this->errors[] = Tools::displayError('Invalid email address.');
} else {
$employee = new Employee();
if (!$employee->getByEmail($email) || !$employee) {
$this->errors[] = Tools::displayError('This account does not exist.');
} elseif (strtotime($employee->last_passwd_gen . '+' . Configuration::get('PS_PASSWD_TIME_BACK') . ' minutes') - time() > 0) {
$this->errors[] = sprintf(Tools::displayError('You can regenerate your password only every %d minute(s)'), Configuration::get('PS_PASSWD_TIME_BACK'));
}
}
if (!count($this->errors)) {
$pwd = Tools::passwdGen(10, 'RANDOM');
$employee->passwd = Tools::encrypt($pwd);
$employee->last_passwd_gen = date('Y-m-d H:i:s', time());
$params = array('{email}' => $employee->email, '{lastname}' => $employee->lastname, '{firstname}' => $employee->firstname, '{passwd}' => $pwd);
if (Mail::Send($employee->id_lang, 'employee_password', Mail::l('Your new password', $employee->id_lang), $params, $employee->email, $employee->firstname . ' ' . $employee->lastname)) {
// Update employee only if the mail can be sent
Shop::setContext(Shop::CONTEXT_SHOP, (int) min($employee->getAssociatedShops()));
$result = $employee->update();
if (!$result) {
$this->errors[] = Tools::displayError('An error occurred while attempting to change your password.');
} else {
die(Tools::jsonEncode(array('hasErrors' => false, 'confirm' => $this->l('Your password has been emailed to you.', 'AdminTab', false, false))));
}
} else {
die(Tools::jsonEncode(array('hasErrors' => true, 'errors' => array(Tools::displayError('An error occurred while attempting to change your password.')))));
}
} elseif (Tools::isSubmit('ajax')) {
die(Tools::jsonEncode(array('hasErrors' => true, 'errors' => $this->errors)));
}
}
public function hookActionObjectUpdateBefore($params)
{
// do not sync all updated object by default,
// only if certain fields are updated
self::$syncUpdatedObject = false;
$object = $params['object'];
// sync only if following fields are changed
if ($object instanceof Employee) {
$employee = new Employee();
$oldObject = $employee->getByEmail($object->email);
if ($oldObject) {
if ($object->lastname != $oldObject->lastname || $object->firstname != $oldObject->firstname || $object->email != $oldObject->email || $object->active != $oldObject->active) {
self::$syncUpdatedObject = true;
}
} else {
// sync if email change
self::$syncUpdatedObject = true;
}
} elseif ($object instanceof Shop) {
$oldShop = Shop::getShop($object->id);
if ($object->name != $oldShop['name'] || $object->active != $oldShop['active']) {
self::$syncUpdatedObject = true;
}
}
}
public function processSave()
{
$employee = new Employee((int) Tools::getValue('id_employee'));
// If the employee is editing its own account
if ($this->restrict_edition) {
$current_password = trim(Tools::getValue('old_passwd'));
if (Tools::getValue('passwd') && (empty($current_password) || !Validate::isPasswdAdmin($current_password) || !$employee->getByEmail($employee->email, $current_password))) {
$this->errors[] = Tools::displayError('Your current password is invalid.');
} elseif (Tools::getValue('passwd') && (!Tools::getValue('passwd2') || Tools::getValue('passwd') !== Tools::getValue('passwd2'))) {
$this->errors[] = Tools::displayError('The confirmation password does not match.');
}
$_POST['id_profile'] = $_GET['id_profile'] = $employee->id_profile;
$_POST['active'] = $_GET['active'] = $employee->active;
// Unset set shops
foreach ($_POST as $postkey => $postvalue) {
if (strstr($postkey, 'checkBoxShopAsso_' . $this->table) !== false) {
unset($_POST[$postkey]);
}
}
foreach ($_GET as $postkey => $postvalue) {
if (strstr($postkey, 'checkBoxShopAsso_' . $this->table) !== false) {
unset($_GET[$postkey]);
}
}
// Add current shops associated to the employee
$result = Shop::getShopById((int) $employee->id, $this->identifier, $this->table);
foreach ($result as $row) {
$key = 'checkBoxShopAsso_' . $this->table;
if (!isset($_POST[$key])) {
$_POST[$key] = array();
}
if (!isset($_GET[$key])) {
$_GET[$key] = array();
}
$_POST[$key][$row['id_shop']] = 1;
$_GET[$key][$row['id_shop']] = 1;
}
} else {
$_POST['id_last_order'] = $employee->getLastElementsForNotify('order');
$_POST['id_last_customer_message'] = $employee->getLastElementsForNotify('customer_message');
$_POST['id_last_customer'] = $employee->getLastElementsForNotify('customer');
}
//if profile is super admin, manually fill checkBoxShopAsso_employee because in the form they are disabled.
