diff --git a/adm/helpers/HelperFormBootstrap.php b/adm/helpers/HelperFormBootstrap.php index 785cb232..bbe71147 100644 --- a/adm/helpers/HelperFormBootstrap.php +++ b/adm/helpers/HelperFormBootstrap.php @@ -206,6 +206,9 @@ class HelperFormBootstrap{ case 'simpleText': $this->inputSimpleText($input); break; + case 'textAddon': + $this->inputTextAddon($input); + break; case 'tag': $this->inputTag($input); break; @@ -309,9 +312,10 @@ class HelperFormBootstrap{ '.(isset($p['label']) && $p['label'] ?'':'').'
'.(isset($p['before']) && $p['before'] ?'
'.$p['before'].'
':'').' - + '.(isset($p['after']) && $p['after'] ?'
'.$p['after'].'
':'').'
+ ' . ((isset($p['help']) && $p['help']) ? ''.$p['help'].'' : '') . ' '; } diff --git a/adm/helpers/includes/css/custom.css b/adm/helpers/includes/css/custom.css index 7249be49..d3db9784 100644 --- a/adm/helpers/includes/css/custom.css +++ b/adm/helpers/includes/css/custom.css @@ -378,6 +378,12 @@ table.table tr th { .table tr td { color: #000; } +.table th a{ + color:#fff; +} +.table tbody tr th:first-child span{ + color: #E36EA2!important; +} /* Select2 */ .select2-results ul li{ diff --git a/adm/init.php b/adm/init.php index 2a696538..c9be68c8 100755 --- a/adm/init.php +++ b/adm/init.php @@ -1,6 +1,6 @@ isLoggedBack()) { - + $destination = substr($_SERVER['REQUEST_URI'], strlen(dirname($_SERVER['SCRIPT_NAME'])) + 1); Tools::redirectAdmin('login.php'.(empty($destination) || ($destination == 'index.php?logout') ? '' : '?redirect='.$destination)); } @@ -56,6 +56,11 @@ else define('_PS_BASE_URL_SSL_', Tools::getShopDomainSsl(true)); $employee = new Employee((int)$cookie->id_employee); + + /* @Override Antadis - safety reset passaword */ + Module::hookExec('ant_initadmin', array('employee' => $employee)); + /* @End Override Antadis - safety reset passaword */ + $cookie->profile = $employee->id_profile; $cookie->id_lang = (int)$employee->id_lang; $iso = strtolower(Language::getIsoById($cookie->id_lang ? $cookie->id_lang : Configuration::get('PS_LANG_DEFAULT'))); diff --git a/adm/resetpasswd.php b/adm/resetpasswd.php new file mode 100644 index 00000000..d809f8f3 --- /dev/null +++ b/adm/resetpasswd.php @@ -0,0 +1,219 @@ + +* @copyright 2007-2011 PrestaShop SA +* @version Release: $Revision: 9346 $ +* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) +* International Registered Trademark & Property of PrestaShop SA +*/ + +ob_start(); +define('PS_ADMIN_DIR', getcwd()); + +include(PS_ADMIN_DIR.'/../config/config.inc.php'); +include(PS_ADMIN_DIR.'/functions.php'); +$clientIsMaintenanceOrLocal = in_array(Tools::getRemoteAddr(), array_merge(array('127.0.0.1'),explode(',', Configuration::get('PS_MAINTENANCE_IP')))); + +$errors = array(); + +if ((empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) == 'off') + AND Configuration::get('PS_SSL_ENABLED')) +{ + // You can uncomment theses lines if you want to force https even from localhost and automatically redirect + // header('HTTP/1.1 301 Moved Permanently'); + // header('Location: '.Tools::getShopDomainSsl(true).$_SERVER['REQUEST_URI']); + // exit(); + + // If ssl is enabled, https protocol is required. Exception for maintenance and local (127.0.0.1) IP + if ($clientIsMaintenanceOrLocal) + $errors[] = translate('SSL is activated. However, your IP is allowed to use unsecure mode (Maintenance or local IP).').'
'; + else + $warningSslMessage = translate('SSL is activated. Please connect using the following url to log in in secure mode (https).') + .'

