2016-01-04 12:48:08 +01:00
< ? php
/*
2018-03-02 16:27:52 +01:00
* 2007 - 2011 PrestaShop
2016-01-04 12:48:08 +01:00
*
* NOTICE OF LICENSE
*
* This source file is subject to the Open Software License ( OSL 3.0 )
* that is bundled with this package in the file LICENSE . txt .
* It is also available through the world - wide - web at this URL :
* http :// opensource . org / licenses / osl - 3.0 . php
* If you did not receive a copy of the license and are unable to
* obtain it through the world - wide - web , please send an email
* to license @ prestashop . com so we can send you a copy immediately .
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade PrestaShop to newer
* versions in the future . If you wish to customize PrestaShop for your
* needs please refer to http :// www . prestashop . com for more information .
*
* @ author PrestaShop SA < contact @ prestashop . com >
* @ copyright 2007 - 2011 PrestaShop SA
* @ version Release : $Revision : 9296 $
* @ license http :// opensource . org / licenses / osl - 3.0 . php Open Software License ( OSL 3.0 )
* International Registered Trademark & Property of PrestaShop SA
*/
define ( 'MIN_PASSWD_LENGTH' , 8 );
class PasswordControllerCore extends FrontController
{
public $php_self = 'password.php' ;
public function process ()
{
parent :: process ();
2018-03-02 16:27:52 +01:00
// Check User Agent - no bot
$userAgent = $_SERVER [ 'HTTP_USER_AGENT' ];
if ( strstr ( strtolower ( $userAgent ), 'bot' )) {
$this -> errors [] = Tools :: displayError ( " Who are you ? " );
}
if ( empty ( $this -> errors )) {
if ( Tools :: isSubmit ( 'email' )) {
if ( ! ( $email = Tools :: getValue ( 'email' )) OR ! Validate :: isEmail ( $email )) {
$this -> errors [] = Tools :: displayError ( 'Invalid e-mail address' );
}
else {
$customer = new Customer ();
$customer -> getByemail ( $email );
if ( ! Validate :: isLoadedObject ( $customer )) {
$this -> errors [] = Tools :: displayError ( 'There is no account registered to this e-mail address.' );
}
else {
if (( strtotime ( $customer -> last_passwd_gen . '+' . ( int )( $min_time = Configuration :: get ( 'PS_PASSWD_TIME_FRONT' )) . ' minutes' ) - time ()) > 0 ) {
$this -> errors [] = Tools :: displayError ( 'You can regenerate your password only every' ) . ' ' . ( int )( $min_time ) . ' ' . Tools :: displayError ( 'minute(s)' );
}
else {
if ( Mail :: Send (( int )( self :: $cookie -> id_lang ), 'password_query' , Mail :: l ( 'Password query confirmation' ),
array ( '{email}' => $customer -> email ,
'{lastname}' => $customer -> lastname ,
'{firstname}' => $customer -> firstname ,
'{url}' => self :: $link -> getPageLink ( 'password.php' , true ) . '?token=' . $customer -> secure_key . '&id_customer=' . ( int ) $customer -> id ),
$customer -> email ,
$customer -> firstname . ' ' . $customer -> lastname ))
self :: $smarty -> assign ( array ( 'confirmation' => 2 , 'email' => $customer -> email ));
else
$this -> errors [] = Tools :: displayError ( 'Error occurred when sending the e-mail.' );
}
2016-01-04 12:48:08 +01:00
}
}
}
2018-03-02 16:27:52 +01:00
elseif (( $token = Tools :: getValue ( 'token' )) && ( $id_customer = ( int )( Tools :: getValue ( 'id_customer' )))) {
$email = Db :: getInstance () -> getValue ( 'SELECT `email` FROM ' . _DB_PREFIX_ . 'customer c WHERE c.`secure_key` = \'' . pSQL ( $token ) . '\' AND c.id_customer = ' . ( int ) $id_customer );
if ( $email ) {
$customer = new Customer ();
$customer -> getByemail ( $email );
if (( strtotime ( $customer -> last_passwd_gen . '+' . ( int )( $min_time = Configuration :: get ( 'PS_PASSWD_TIME_FRONT' )) . ' minutes' ) - time ()) > 0 ) {
Tools :: redirect ( 'authentication.php?error_regen_pwd' );
}
else {
$customer -> passwd = Tools :: encrypt ( $password = Tools :: passwdGen (( int ) MIN_PASSWD_LENGTH , 'RANDOM' ));
$customer -> last_passwd_gen = date ( 'Y-m-d H:i:s' , time ());
if ( $customer -> update ())
{
if ( Mail :: Send (( int )( self :: $cookie -> id_lang ), 'password' , Mail :: l ( 'Your password' ),
array ( '{email}' => $customer -> email ,
'{lastname}' => $customer -> lastname ,
'{firstname}' => $customer -> firstname ,
'{passwd}' => $password ),
$customer -> email ,
$customer -> firstname . ' ' . $customer -> lastname ))
self :: $smarty -> assign ( array ( 'confirmation' => 1 , 'email' => $customer -> email ));
else
$this -> errors [] = Tools :: displayError ( 'Error occurred when sending the e-mail.' );
}
2016-01-04 12:48:08 +01:00
else
2018-03-02 16:27:52 +01:00
$this -> errors [] = Tools :: displayError ( 'An error occurred with your account and your new password cannot be sent to your e-mail. Please report your problem using the contact form.' );
2016-01-04 12:48:08 +01:00
}
2018-03-02 16:27:52 +01:00
}
else {
$this -> errors [] = Tools :: displayError ( 'We cannot regenerate your password with the data you submitted' );
2016-01-04 12:48:08 +01:00
}
}
2018-03-02 16:27:52 +01:00
elseif (( $token = Tools :: getValue ( 'token' )) || ( $id_customer = Tools :: getValue ( 'id_customer' ))) {
2016-01-04 12:48:08 +01:00
$this -> errors [] = Tools :: displayError ( 'We cannot regenerate your password with the data you submitted' );
2018-03-02 16:27:52 +01:00
}
2016-01-04 12:48:08 +01:00
}
}
public function displayContent ()
{
parent :: displayContent ();
self :: $smarty -> display ( _PS_THEME_DIR_ . 'password.tpl' );
}
}
