bebeboutik/override/controllers/AuthController.php

456 lines
17 KiB
PHP
Raw Normal View History

2016-01-04 12:48:08 +01:00
<?php
2018-02-08 17:31:49 +01:00
class AuthController extends AuthControllerCore
{
public function preProcess()
{
2016-01-04 12:48:08 +01:00
// We can't run parent::preProcess() here since it would run the authentication process
2018-02-09 10:10:22 +01:00
if (!isset($this->php_self)) {
2016-01-04 12:48:08 +01:00
$this->php_self = strtolower(basename($_SERVER['PHP_SELF']));
}
2018-02-09 10:10:22 +01:00
if ($this->php_self == '404.php') {
2016-01-04 12:48:08 +01:00
$page_name = 'page-404';
} else {
if(preg_match('#^'.__PS_BASE_URI__.'modules/([a-zA-Z0-9_-]+?)/([^?]*)(\?(.*))?$#', strtolower($_SERVER['REQUEST_URI']), $m)) {
$page_name = 'module-'.$m[1].'-'.str_replace(array('.php', '/'), array('', '-'), $m[2]);
} else {
$page_name = preg_replace('/\.php$/', '', $this->php_self);
}
}
self::$smarty->assign(array('page_name' => $page_name));
$displayLeft = array(
'page-404', 'address', 'addresses', /*'authentication',*/ 'best-sales',
'breadcrumb', 'category', 'category-cms-tree-branch',
'category-tree-branch', 'cms', 'contact-form', 'discount',
'errors', 'footer', 'guest-tracking', 'header', 'history',
'identity', /*'index',*/ 'maintenance', 'manufacturer',
'manufacturer-list', 'my-account', 'new-products', 'order',
'order-address', 'order-carrier', 'order-confirmation',
'order-detail', 'order-follow', 'order-opc',
'order-opc-new-account', 'order-payment', 'order-return',
'order-slip', 'order-steps', 'pagination', /*'password',*/ 'payment',
'prices-drop', /*'product',*/ 'product-compare', 'product-list',
'products-comparison', 'product-sort', 'restricted-country',
'scenes', 'search', 'shopping-cart', 'shopping-cart-product-line',
'sitemap', 'store_infos', 'stores', 'supplier', 'supplier-list',
'module-privatesales-salechange', 'module-invite-invite-program',
'module-referralprogram-referral-program', 'module-cheque-payment',
'module-bankwire-payment', 'module-invite-invite-rules',
);
if($page_name == 'index') {
global $cookie;
if($cookie->isLogged()) {
$displayLeft[] = 'index';
}
}
$displayRight = array(
/*'page-404', 'address', 'addresses', 'authentication', 'best-sales',
'breadcrumb', 'category', 'category-cms-tree-branch',
'category-tree-branch', 'cms', 'contact-form', 'discount',
'errors', 'footer', 'guest-tracking', 'header', 'history',
'identity', 'index', 'maintenance', 'manufacturer',
'manufacturer-list', 'my-account', 'new-products', 'order',
'order-address', 'order-carrier', 'order-confirmation',
'order-detail', 'order-follow', 'order-opc',
'order-opc-new-account', 'order-payment', 'order-return',
'order-slip', 'order-steps', 'pagination', 'password', 'payment',
'prices-drop', 'product', 'product-compare', 'product-list',
'products-comparison', 'product-sort', 'restricted-country',
'scenes', 'search', 'shopping-cart', 'shopping-cart-product-line',
'sitemap', 'store_infos', 'stores', 'supplier', 'supplier-list',
'module-privatesales-salechange', 'module-invite-invite-program',
'module-referralprogram-referral-program', 'module-cheque-payment',
'module-bankwire-payment', 'module-invite-invite-rules',*/
);
$countCols = count(array_keys($displayLeft + $displayRight, $page_name));
$bodyClass = 'singleCol';
if($countCols == 1) {
$bodyClass = 'doubleCol';
} elseif($countCols == 2) {
$bodyClass = 'tripleCol';
}
self::$smarty->assign(array(
