From d931f7f081b360fc188fa8dabf0b62c1f7b6ced3 Mon Sep 17 00:00:00 2001
From: Michael RICOIS <ricois@antadis.com>
Date: Fri, 2 Mar 2018 16:27:52 +0100
Subject: [PATCH] Exclude Sensefuel bot

---
 controllers/PasswordController.php | 127 +++++++++++++++--------------
 1 file changed, 67 insertions(+), 60 deletions(-)

diff --git a/controllers/PasswordController.php b/controllers/PasswordController.php
index 204b3380..c3d849da 100755
--- a/controllers/PasswordController.php
+++ b/controllers/PasswordController.php
@@ -1,6 +1,6 @@
 <?php
 /*
-* 2007-2011 PrestaShop 
+* 2007-2011 PrestaShop
 *
 * NOTICE OF LICENSE
 *
@@ -35,71 +35,78 @@ class PasswordControllerCore extends FrontController
 	{
 		parent::process();
 
-		if (Tools::isSubmit('email'))
-		{
-			if (!($email = Tools::getValue('email')) OR !Validate::isEmail($email))
-				$this->errors[] = Tools::displayError('Invalid e-mail address');
-			else
-			{
-				$customer = new Customer();
-				$customer->getByemail($email);
-				if (!Validate::isLoadedObject($customer))
-					$this->errors[] = Tools::displayError('There is no account registered to this e-mail address.');
-				else
-				{
-					if ((strtotime($customer->last_passwd_gen.'+'.(int)($min_time = Configuration::get('PS_PASSWD_TIME_FRONT')).' minutes') - time()) > 0)
-						$this->errors[] = Tools::displayError('You can regenerate your password only every').' '.(int)($min_time).' '.Tools::displayError('minute(s)');
-					else
-					{	
-						if (Mail::Send((int)(self::$cookie->id_lang), 'password_query', Mail::l('Password query confirmation'), 
-						array('{email}' => $customer->email, 
-							  '{lastname}' => $customer->lastname, 
-							  '{firstname}' => $customer->firstname,
-							  '{url}' => self::$link->getPageLink('password.php', true).'?token='.$customer->secure_key.'&id_customer='.(int)$customer->id),
-						$customer->email, 
-						$customer->firstname.' '.$customer->lastname))
-							self::$smarty->assign(array('confirmation' => 2, 'email' => $customer->email));
-						else
-							$this->errors[] = Tools::displayError('Error occurred when sending the e-mail.');
-					}
-				}
-			}
+		// Check User Agent - no bot
+		$userAgent = $_SERVER['HTTP_USER_AGENT'];
+		if (strstr(strtolower($userAgent), 'bot')) {
+			$this->errors[] = Tools::displayError("Who are you ?");
 		}
-		elseif (($token = Tools::getValue('token')) && ($id_customer = (int)(Tools::getValue('id_customer'))))
-		{
-			$email = Db::getInstance()->getValue('SELECT `email` FROM '._DB_PREFIX_.'customer c WHERE c.`secure_key` = \''.pSQL($token).'\' AND c.id_customer = '.(int)$id_customer);
-			if ($email)
-			{
-				$customer = new Customer();
-				$customer->getByemail($email);
-				if ((strtotime($customer->last_passwd_gen.'+'.(int)($min_time = Configuration::get('PS_PASSWD_TIME_FRONT')).' minutes') - time()) > 0)
-					Tools::redirect('authentication.php?error_regen_pwd');
-				else
-				{
-					$customer->passwd = Tools::encrypt($password = Tools::passwdGen((int)MIN_PASSWD_LENGTH,'RANDOM'));
-					$customer->last_passwd_gen = date('Y-m-d H:i:s', time());
-					if ($customer->update())
-					{
-						if (Mail::Send((int)(self::$cookie->id_lang), 'password', Mail::l('Your password'), 
-						array('{email}' => $customer->email, 
-							  '{lastname}' => $customer->lastname, 
-							  '{firstname}' => $customer->firstname, 
-							  '{passwd}' => $password), 
-						$customer->email, 
-						$customer->firstname.' '.$customer->lastname)) 
-							self::$smarty->assign(array('confirmation' => 1, 'email' => $customer->email));
-						else
-							$this->errors[] = Tools::displayError('Error occurred when sending the e-mail.');
+		
+		if (empty($this->errors)) {
+			if (Tools::isSubmit('email')) {
