antadis/bebeboutik
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

reset password

Browse Source
This commit is contained in:
Marion Muszynski 2017-09-18 11:00:12 +02:00
parent a76dd668fe
commit d8c2c369c9
5 changed files with 292 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
adm/init.php
View File

@ -1,6 +1,6 @@
<?php
/*
* 2007-2011 PrestaShop
* 2007-2011 PrestaShop
*
* NOTICE OF LICENSE
*
@ -37,7 +37,7 @@ if (isset($_GET['logout']))
if (!$cookie->isLoggedBack())
{
$destination = substr($_SERVER['REQUEST_URI'], strlen(dirname($_SERVER['SCRIPT_NAME'])) + 1);
Tools::redirectAdmin('login.php'.(empty($destination) || ($destination == 'index.php?logout') ? '' : '?redirect='.$destination));
}
@ -56,6 +56,11 @@ else
define('_PS_BASE_URL_SSL_', Tools::getShopDomainSsl(true));
$employee = new Employee((int)$cookie->id_employee);
/* @Override Antadis - safety reste passaword */
Module::hookExec('ant_initadmin', array('employee' => $employee));
/* @End Override Antadis - safety reste passaword */
$cookie->profile = $employee->id_profile;
$cookie->id_lang = (int)$employee->id_lang;
$iso = strtolower(Language::getIsoById($cookie->id_lang ? $cookie->id_lang : Configuration::get('PS_LANG_DEFAULT')));