'displayLeft' => $displayLeft,
'displayRight' => $displayRight,
'bodyClass' => $bodyClass,
));
Module::hookExec('preprocess');
2018-02-08 17:31:49 +01:00
if (self::$cookie->isLogged() && !Tools::isSubmit('ajax')) {
Tools::redirect('/');
2016-01-04 12:48:08 +01:00
}
2018-02-08 17:31:49 +01:00
if (Tools::getValue('create_account')) {
2016-01-04 12:48:08 +01:00
$create_account = 1;
self::$smarty->assign('email_create', 1);
}
2018-02-08 17:31:49 +01:00
if (Tools::isSubmit('SubmitCreate')) {
2016-01-04 12:48:08 +01:00
$create_account = 1;
self::$smarty->assign('email_create', Tools::safeOutput($email));
}
2018-02-08 17:31:49 +01:00
if (Tools::isSubmit('submitAccount') || Tools::isSubmit('submitGuestAccount')) {
2016-01-04 12:48:08 +01:00
$create_account = 1;
2018-02-08 17:31:49 +01:00
if(Tools::isSubmit('submitAccount')) {
self::$smarty->assign('email_create', 1);
}
/* New Guest customer */
if (!Tools::getValue('is_new_customer', 1) && !Configuration::get('PS_GUEST_CHECKOUT_ENABLED')) {
2016-01-04 12:48:08 +01:00
$this->errors[] = Tools::displayError('You cannot create a guest account.');
}
2018-02-08 17:31:49 +01:00
if (!Tools::getValue('is_new_customer', 1)) {
2016-01-04 12:48:08 +01:00
$_POST['passwd'] = md5(time()._COOKIE_KEY_);
}
2018-02-08 17:31:49 +01:00
$email = Tools::getValue('email');
if (Tools::getValue('guest_email') !== false) {
$email = Tools::getValue('guest_email');
2016-01-04 12:48:08 +01:00
}
$email = $emailOri = strtolower(trim($email));
2016-01-04 12:48:08 +01:00
// Prepare Check email
$domains = array(
/* Default domains included */
"aol.com", "att.net", "comcast.net", "facebook.com", "gmail.com", "gmx.com", "googlemail.com",
"google.com", "hotmail.com", "hotmail.co.uk", "mac.com", "me.com", "mail.com", "msn.com",
"live.com", "sbcglobal.net", "verizon.net", "yahoo.com", "yahoo.co.uk",
/* Other global domains */
"email.com", "fastmail.fm", "games.com" /* AOL */, "gmx.net", "hush.com", "hushmail.com", "icloud.com",
"iname.com", "inbox.com", "lavabit.com", "love.com" /* AOL */, "outlook.com", "pobox.com", "protonmail.com",
"rocketmail.com" /* Yahoo */, "safe-mail.net", "wow.com" /* AOL */, "ygm.com" /* AOL */,
"ymail.com" /* Yahoo */, "zoho.com", "yandex.com",
/* United States ISP domains */
"bellsouth.net", "charter.net", "cox.net", "earthlink.net", "juno.com",
/* British ISP domains */
"btinternet.com", "virginmedia.com", "blueyonder.co.uk", "freeserve.co.uk", "live.co.uk",
"ntlworld.com", "o2.co.uk", "orange.net", "sky.com", "talktalk.co.uk", "tiscali.co.uk",
"virgin.net", "wanadoo.co.uk", "bt.com",
/* Domains used in Asia */
"sina.com", "qq.com", "naver.com", "hanmail.net", "daum.net", "nate.com", "yahoo.co.jp", "yahoo.co.kr", "yahoo.co.id", "yahoo.co.in", "yahoo.com.sg", "yahoo.com.ph",
/* French ISP domains */
"hotmail.fr", "live.fr", "laposte.net", "yahoo.fr", "wanadoo.fr", "orange.fr", "gmx.fr", "sfr.fr", "neuf.fr", "free.fr",
/* German ISP domains */
"gmx.de", "hotmail.de", "live.de", "online.de", "t-online.de" /* T-Mobile */, "web.de", "yahoo.de",
/* Italian ISP domains */
"libero.it", "virgilio.it", "hotmail.it", "aol.it", "tiscali.it", "alice.it", "live.it", "yahoo.it", "email.it", "tin.it", "poste.it", "teletu.it",
/* Russian ISP domains */
"mail.ru", "rambler.ru", "yandex.ru", "ya.ru", "list.ru",
/* Belgian ISP domains */
"hotmail.be", "live.be", "skynet.be", "voo.be", "tvcablenet.be", "telenet.be",
/* Argentinian ISP domains */