if ($_POST['id_profile'] == _PS_ADMIN_PROFILE_) {
$result = Db::getInstance()->executeS('SELECT id_shop FROM ' . _DB_PREFIX_ . 'shop');
foreach ($result as $row) {
$key = 'checkBoxShopAsso_' . $this->table;
if (!isset($_POST[$key])) {
$_POST[$key] = array();
}
if (!isset($_GET[$key])) {
$_GET[$key] = array();
}
$_POST[$key][$row['id_shop']] = 1;
$_GET[$key][$row['id_shop']] = 1;
}
}
if ($employee->isLastAdmin()) {
if (Tools::getValue('id_profile') != (int) _PS_ADMIN_PROFILE_) {
$this->errors[] = Tools::displayError('You should have at least one employee in the administrator group.');
return false;
}
if (Tools::getvalue('active') == 0) {
$this->errors[] = Tools::displayError('You cannot disable or delete the administrator account.');
return false;
}
}
if (Tools::getValue('bo_theme_css')) {
$bo_theme = explode('|', Tools::getValue('bo_theme_css'));
$_POST['bo_theme'] = $bo_theme[0];
if (!in_array($bo_theme[0], scandir(_PS_ADMIN_DIR_ . DIRECTORY_SEPARATOR . 'themes'))) {
$this->errors[] = Tools::displayError('Invalid theme');
return false;
}
if (isset($bo_theme[1])) {
$_POST['bo_css'] = $bo_theme[1];
}
}
$assos = $this->getSelectedAssoShop($this->table);
if (!$assos && ($this->table = 'employee')) {
if (Shop::isFeatureActive() && _PS_ADMIN_PROFILE_ != $_POST['id_profile']) {
$this->errors[] = Tools::displayError('The employee must be associated with at least one shop.');
}
}
if (count($this->errors)) {
return false;
}
return parent::processSave();
}
define('_PS_JSONAPI_DIR_', getcwd());
define('PS_JSONAPI_DIR', _PS_JSONAPI_DIR_);
// Retro-compatibility
include PS_JSONAPI_DIR . '/../config/config.inc.php';
include PS_JSONAPI_DIR . '/../admin12/functions.php';
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$email = Tools::getValue('email');
$password = Tools::getValue('password');
$db = Db::getInstance();
if (empty($email) || empty($password)) {
$res = false;
$token = null;
} else {
$emp = new Employee();
$res = $emp->getByEmail($email, $password, true);
if ($res) {
$api_access = array("*****@*****.**", "*****@*****.**", "*****@*****.**", "*****@*****.**");
if ((int) $res->id_profile === 10 || in_array($email, $api_access)) {
$token = $emp->generateToken($email);
} else {
$res = false;
$token = null;
}
}
}
$response = array('auth_status' => $res ? 'success' : 'failure', 'token' => $token);
$response = Tools::jsonEncode($response);
$callback = Tools::getValue('callback', false);
if ($callback) {
$response = $callback . '(' . $response . ');';
public static function edit_employee($email, $password = NULL, $profile = NULL, $firstname = NULL, $lastname = NULL)
{
if (!Validate::isEmail($email)) {
echo "{$email} is not a valid email address\n";
return false;
}
$employee = new Employee();
if (!$employee->getByEmail($email)) {
echo "Could not find an employee with email {$email}\n";
return false;
}
if ($password != NULL) {
$employee->passwd = md5(_COOKIE_KEY_ . $password);
}
if ($profile != NULL) {
if (!Validate::isInt($profile)) {
echo "{$profile} is not a valid profile ID\n";
return false;
}
$employee->id_profile = $profile;
}
if ($firstname != NULL) {
$employee->firstname = $firstname;
}
if ($lastname != NULL) {
$employee->lastname = $lastname;
}
$res = $employee->update();
if ($res) {
echo "Successfully updated user {$email}\n";
return true;
} else {
echo "Error, could not update user {$email}\n";
return false;
}
}
<?php
include_once dirname(__FILE__) . "/../../config/config.php";
if (array_key_exists('submitLogin', $_POST)) {
$passwd = pSQL(Tools::getRequest('passwd'));
$email = pSQL(Tools::getRequest('email'));
if (!Validate::isEmail($email) or $passwd != NULL and !Validate::isPasswd($passwd)) {
die(json_encode(array('hasErrors' => true, 'errors' => array('邮箱或密码不能为空!'))));
}
$employee = new Employee();
if ($employee->getByEmail($email) && $employee->passwd == Tools::encrypt($passwd)) {
/* Creating cookie */
$cookie->ad_id_employee = $employee->id;
$cookie->ad_name = $employee->name;
$cookie->ad_email = $employee->email;
$cookie->ad_passwd = $employee->passwd;
$cookie->ad_remote_addr = ip2long(Tools::getRemoteAddr());
$cookie->write();
die(json_encode(array('hasErrors' => false)));
} else {
die(json_encode(array('hasErrors' => true, 'errors' => array('邮箱或密码有误!'))));
}
}
$key_default = 1;
}
}
Configuration::updateValue('MPR_PS_Version', $Version);
//$serv = _DB_SERVER_;
//$user = _DB_USER_;
//$pass = _DB_PASSWD_;
$base = _DB_NAME_;
