/** * Prepare data for the \XLite\Controller\Customer\Login * * @param \stdClass $user Drupal user profile * @param array|null $edit Data from request * * @return array */ protected function getProfileDataLogin(\stdClass $user, $edit) { $data = $this->getProfileData($user, $edit, false); // On the "Reset password" page user can log in without entering a password. // It's the reason to introduce the "log in using secret token" approach list($result, $timestamp, $hash) = $this->isResetPasswordPage(); // Only start LC log in procedure after Drupal hash string is checked if ($result && user_pass_rehash($data['password'], $timestamp, $data['login_time']) === $hash) { $token = \XLite\Core\Converter::generateRandomToken(); // Save token in session and pass it to LC controller. Strings must match $data[\XLite\Controller\Customer\Login::SECURE_TOKEN] = $token; \XLite\Core\Auth::getInstance()->setSecureHash($token); } return $data; }