"hotmail.com.ar", "live.com.ar", "yahoo.com.ar", "fibertel.com.ar", "speedy.com.ar", "arnet.com.ar",
/* Domains used in Mexico */
"yahoo.com.mx", "live.com.mx", "hotmail.es", "hotmail.com.mx", "prodigy.net.mx",
/* Domains used in Brazil */
"yahoo.com.br", "hotmail.com.br", "outlook.com.br", "uol.com.br", "bol.com.br", "terra.com.br", "ig.com.br", "itelefonica.com.br", "r7.com", "zipmail.com.br", "globo.com", "globomail.com", "oi.com.br"
);
// Real association
$replaceSLD = array(
'@hotmil.' => '@hotmail.',
'@htmail.' => '@hotmail.',
'@hotmal.' => '@hotmail.',
'@hotml.' => '@hotmail.',
'@hotmai.' => '@hotmail.',
'@gmal.' => '@gmail.',
'@gail.' => '@gmail.',
'@gml.' => '@gmail.',
'@gmai.' => '@gmail.',
'@gmil.' => '@gmail.',
);
$replaceGlobal = array(
'@gmailcom' => '@gmail.com',
'@hotmailcom' => '@hotmail.com',
'@hotmailfr' => '@hotmail.fr',
);
// Real use case replacement
$email = strtr($email, $replaceGlobal);
// Check TLD
$atPos = strpos($email, '@');
$pointPos = strpos($email, '.', $atPos);
$tld = substr($email, $pointPos + 1);
$sld = substr($email, $atPos + 1, strlen($email) - ($atPos+1) - (strlen($tld)+1) );
if (empty($tld)) {
$this->errors[] = Tools::displayError('Invalid email');
$_POST['email'] = '';
}
if (empty($this->errors)) {
// If you have a complete list of TLD, check it !
}
// Check SLD
if (empty($this->errors)) {
// Real use case replacement
$email = strtr($email, $replaceSLD);
// Levenhstein remplacement
if (count($domains) > 0 && $email == $emailOri) {
foreach ($domains as $d) {
$dpPos = strpos($d, '.');
$realDomain = substr($d, 0, $dpPos);
$lev = levenshtein($sld, $realDomain);
if ($lev == O) {
break;
}
elseif ($lev == 1 && $tld == substr($d, $dpPos+1)) {
$email = str_replace('@'.$sld.'.', '@'.$realDomain.'.', $email);
break;
}
}
}
}
2016-03-10 18:19:41 +01:00
2016-01-04 12:48:08 +01:00
/* Preparing customer */
$customer = new Customer();
$lastnameAddress = $_POST['lastname'];
$firstnameAddress = $_POST['firstname'];
$_POST['lastname'] = $_POST['customer_lastname'];
$_POST['firstname'] = $_POST['customer_firstname'];
if (!@checkdate(Tools::getValue('months'), Tools::getValue('days'), Tools::getValue('years')) AND !(Tools::getValue('months') == '' AND Tools::getValue('days') == '' AND Tools::getValue('years') == '')) {
$this->errors[] = Tools::displayError('Invalid date of birth');
}
$customer->birthday = (empty($_POST['years']) ? '' : (int)($_POST['years']).'-'.(int)($_POST['months']).'-'.(int)($_POST['days']));
$this->errors = array_unique(array_merge($this->errors, $customer->validateControler()));
$_POST['lastname'] = $lastnameAddress;
$_POST['firstname'] = $firstnameAddress;
2018-02-09 10:03:42 +01:00
if (!sizeof($this->errors)) {
2018-02-08 17:31:49 +01:00
if(Customer::customerExists($email)) {
2016-01-04 12:48:08 +01:00
$this->errors[] = Tools::displayError('An account is already registered with this e-mail, please fill in the password or request a new one.');
}
if(Tools::isSubmit('newsletter')) {
$customer->ip_registration_newsletter = pSQL(Tools::getRemoteAddr());
$customer->newsletter_date_add = pSQL(date('Y-m-d H:i:s'));
}
$customer->birthday = (empty($_POST['years'])? '': (int)($_POST['years']).'-'.(int)($_POST['months']).'-'.(int)($_POST['days']));
2018-02-09 10:03:42 +01:00
if (!sizeof($this->errors)) {
2016-01-04 12:48:08 +01:00
$customer->active = 1;
/* New Guest customer */
2018-02-09 10:03:42 +01:00
if (Tools::isSubmit('is_new_customer')) {