https://'.Tools::getServerName().Tools::safeOutput($_SERVER['REQUEST_URI']).''; +} + +$timerStart = microtime(true); + +$currentFileName = array_reverse(explode("/", $_SERVER['SCRIPT_NAME'])); +$cookieLifetime = (time() + (((int)Configuration::get('PS_COOKIE_LIFETIME_BO') > 0 ? (int)Configuration::get('PS_COOKIE_LIFETIME_BO') : 1)* 3600)); +$cookie = new Cookie('psAdmin', substr($_SERVER['SCRIPT_NAME'], strlen(__PS_BASE_URI__), -strlen($currentFileName['0'])), $cookieLifetime); + +if (!isset($cookie->id_lang)) + $cookie->id_lang = Configuration::get('PS_LANG_DEFAULT'); +$iso = strtolower(Language::getIsoById((int)($cookie->id_lang))); +include(_PS_TRANSLATIONS_DIR_.$iso.'/admin.php'); +include(_PS_TRANSLATIONS_DIR_.$iso.'/errors.php'); + +if($cookie->isLoggedBack){ + $cookie->logout(); +} + +/* Cookie creation and redirection */ +if (Tools::isSubmit('Submit')) +{ + /* Check fields validity */ + $passwd = trim(Tools::getValue('passwd')); + $passwd_conf = trim(Tools::getValue('passwd_conf')); + $email = trim(Tools::getValue('email')); + if (empty($email)) { + $errors[] = Tools::displayError('E-mail is empty'); + } + elseif (!Validate::isEmail($email)) { + $errors[] = Tools::displayError('Invalid e-mail address'); + } + elseif (empty($passwd) || empty($passwd_conf)) { + $errors[] = Tools::displayError('Password is blank'); + } + elseif (!Validate::isPasswd($passwd) || !Validate::isPasswd($passwd_conf)) { + $errors[] = Tools::displayError('Invalid password'); + } + elseif ($passwd!==$passwd_conf) { + $errors[] = Tools::displayError('Confirmation password different from password'); + } + else + { + /* Seeking for employee */ + $employee = new Employee(); + $employee = $employee->getByemail($email); + if (!$employee) + { + $errors[] = Tools::displayError('Employee does not exist or password is incorrect.'); + $cookie->logout(); + } + else + { + $_employee = $employee->getByemail($email,$passwd); + if($_employee){ + $errors[] = Tools::displayError('You have to change your password'); + } else { + $employee->passwd = Tools::encrypt($passwd); + if($employee->update()){ + /* Creating cookie */ + $cookie->id_employee = $employee->id; + $cookie->email = $employee->email; + $cookie->profile = $employee->id_profile; + $cookie->passwd = $employee->passwd; + $cookie->remote_addr = ip2long(Tools::getRemoteAddr()); + $cookie->write(); + /* Redirect to admin panel */ + if (isset($_GET['redirect'])) + $url = strval($_GET['redirect'].(isset($_GET['token']) ? ('&token='.$_GET['token']) : '')); + else + $url = 'index.php'; + if (!Validate::isCleanHtml($url)){ + die(Tools::displayError()); + } + echo ' + + + + +
'.translate('Click here to launch Administration panel').'
+ + '; + exit ; + } else { + $errors[] = Tools::displayError('An error occured during the updating'); + } + } + } + } +} + +echo ' + + + + + PrestaShop™ - '.translate('Administration panel').''; +echo ' + + +
'; + +if ($nbErrors = sizeof($errors)) +{ + echo ' +
+

'.($nbErrors > 1 ? translate('There are') : translate('There is')).' '.$nbErrors.' '.($nbErrors > 1 ? translate('errors') : translate('error')).'

+
    '; + foreach ($errors AS $error) + echo '
  1. '.$error.'
    2. '; + echo ' +
+
+
'; +} + +echo ' +
+

'.Tools::htmlentitiesUTF8(Configuration::get('PS_SHOP_NAME')).'