219
adm/resetpasswd.php Normal file
View File

@ -0,0 +1,219 @@
<?php
/*
* 2007-2011 PrestaShop
*
* NOTICE OF LICENSE
*
* This source file is subject to the Open Software License (OSL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/osl-3.0.php
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@prestashop.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade PrestaShop to newer
* versions in the future. If you wish to customize PrestaShop for your
* needs please refer to http://www.prestashop.com for more information.
*
* @author PrestaShop SA <contact@prestashop.com>
* @copyright 2007-2011 PrestaShop SA
* @version Release: $Revision: 9346 $
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
* International Registered Trademark & Property of PrestaShop SA
*/
ob_start();
define('PS_ADMIN_DIR', getcwd());
include(PS_ADMIN_DIR.'/../config/config.inc.php');
include(PS_ADMIN_DIR.'/functions.php');
$clientIsMaintenanceOrLocal = in_array(Tools::getRemoteAddr(), array_merge(array('127.0.0.1'),explode(',', Configuration::get('PS_MAINTENANCE_IP'))));
$errors = array();
if ((empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) == 'off')
AND Configuration::get('PS_SSL_ENABLED'))
{
// You can uncomment theses lines if you want to force https even from localhost and automatically redirect
// header('HTTP/1.1 301 Moved Permanently');
// header('Location: '.Tools::getShopDomainSsl(true).$_SERVER['REQUEST_URI']);
// exit();
// If ssl is enabled, https protocol is required. Exception for maintenance and local (127.0.0.1) IP
if ($clientIsMaintenanceOrLocal)
$errors[] = translate('SSL is activated. However, your IP is allowed to use unsecure mode (Maintenance or local IP).').'<br/>';
else
$warningSslMessage = translate('SSL is activated. Please connect using the following url to log in in secure mode (https).')
.'<br/><br/><a href="https://'.Tools::getServerName().Tools::safeOutput($_SERVER['REQUEST_URI']).'">https://'.Tools::getServerName().Tools::safeOutput($_SERVER['REQUEST_URI']).'</a>';
}
$timerStart = microtime(true);
$currentFileName = array_reverse(explode("/", $_SERVER['SCRIPT_NAME']));
$cookieLifetime = (time() + (((int)Configuration::get('PS_COOKIE_LIFETIME_BO') > 0 ? (int)Configuration::get('PS_COOKIE_LIFETIME_BO') : 1)* 3600));
$cookie = new Cookie('psAdmin', substr($_SERVER['SCRIPT_NAME'], strlen(__PS_BASE_URI__), -strlen($currentFileName['0'])), $cookieLifetime);
if (!isset($cookie->id_lang))
$cookie->id_lang = Configuration::get('PS_LANG_DEFAULT');
$iso = strtolower(Language::getIsoById((int)($cookie->id_lang)));
include(_PS_TRANSLATIONS_DIR_.$iso.'/admin.php');
include(_PS_TRANSLATIONS_DIR_.$iso.'/errors.php');
if($cookie->isLoggedBack){
$cookie->logout();
}
/* Cookie creation and redirection */
if (Tools::isSubmit('Submit'))
{
/* Check fields validity */
$passwd = trim(Tools::getValue('passwd'));
$passwd_conf = trim(Tools::getValue('passwd_conf'));
$email = trim(Tools::getValue('email'));
if (empty($email)) {
$errors[] = Tools::displayError('E-mail is empty');
}
elseif (!Validate::isEmail($email)) {
$errors[] = Tools::displayError('Invalid e-mail address');
}
elseif (empty($passwd) || empty($passwd_conf)) {
$errors[] = Tools::displayError('Password is blank');
}
elseif (!Validate::isPasswd($passwd) || !Validate::isPasswd($passwd_conf)) {
$errors[] = Tools::displayError('Invalid password');
}
elseif ($passwd!==$passwd_conf) {
$errors[] = Tools::displayError('Confirmation password different from password');
}
else
{
/* Seeking for employee */
$employee = new Employee();
$employee = $employee->getByemail($email);
if (!$employee)
{
$errors[] = Tools::displayError('Employee does not exist or password is incorrect.');
$cookie->logout();
}
else
{
$_employee = $employee->getByemail($email,$passwd);
if($_employee){
$errors[] = Tools::displayError('You have to change your password');
} else {
$employee->passwd = Tools::encrypt($passwd);
if($employee->update()){
/* Creating cookie */
$cookie->id_employee = $employee->id;
$cookie->email = $employee->email;
$cookie->profile = $employee->id_profile;
$cookie->passwd = $employee->passwd;
$cookie->remote_addr = ip2long(Tools::getRemoteAddr());
$cookie->write();
/* Redirect to admin panel */
if (isset($_GET['redirect']))
$url = strval($_GET['redirect'].(isset($_GET['token']) ? ('&token='.$_GET['token']) : ''));
else
$url = 'index.php';
if (!Validate::isCleanHtml($url)){
die(Tools::displayError());
}
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="'.$iso.'" lang="'.$iso.'">
<meta http-equiv="Refresh" content="0;URL='.str_replace('&amp;', '&', Tools::safeOutput($url, true)).'">
<head>
<script language="javascript" type="text/javascript">
window.location.replace("'.str_replace('&amp;', '&', Tools::safeOutput($url, true)).'");
</script>
<div style="text-align:center; margin-top:250px;"><a href="'.str_replace('&amp;', '&', Tools::safeOutput($url, true)).'">'.translate('Click here to launch Administration panel').'</a></div>
</head>
</html>';
exit ;
} else {
$errors[] = Tools::displayError('An error occured during the updating');
}
}
}
}
}
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="'.$iso.'" lang="'.$iso.'">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link type="text/css" rel="stylesheet" href="../css/login.css" />
<title>PrestaShop&trade; - '.translate('Administration panel').'</title>';
echo '
</head>
<body>
<div id="container">';
if ($nbErrors = sizeof($errors))
{
echo '
<div id="error">
<h3>'.($nbErrors > 1 ? translate('There are') : translate('There is')).' '.$nbErrors.' '.($nbErrors > 1 ? translate('errors') : translate('error')).'</h3>
<ol style="margin: 0 0 0 20px;">';
foreach ($errors AS $error)
echo '<li>'.$error.'</li>';
echo '
</ol>
</div>
<br />';
}
echo '
<div id="login">
<h1>'.Tools::htmlentitiesUTF8(Configuration::get('PS_SHOP_NAME')).'</h1>
<p style="text-align:center; margin:0;">'.translate('It\'s time to change your password').'</p>
<form action="'.Tools::htmlentitiesUTF8($_SERVER['REQUEST_URI']).'" method="post">';
$randomNb = rand(100, 999);
if (file_exists(PS_ADMIN_DIR.'/../install') OR file_exists(PS_ADMIN_DIR.'/../admin'))
{
echo ' <span>'.translate('For security reasons, you cannot connect to the Back Office until after you have:').'<br /><br />
- '.translate('delete the /install folder').'<br />
- '.translate('renamed the /admin folder (eg. ').'/admin'.$randomNb.')<br />
<br />'.translate('Please then access this page by the new url (eg. http://www.domain.tld/admin').$randomNb.')</span>';
}
else
{
// If https enabled, we force it except if you try to log in from maintenance or local ip
if ( (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) == 'off')
AND ( Configuration::get('PS_SSL_ENABLED') AND !$clientIsMaintenanceOrLocal)
)
echo '<div class="error">'.$warningSslMessage.'</div>';
else
echo '<label for="email">'.translate('E-mail address:').'</label>
<br />
<input type="text" id="email" name="email" value="'.Tools::safeOutput(Tools::getValue('email')).'" class="input"/>
<div style="margin: 1.8em 0 0 0;">
<label for="passwd">'.translate('New Password:').'</label><br />
<input id="passwd" type="password" name="passwd" class="input" value=""/>
</div>
<div style="margin: 1.8em 0 0 0;">
<label for="passwd_conf">'.translate('Password Conf:').'</label><br />
<input id="passwd_conf" type="password" name="passwd_conf" class="input" value=""/>
</div>
<div>
<div id="submit"><input type="submit" name="Submit" value="'.translate('Update').'" class="button" /></div>
</div>
';
}
?>
<script type="text/javascript">
//<![CDATA[
if (document.getElementById('email')) document.getElementById('email').focus();
//]]>
</script>
<?php
echo '
</form>
</div>
<h2><a href="http://www.prestashop.com">&copy; Copyright by PrestaShop. all rights reserved.</a></h2>
</div>
</body>
</html>';