+				if (!($email = Tools::getValue('email')) OR !Validate::isEmail($email)) {
+					$this->errors[] = Tools::displayError('Invalid e-mail address');
+				}
+				else {
+					$customer = new Customer();
+					$customer->getByemail($email);
+					if (!Validate::isLoadedObject($customer)) {
+						$this->errors[] = Tools::displayError('There is no account registered to this e-mail address.');
+					}
+					else {
+						if ((strtotime($customer->last_passwd_gen.'+'.(int)($min_time = Configuration::get('PS_PASSWD_TIME_FRONT')).' minutes') - time()) > 0) {
+							$this->errors[] = Tools::displayError('You can regenerate your password only every').' '.(int)($min_time).' '.Tools::displayError('minute(s)');
+						}
+						else {
+							if (Mail::Send((int)(self::$cookie->id_lang), 'password_query', Mail::l('Password query confirmation'),
+							array('{email}' => $customer->email,
+								  '{lastname}' => $customer->lastname,
+								  '{firstname}' => $customer->firstname,
+								  '{url}' => self::$link->getPageLink('password.php', true).'?token='.$customer->secure_key.'&id_customer='.(int)$customer->id),
+							$customer->email,
+							$customer->firstname.' '.$customer->lastname))
+								self::$smarty->assign(array('confirmation' => 2, 'email' => $customer->email));
+							else
+								$this->errors[] = Tools::displayError('Error occurred when sending the e-mail.');
+						}
 					}
-					else
-						$this->errors[] = Tools::displayError('An error occurred with your account and your new password cannot be sent to your e-mail. Please report your problem using the contact form.');
 				}
 			}
-			else
+			elseif (($token = Tools::getValue('token')) && ($id_customer = (int)(Tools::getValue('id_customer')))) {
+				$email = Db::getInstance()->getValue('SELECT `email` FROM '._DB_PREFIX_.'customer c WHERE c.`secure_key` = \''.pSQL($token).'\' AND c.id_customer = '.(int)$id_customer);
+				if ($email) {
+					$customer = new Customer();
+					$customer->getByemail($email);
+					if ((strtotime($customer->last_passwd_gen.'+'.(int)($min_time = Configuration::get('PS_PASSWD_TIME_FRONT')).' minutes') - time()) > 0) {
+						Tools::redirect('authentication.php?error_regen_pwd');
+					}
+					else {
+						$customer->passwd = Tools::encrypt($password = Tools::passwdGen((int)MIN_PASSWD_LENGTH,'RANDOM'));
+						$customer->last_passwd_gen = date('Y-m-d H:i:s', time());
+						if ($customer->update())
+						{
+							if (Mail::Send((int)(self::$cookie->id_lang), 'password', Mail::l('Your password'),
+							array('{email}' => $customer->email,
+								  '{lastname}' => $customer->lastname,
+								  '{firstname}' => $customer->firstname,
+								  '{passwd}' => $password),
+							$customer->email,
+							$customer->firstname.' '.$customer->lastname))
+								self::$smarty->assign(array('confirmation' => 1, 'email' => $customer->email));
+							else
+								$this->errors[] = Tools::displayError('Error occurred when sending the e-mail.');
+						}
+						else
+							$this->errors[] = Tools::displayError('An error occurred with your account and your new password cannot be sent to your e-mail. Please report your problem using the contact form.');
+					}
+				}
+				else {
+					$this->errors[] = Tools::displayError('We cannot regenerate your password with the data you submitted');
+				}
+			}
+			elseif (($token = Tools::getValue('token')) || ($id_customer = Tools::getValue('id_customer'))) {
 				$this->errors[] = Tools::displayError('We cannot regenerate your password with the data you submitted');
+			}
 		}
-		elseif (($token = Tools::getValue('token')) || ($id_customer = Tools::getValue('id_customer')))
-			$this->errors[] = Tools::displayError('We cannot regenerate your password with the data you submitted');
 	}
 	
 	public function displayContent()