+

'.translate('It\'s time to change your password').'

+
'; + +$randomNb = rand(100, 999); +if (file_exists(PS_ADMIN_DIR.'/../install') OR file_exists(PS_ADMIN_DIR.'/../admin')) +{ + echo ' '.translate('For security reasons, you cannot connect to the Back Office until after you have:').'

+ - '.translate('delete the /install folder').'
+ - '.translate('renamed the /admin folder (eg. ').'/admin'.$randomNb.')
+
'.translate('Please then access this page by the new url (eg. http://www.domain.tld/admin').$randomNb.')'; +} +else +{ + // If https enabled, we force it except if you try to log in from maintenance or local ip + if ( (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) == 'off') + AND ( Configuration::get('PS_SSL_ENABLED') AND !$clientIsMaintenanceOrLocal) + ) + echo '
'.$warningSslMessage.'
'; + else + echo ' +
+ +
+
+ +
+
+
+ +
+
+
+
+ '; +} +?> + + +
+

© Copyright by PrestaShop. all rights reserved.

+
+ +'; diff --git a/mails/fr/resetpassword.html b/mails/fr/resetpassword.html new file mode 100644 index 00000000..08b0faf4 --- /dev/null +++ b/mails/fr/resetpassword.html @@ -0,0 +1,42 @@ + + + + + Message de {shop_name} + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ {shop_name} +
 
Bonjour {employee},
 
Il est temps de changer votre mot de passe d'accès au BO
 
+ Pour changer votre mot de passe il suffit d'aller dans "Mes préférences" dans le panneau d'administration de Bébéboutik. +
 
+ Vous avez {limit} jours pour changer votre mot de passe. +
 
+ {shop_name} - {shop_url} +
+ + diff --git a/mails/fr/resetpassword.txt b/mails/fr/resetpassword.txt new file mode 100644 index 00000000..32401680 --- /dev/null +++ b/mails/fr/resetpassword.txt @@ -0,0 +1,7 @@ +Il est temps de changer votre mot de passe d'accès au BO + +Pour changer votre mot de passe il suffit d'aller dans "Mes préférences" dans le panneau d'administration de Bébéboutik. + +Vous avez {limit} jours pour changer votre mot de passe. + +{shop_name} - {shop_url} diff --git a/mails/fr/resetpassword_2.html b/mails/fr/resetpassword_2.html new file mode 100644 index 00000000..9f6cfed1 --- /dev/null +++ b/mails/fr/resetpassword_2.html @@ -0,0 +1,42 @@ + + + + + Message de {shop_name} + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ {shop_name} +
 
Bonjour {employee},
 
Il est temps de changer votre mot de passe d'accès au BO
 
+ Vous ne pourrez plus accéder au panneau d'administration de Bébéboutik tant que vous n'aurez pas modifié votre mot de passe. +
 