2016-01-04 12:48:08 +01:00
$customer->is_guest = !Tools::getValue('is_new_customer', 1);
} else {
$customer->is_guest = 0;
}
2018-02-09 10:03:42 +01:00
if (!$customer->add()) {
2016-01-04 12:48:08 +01:00
$this->errors[] = Tools::displayError('An error occurred while creating your account.');
} else {
if(!$customer->is_guest) {
if(!Mail::Send((int)(self::$cookie->id_lang), 'account', Mail::l('Welcome!'),
array('{firstname}' => $customer->firstname, '{lastname}' => $customer->lastname, '{email}' => $customer->email, '{passwd}' => Tools::getValue('passwd')), $customer->email, $customer->firstname.' '.$customer->lastname))
$this->errors[] = Tools::displayError('Cannot send email');
}
global $site_version_front;
Db::getInstance()->ExecuteS('
INSERT INTO `'._DB_PREFIX_.'customer_version`
VALUES (
'.(int) $customer->id.',
"'.pSQL(!isset($site_version_front) ? 'fr': $site_version_front).'",
NOW()
)
');
2016-03-10 18:19:41 +01:00
2016-01-04 12:48:08 +01:00
self::$smarty->assign('confirmation', 1);
self::$cookie->id_customer = (int)($customer->id);
self::$cookie->customer_lastname = $customer->lastname;
self::$cookie->customer_firstname = $customer->firstname;
self::$cookie->passwd = $customer->passwd;
self::$cookie->logged = 1;
self::$cookie->email = $customer->email;
self::$cookie->is_guest = !Tools::getValue('is_new_customer', 1);
/* Update cart address */
self::$cart->secure_key = $customer->secure_key;
self::$cart->id_address_delivery = 0;
self::$cart->id_address_invoice = 0;
self::$cart->update();
Module::hookExec('createAccount', array(
'_POST' => $_POST,
'newCustomer' => $customer
));
2018-02-09 10:03:42 +01:00
if (Tools::isSubmit('ajax')) {
2016-01-04 12:48:08 +01:00
$return = array(
'hasError' => !empty($this->errors),
'errors' => $this->errors,
'isSaved' => true,
'id_customer' => (int)self::$cookie->id_customer,
'id_address_delivery' => 0,
'id_address_invoice' => 0,
'token' => Tools::getToken(false)
);
die(Tools::jsonEncode($return));
}
2018-02-09 10:03:42 +01:00
if ($back = Tools::getValue('back')) {
2016-01-04 12:48:08 +01:00
if($back == '/') {
$back = '/index.php?validation=1';
Tools::redirect($back);
}
Tools::redirect($back.'?validation=1');
}
Tools::redirect('my-account.php?validation=1');
}
}
}
2018-02-09 10:03:42 +01:00
if (sizeof($this->errors)) {
2016-01-04 12:48:08 +01:00
if(!Tools::getValue('is_new_customer')) {
unset($_POST['passwd']);
}
if(Tools::isSubmit('ajax')) {
$return = array(
'hasError' => !empty($this->errors),
'errors' => $this->errors,
'isSaved' => false,
'id_customer' => 0
);
die(Tools::jsonEncode($return));
}
}
}
2018-02-09 10:03:42 +01:00
if (Tools::isSubmit('SubmitLogin')) {
2016-01-04 12:48:08 +01:00
Module::hookExec('beforeAuthentication');
$passwd = trim(Tools::getValue('passwd'));
$email = trim(Tools::getValue('email'));
if (empty($email)) {
$this->errors[] = Tools::displayError('E-mail address required');
} elseif (!Validate::isEmail($email)) {
$this->errors[] = Tools::displayError('Invalid e-mail address');
} elseif (empty($passwd)) {
$this->errors[] = Tools::displayError('Password is required');
} elseif (Tools::strlen($passwd) > 32) {
$this->errors[] = Tools::displayError('Password is too long');
} elseif (!Validate::isPasswd($passwd)) {
$this->errors[] = Tools::displayError('Invalid password');
} else {
$customer = new Customer();
$authentication = $customer->getByEmail(trim($email), trim($passwd));
2018-02-09 10:03:42 +01:00