16
modules/ant_resetbopassword/ant_resetbopassword.php
View File

@ -117,8 +117,20 @@ class Ant_Resetbopassword extends Module
return $this->_html;
}
public function hookObjectEmployeeUpdateAfter($params)
public function hookAnt_Initadmin($params)
{
$now = new Datetime("now");
$date_passwd_upd = new Datetime($params['employee']->date_passwd_upd);
$updated_date_send = new Datetime(Configuration::get('ANT_RESETBOPASSWORD_DATE'));
$limit = (int)Configuration::get('ANT_RESETBOPASSWORD_LIMIT');
$limit_day = $day_limit = $limit>1?$limit.' days':'1 day';
$date_send = $updated_date_send;
$date_send->modify("+".$limit_day."");
$now->modify("-".$limit_day."");
if($now > $date_send && $date_passwd_upd < $updated_date_send){
$destination = substr($_SERVER['REQUEST_URI'], strlen(dirname($_SERVER['SCRIPT_NAME'])) + 1);
Tools::redirectAdmin('resetpasswd.php'.(empty($destination) || ($destination == 'index.php?logout') ? '' : '?redirect='.$destination));
}
return true;
}
}

28
modules/ant_resetbopassword/cron.php
View File

@ -10,11 +10,15 @@ $sending_date = Configuration::get('ANT_RESETBOPASSWORD_DATE');
$frequency = Configuration::get('ANT_RESETBOPASSWORD_FREQ');
$limit = Configuration::get('ANT_RESETBOPASSWORD_LIMIT');
$now = new Datetime();
$last_sent = new Datetime($sending_date);
$diff = $now->diff($last_sent);
// First sending
if($diff->format("")>=(int)$frequency){
$now = new Datetime("now");
$last_sent = new Datetime($sending_date);
$intervale = (int)$frequency>1?'+'.$frequency.' months':'+1 month';
$last_sent->modify($intervale);
if($now >= $last_sent){
$employees = Db::getInstance()->ExecuteS('
SELECT `id_employee`, CONCAT(`firstname`, \' \', `lastname`) AS "name", email
@ -25,22 +29,28 @@ if($diff->format("")>=(int)$frequency){
foreach ($employees as $key => $employee) {
// sending email
}
Configuration::updateValue('ANT_RESETBOPASSWORD_DATE', date('Y-m-d H:i:s'));
}
// Resending !
$updated_date_send = new Datetime(Configuration::get('ANT_RESETBOPASSWORD_DATE'));
$sending_date = $updated_date_send;
$day_limit = $limit>1?'+'.$limit.' days':'+1 day';
$updated_date_send->modify($day_limit);
$employees = Db::getInstance()->ExecuteS('
SELECT `id_employee`, CONCAT(`firstname`, \' \', `lastname`) AS "name", `email`, `date_passwd_upd`
FROM `'._DB_PREFIX_.'employee`
WHERE `active` = 1 AND
ORDER BY `email`
');
foreach ($employees as $key => $employee) {
$date_passwd_upd = new Datetime($employee['date_passwd_upd']);
$diff_limit = $now->diff($date_passwd_upd);
if($diff->format("%D")>=(int)$limit){
// resending a mail
if($now > $updated_date_send && $date_passwd_upd < $sending_date){
// resending an email
}
}

35
override/classes/Employee.php
View File

@ -1,6 +1,37 @@
<?php
class Employee extends EmployeeCore {
public $date_passwd_upd;
public function getFields()
{
parent::validateFields();
$fields['id_profile'] = (int)$this->id_profile;
$fields['id_lang'] = (int)$this->id_lang;
$fields['lastname'] = pSQL($this->lastname);
$fields['firstname'] = pSQL(Tools::ucfirst($this->firstname));
$fields['email'] = pSQL($this->email);
$fields['passwd'] = pSQL($this->passwd);
$fields['last_passwd_gen'] = pSQL($this->last_passwd_gen);
$fields['date_passwd_upd'] = pSQL($this->date_passwd_upd);
if (empty($this->stats_date_from))
$this->stats_date_from = date('Y-m-d 00:00:00');
$fields['stats_date_from'] = pSQL($this->stats_date_from);
if (empty($this->stats_date_to))
$this->stats_date_to = date('Y-m-d 23:59:59');
$fields['stats_date_to'] = pSQL($this->stats_date_to);
$fields['bo_color'] = pSQL($this->bo_color);
$fields['bo_theme'] = pSQL($this->bo_theme);
$fields['bo_uimode'] = pSQL($this->bo_uimode);
$fields['bo_show_screencast'] = (int)$this->bo_show_screencast;
$fields['active'] = (int)$this->active;
return $fields;
}
public static function getEmployeesByProfile($id_profiles=array())
{
@ -14,9 +45,9 @@ class Employee extends EmployeeCore {
public function update($nullValues = false)
{
$result = parent::update();
$result = parent::update($nullValues);
if($_POST('passwd')!==null && $result){
if(isset($_POST['passwd']) && $_POST['passwd']!==null && $result){
Db::getInstance()->ExecuteS('
UPDATE `'._DB_PREFIX_.'employee`
SET `date_passwd_upd` = "'.pSQL(date('Y-m-d H:i:s')).'"