+ Veuillez réinitialiser votre mot de passe à l'adresse suivante {reset_link} +
 
+ {shop_name} - {shop_url} +
+ + diff --git a/mails/fr/resetpassword_2.txt b/mails/fr/resetpassword_2.txt new file mode 100644 index 00000000..70584bd5 --- /dev/null +++ b/mails/fr/resetpassword_2.txt @@ -0,0 +1,7 @@ +Il est temps de changer votre mot de passe d'accès au BO + +Sans cela vous ne pourrez plus accéder au panneau d'administration de Bébéboutik. + +Suivez le lien {reset_link} + +{shop_name} - {shop_url} diff --git a/modules/ant_resetbopassword/ant_resetbopassword.php b/modules/ant_resetbopassword/ant_resetbopassword.php new file mode 100644 index 00000000..5d5ce685 --- /dev/null +++ b/modules/ant_resetbopassword/ant_resetbopassword.php @@ -0,0 +1,136 @@ +name = 'ant_resetbopassword'; + $this->tab = 'administration'; + $this->author = 'Antadis'; + $this->version = '1.0'; + $this->need_instance = 0; + + parent::__construct(); + + $this->displayName = $this->l('Sécurité BO'); + $this->description = $this->l('Envoi, tous les X mois, une demande de changement de mot de passe aux employés'); + } + + public function install() + { + if(!(parent::install())) { + return false; + } + + # Set default configuration values + Configuration::updateValue('ANT_RESETBOPASSWORD_FREQ', 3); // month + Configuration::updateValue('ANT_RESETBOPASSWORD_LIMIT', 7); // day + Configuration::updateValue('ANT_RESETBOPASSWORD_DATE', date('Y-m-d H:i:s')); // last date of updating + + return true; + } + + public function uninstall() + { + + if(parent::uninstall() == false) { + return false; + } + + Db::getInstance()->execute('ALTER TABLE `'._DB_PREFIX_.'employee` ADD `date_passwd_upd` DATETIME DEFAULT "'.pSQL(date("Y-m-d H:i:s")).'"'); + Configuration::deleteByName('ANT_RESETBOPASSWORD_FREQ'); + Configuration::deleteByName('ANT_RESETBOPASSWORD_LIMIT'); + Configuration::deleteByName('ANT_RESETBOPASSWORD_DATE'); + + return true; + } + + public function getContent() + { + global $cookie, $currentIndex; + + if(Tools::isSubmit('submitUpdate')) { + Configuration::updateValue('ANT_RESETBOPASSWORD_FREQ', Tools::getValue('frequency')); + Configuration::updateValue('ANT_RESETBOPASSWORD_LIMIT', Tools::getValue('limit')); + } + + $helper = new HelperFormBootstrap(); + $this->_html .= $helper->renderStyle(); + $this->_html .= ' +
+
+
+
+

'.$this->l('Reset Bo Password - Configurations').'