$prefix = _DB_PREFIX_;
//echo($base.",,".$prefix.",,".$key_default);
echo $base . ",," . $prefix . ",," . $current_key;
}
} else {
$employee = new Employee();
//ppp($employee);
$is_employee_loaded = $employee->getByEmail($email, $password);
if (!$is_employee_loaded) {
echo "0,,employee logging has failed";
} else {
$current_key = Configuration::get('MPR_Encryption_Key');
$key_default = 0;
if ($current_key == "") {
Configuration::updateValue('MPR_Encryption_Key', 'AABBCCDDEEFFGGHH');
$key_default = 1;
$current_key = 'AABBCCDDEEFFGGHH';
} else {
if ($current_key == 'AABBCCDDEEFFGGHH') {
$key_default = 1;
}
}
Configuration::updateValue('MPR_PS_Version', $Version);
public function processReset()
{
if (_PS_MODE_DEMO_) {
$this->errors[] = $this->trans('This functionality has been disabled.', array(), 'Admin.Notifications.Error');
} elseif (!($reset_token_value = trim(Tools::getValue('reset_token')))) {
// hidden fields
$this->errors[] = $this->trans('Some identification information is missing.', array(), 'Admin.Login.Notification');
} elseif (!($id_employee = trim(Tools::getValue('id_employee')))) {
$this->errors[] = $this->trans('Some identification information is missing.', array(), 'Admin.Login.Notification');
} elseif (!($reset_email = trim(Tools::getValue('reset_email')))) {
$this->errors[] = $this->trans('Some identification information is missing.', array(), 'Admin.Login.Notification');
} elseif (!($reset_password = trim(Tools::getValue('reset_passwd')))) {
// password (twice)
$this->errors[] = $this->trans('The password is missing: please enter your new password.', array(), 'Admin.Login.Notification');
} elseif (!Validate::isPasswd($reset_password)) {
$this->errors[] = $this->trans('The password is not in a valid format.', array(), 'Admin.Login.Notification');
} elseif (!($reset_confirm = trim(Tools::getValue('reset_confirm')))) {
$this->errors[] = $this->trans('The confirmation is empty: please fill in the password confirmation as well.', array(), 'Admin.Login.Notification');
} elseif ($reset_password !== $reset_confirm) {
$this->errors[] = $this->trans('The password and its confirmation do not match. Please double check both passwords.', array(), 'Admin.Login.Notification');
} else {
$employee = new Employee();
if (!$employee->getByEmail($reset_email) || !$employee || $employee->id != $id_employee) {
// check matching employee id with its email
$this->errors[] = $this->trans('This account does not exist.', array(), 'Admin.Login.Notification');
} elseif (strtotime($employee->last_passwd_gen . '+' . Configuration::get('PS_PASSWD_TIME_BACK') . ' minutes') - time() > 0) {
$this->errors[] = sprintf($this->trans('You can reset your password every %d minute(s) only. Please try again later.', array(), 'Admin.Login.Notification'), Configuration::get('PS_PASSWD_TIME_BACK'));
} elseif ($employee->getValidResetPasswordToken() !== $reset_token_value) {
// To update password, we must have the temporary reset token that matches.
$this->errors[] = $this->trans('Your password reset request expired. Please start again.', array(), 'Admin.Login.Notification');
}
}
if (!count($this->errors)) {
$employee->passwd = Tools::encrypt($reset_password);
$employee->last_passwd_gen = date('Y-m-d H:i:s', time());
$params = array('{email}' => $employee->email, '{lastname}' => $employee->lastname, '{firstname}' => $employee->firstname);
if (Mail::Send($employee->id_lang, 'password', Mail::l('Your new password', $employee->id_lang), $params, $employee->email, $employee->firstname . ' ' . $employee->lastname)) {
// Update employee only if the mail can be sent
Shop::setContext(Shop::CONTEXT_SHOP, (int) min($employee->getAssociatedShops()));
$result = $employee->update();
if (!$result) {
$this->errors[] = $this->trans('An error occurred while attempting to change your password.', array(), 'Admin.Login.Notification');
} else {
$employee->removeResetPasswordToken();
// Delete temporary reset token
$employee->update();
die(Tools::jsonEncode(array('hasErrors' => false, 'confirm' => $this->l('The password has been changed successfully.', 'AdminTab', false, false))));
}
} else {
die(Tools::jsonEncode(array('hasErrors' => true, 'errors' => array($this->trans('An error occurred while attempting to change your password.', array(), 'Admin.Login.Notification')))));
}
} elseif (Tools::isSubmit('ajax')) {
die(Tools::jsonEncode(array('hasErrors' => true, 'errors' => $this->errors)));
}
}