if (!$authentication || !$customer->id) {
2016-01-04 12:48:08 +01:00
/* Handle brute force attacks */
sleep(1);
$this->errors[] = Tools::displayError('Authentication failed');
} else {
self::$cookie->id_customer = (int)($customer->id);
self::$cookie->customer_lastname = $customer->lastname;
self::$cookie->customer_firstname = $customer->firstname;
self::$cookie->logged = 1;
self::$cookie->is_guest = $customer->isGuest();
self::$cookie->passwd = $customer->passwd;
self::$cookie->email = $customer->email;
if(Configuration::get('PS_CART_FOLLOWING') && (empty(self::$cookie->id_cart) || Cart::getNbProducts(self::$cookie->id_cart) == 0)) {
self::$cookie->id_cart = (int)(Cart::lastNoneOrderedCart((int)($customer->id)));
}
/* Update cart address */
self::$cart->id_carrier = 0;
self::$cart->id_address_delivery = 0;
self::$cart->id_address_invoice = 0;
// If a logged guest logs in as a customer, the cart secure key was already set and needs to be updated
self::$cart->secure_key = $customer->secure_key;
self::$cart->update();
// update customer version
global $site_version_front;
Db::getInstance()->ExecuteS('
INSERT INTO `'._DB_PREFIX_.'customer_version`
VALUES (
'.(int) $customer->id.',
"'.pSQL($site_version_front).'",
NOW()
)
ON DUPLICATE KEY UPDATE
`version` = "'.pSQL($site_version_front).'"
');
2016-03-10 18:19:41 +01:00
2016-01-04 12:48:08 +01:00
Module::hookExec('authentication');
if(!Tools::isSubmit('ajax')) {
if ($back = Tools::getValue('back'))
Tools::redirect($back);
Tools::redirect('my-account.php');
}
}
}
2018-02-09 10:03:42 +01:00
if (Tools::isSubmit('ajax')) {
2016-01-04 12:48:08 +01:00
$return = array(
'hasError' => !empty($this->errors),
'errors' => $this->errors,
'token' => Tools::getToken(false)
);
die(Tools::jsonEncode($return));
}
}
2018-02-09 10:03:42 +01:00
if (isset($create_account)) {
2016-01-04 12:48:08 +01:00
/* Call a hook to display more information on form */
self::$smarty->assign(array(
'HOOK_CREATE_ACCOUNT_FORM' => Module::hookExec('createAccountForm'),
'HOOK_CREATE_ACCOUNT_TOP' => Module::hookExec('createAccountTop')
));
}
/* Generate years, months and days */
if (isset($_POST['years']) && is_numeric($_POST['years'])) {
$selectedYears = (int)($_POST['years']);
}
$years = Tools::dateYears();
if (isset($_POST['months']) && is_numeric($_POST['months'])) {
$selectedMonths = (int)($_POST['months']);
}
$months = Tools::dateMonths();
if (isset($_POST['days']) && is_numeric($_POST['days'])) {
$selectedDays = (int)($_POST['days']);
}
$days = Tools::dateDays();
self::$smarty->assign(array(
'years' => $years,
'sl_year' => (isset($selectedYears)? $selectedYears: 0),
'months' => $months,
'sl_month' => (isset($selectedMonths)? $selectedMonths: 0),
'days' => $days,
'sl_day' => (isset($selectedDays)? $selectedDays: 0)
));
self::$smarty->assign('newsletter', (int)Module::getInstanceByName('blocknewsletter')->active);
}
2018-02-09 10:03:42 +01:00
public function displayContent()
{
2016-01-04 12:48:08 +01:00
Tools::safePostVars();
self::$smarty->assign('errors', $this->errors);
2016-04-08 15:31:40 +02:00
self::$smarty->assign('HOOK_CREATE_ACCOUNT_FORM_BOTTOM', Module::hookExec('createAccountFormBottom', array()));
2016-01-04 12:48:08 +01:00
self::$smarty->display(_PS_THEME_DIR_.'authentication.tpl');
}
2018-02-09 10:03:42 +01:00
public function setMedia()
{
2016-01-04 12:48:08 +01:00
parent::setMedia();
global $css_files;
$css_files = array_slice($css_files, 0, 1);
}
}