+
+
+
+ +
'; + $input = array( + 'type' => 'textAddon', + 'label' => $this->l('Frequency :'), + 'lang' => true, + 'name' => 'frequency', + 'id' => 'frequency', + 'required' => true, + 'after' => $this->l('Months'), + 'help' => $this->l('Mail sending frequency'), + 'default' => Configuration::get('ANT_RESETBOPASSWORD_FREQ') + ); + $this->_html .= $helper->generateInput($input); + $this->_html .= '
'; + + $input = array( + 'type' => 'textAddon', + 'label' => $this->l('Limit :'), + 'lang' => true, + 'name' => 'limit', + 'id' => 'limit', + 'required' => true, + 'after' => $this->l('Days'), + 'help' => $this->l('Nb of day limited to change the password'), + 'default' => Configuration::get('ANT_RESETBOPASSWORD_LIMIT') + ); + $this->_html .= $helper->generateInput($input); + $this->_html .= '
'; + + $this->_html .=' +
+
+
+
+ +
+ +
+
+
+
'; + $this->_html .= $helper->renderScript(); + return $this->_html; + } + + public function hookAnt_Initadmin($params) + { + $now = new Datetime("now"); + $date_passwd_upd = new Datetime($params['employee']->date_passwd_upd); + $updated_date_send = new Datetime(Configuration::get('ANT_RESETBOPASSWORD_DATE')); + $limit = (int)Configuration::get('ANT_RESETBOPASSWORD_LIMIT'); + $limit_day = $day_limit = $limit>1?$limit.' days':'1 day'; + $date_send = $updated_date_send; + $date_send->modify("+".$limit_day.""); + $now->modify("-".$limit_day.""); + if($now > $date_send && $date_passwd_upd < $updated_date_send){ + $destination = substr($_SERVER['REQUEST_URI'], strlen(dirname($_SERVER['SCRIPT_NAME'])) + 1); + Tools::redirectAdmin('resetpasswd.php'.(empty($destination) || ($destination == 'index.php?logout') ? '' : '?redirect='.$destination)); + } + return true; + } +} diff --git a/modules/ant_resetbopassword/cron.php b/modules/ant_resetbopassword/cron.php new file mode 100644 index 00000000..9a71eec9 --- /dev/null +++ b/modules/ant_resetbopassword/cron.php @@ -0,0 +1,66 @@ +1?'+'.$frequency.' months':'+1 month'; +$last_sent->modify($intervale); + +if($now >= $last_sent){ + + $employees = Db::getInstance()->ExecuteS(' + SELECT `id_employee`, CONCAT(`firstname`, \' \', `lastname`) AS "name", email + FROM `'._DB_PREFIX_.'employee` + WHERE `active` = 1 + ORDER BY `email` + '); + foreach ($employees as $key => $employee) { + $data = array( + '{limit}' => (int)$limit, + '{employee}' => $employee['name'], + ); + Mail::Send(2, 'resetpassword', 'Sécurité Prestashop', $data, $employee['email']); + } + Configuration::updateValue('ANT_RESETBOPASSWORD_DATE', date('Y-m-d H:i:s')); +} + + +// Resending ! +$reset_link = __PS_BASE_URI__.'adm/resetpasswd.php'; +$updated_date_send = new Datetime(Configuration::get('ANT_RESETBOPASSWORD_DATE')); +$sending_date = $updated_date_send; + +$day_limit = $limit>1?'+'.$limit.' days':'+1 day'; +$updated_date_send->modify($day_limit); + +$employees = Db::getInstance()->ExecuteS(' + SELECT `id_employee`, CONCAT(`firstname`, \' \', `lastname`) AS "name", `email`, `date_passwd_upd` + FROM `'._DB_PREFIX_.'employee` + WHERE `active` = 1 AND + ORDER BY `email` +'); +foreach ($employees as $key => $employee) { + $date_passwd_upd = new Datetime($employee['date_passwd_upd']); + if($now > $updated_date_send && $date_passwd_upd < $sending_date){ + $data = array( + '{limit}' => (int)$limit, + '{employee}' => $employee['name'], + '{reset_link}' => $reset_link, + ); + Mail::Send(2, 'resetpassword_2', 'Sécurité Prestashop', $data, $employee['email']); + } +} + +exit; diff --git a/override/classes/Employee.php b/override/classes/Employee.php index 52c8a666..638913e8 100644 --- a/override/classes/Employee.php +++ b/override/classes/Employee.php @@ -1,6 +1,37 @@ id_profile; + $fields['id_lang'] = (int)$this->id_lang; + $fields['lastname'] = pSQL($this->lastname); + $fields['firstname'] = pSQL(Tools::ucfirst($this->firstname)); + $fields['email'] = pSQL($this->email); + $fields['passwd'] = pSQL($this->passwd); + $fields['last_passwd_gen'] = pSQL($this->last_passwd_gen); + $fields['date_passwd_upd'] = pSQL($this->date_passwd_upd); + + if (empty($this->stats_date_from)) + $this->stats_date_from = date('Y-m-d 00:00:00'); + $fields['stats_date_from'] = pSQL($this->stats_date_from); + + if (empty($this->stats_date_to)) + $this->stats_date_to = date('Y-m-d 23:59:59'); + $fields['stats_date_to'] = pSQL($this->stats_date_to); + + $fields['bo_color'] = pSQL($this->bo_color); + $fields['bo_theme'] = pSQL($this->bo_theme); + $fields['bo_uimode'] = pSQL($this->bo_uimode); + $fields['bo_show_screencast'] = (int)$this->bo_show_screencast; + $fields['active'] = (int)$this->active; + + return $fields; + } public static function getEmployeesByProfile($id_profiles=array()) { @@ -12,4 +43,18 @@ class Employee extends EmployeeCore { ORDER BY `email`'); } + public function update($nullValues = false) + { + $result = parent::update($nullValues); + + if(isset($_POST['passwd']) && $_POST['passwd']!==null && $result){ + Db::getInstance()->ExecuteS(' + UPDATE `'._DB_PREFIX_.'employee` + SET `date_passwd_upd` = "'.pSQL(date('Y-m-d H:i:s')).'" + WHERE `id_employee` = '.(int)$this->id.' + '); + } + return $result; + } + } \ No newline at end of file