From d8c2c369c9d81051666462efc27acd6f80214631 Mon Sep 17 00:00:00 2001 From: Marion Muszynski Date: Mon, 18 Sep 2017 11:00:12 +0200 Subject: [PATCH] reset password --- adm/init.php | 9 +- adm/resetpasswd.php | 219 ++++++++++++++++++ .../ant_resetbopassword.php | 16 +- modules/ant_resetbopassword/cron.php | 28 ++- override/classes/Employee.php | 35 ++- 5 files changed, 292 insertions(+), 15 deletions(-) create mode 100644 adm/resetpasswd.php diff --git a/adm/init.php b/adm/init.php index 2a696538..fe466056 100755 --- a/adm/init.php +++ b/adm/init.php @@ -1,6 +1,6 @@ isLoggedBack()) { - + $destination = substr($_SERVER['REQUEST_URI'], strlen(dirname($_SERVER['SCRIPT_NAME'])) + 1); Tools::redirectAdmin('login.php'.(empty($destination) || ($destination == 'index.php?logout') ? '' : '?redirect='.$destination)); } @@ -56,6 +56,11 @@ else define('_PS_BASE_URL_SSL_', Tools::getShopDomainSsl(true)); $employee = new Employee((int)$cookie->id_employee); + + /* @Override Antadis - safety reste passaword */ + Module::hookExec('ant_initadmin', array('employee' => $employee)); + /* @End Override Antadis - safety reste passaword */ + $cookie->profile = $employee->id_profile; $cookie->id_lang = (int)$employee->id_lang; $iso = strtolower(Language::getIsoById($cookie->id_lang ? $cookie->id_lang : Configuration::get('PS_LANG_DEFAULT'))); diff --git a/adm/resetpasswd.php b/adm/resetpasswd.php new file mode 100644 index 00000000..d809f8f3 --- /dev/null +++ b/adm/resetpasswd.php @@ -0,0 +1,219 @@ + +* @copyright 2007-2011 PrestaShop SA +* @version Release: $Revision: 9346 $ +* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) +* International Registered Trademark & Property of PrestaShop SA +*/ + +ob_start(); +define('PS_ADMIN_DIR', getcwd()); + +include(PS_ADMIN_DIR.'/../config/config.inc.php'); +include(PS_ADMIN_DIR.'/functions.php'); +$clientIsMaintenanceOrLocal = in_array(Tools::getRemoteAddr(), array_merge(array('127.0.0.1'),explode(',', Configuration::get('PS_MAINTENANCE_IP')))); + +$errors = array(); + +if ((empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) == 'off') + AND Configuration::get('PS_SSL_ENABLED')) +{ + // You can uncomment theses lines if you want to force https even from localhost and automatically redirect + // header('HTTP/1.1 301 Moved Permanently'); + // header('Location: '.Tools::getShopDomainSsl(true).$_SERVER['REQUEST_URI']); + // exit(); + + // If ssl is enabled, https protocol is required. Exception for maintenance and local (127.0.0.1) IP + if ($clientIsMaintenanceOrLocal) + $errors[] = translate('SSL is activated. However, your IP is allowed to use unsecure mode (Maintenance or local IP).').'
'; + else + $warningSslMessage = translate('SSL is activated. Please connect using the following url to log in in secure mode (https).') + .'

https://'.Tools::getServerName().Tools::safeOutput($_SERVER['REQUEST_URI']).''; +} + +$timerStart = microtime(true); + +$currentFileName = array_reverse(explode("/", $_SERVER['SCRIPT_NAME'])); +$cookieLifetime = (time() + (((int)Configuration::get('PS_COOKIE_LIFETIME_BO') > 0 ? (int)Configuration::get('PS_COOKIE_LIFETIME_BO') : 1)* 3600)); +$cookie = new Cookie('psAdmin', substr($_SERVER['SCRIPT_NAME'], strlen(__PS_BASE_URI__), -strlen($currentFileName['0'])), $cookieLifetime); + +if (!isset($cookie->id_lang)) + $cookie->id_lang = Configuration::get('PS_LANG_DEFAULT'); +$iso = strtolower(Language::getIsoById((int)($cookie->id_lang))); +include(_PS_TRANSLATIONS_DIR_.$iso.'/admin.php'); +include(_PS_TRANSLATIONS_DIR_.$iso.'/errors.php'); + +if($cookie->isLoggedBack){ + $cookie->logout(); +} + +/* Cookie creation and redirection */ +if (Tools::isSubmit('Submit')) +{ + /* Check fields validity */ + $passwd = trim(Tools::getValue('passwd')); + $passwd_conf = trim(Tools::getValue('passwd_conf')); + $email = trim(Tools::getValue('email')); + if (empty($email)) { + $errors[] = Tools::displayError('E-mail is empty'); + } + elseif (!Validate::isEmail($email)) { + $errors[] = Tools::displayError('Invalid e-mail address'); + } + elseif (empty($passwd) || empty($passwd_conf)) { + $errors[] = Tools::displayError('Password is blank'); + } + elseif (!Validate::isPasswd($passwd) || !Validate::isPasswd($passwd_conf)) { + $errors[] = Tools::displayError('Invalid password'); + } + elseif ($passwd!==$passwd_conf) { + $errors[] = Tools::displayError('Confirmation password different from password'); + } + else + { + /* Seeking for employee */ + $employee = new Employee(); + $employee = $employee->getByemail($email); + if (!$employee) + { + $errors[] = Tools::displayError('Employee does not exist or password is incorrect.'); + $cookie->logout(); + } + else + { + $_employee = $employee->getByemail($email,$passwd); + if($_employee){ + $errors[] = Tools::displayError('You have to change your password'); + } else { + $employee->passwd = Tools::encrypt($passwd); + if($employee->update()){ + /* Creating cookie */ + $cookie->id_employee = $employee->id; + $cookie->email = $employee->email; + $cookie->profile = $employee->id_profile; + $cookie->passwd = $employee->passwd; + $cookie->remote_addr = ip2long(Tools::getRemoteAddr()); + $cookie->write(); + /* Redirect to admin panel */ + if (isset($_GET['redirect'])) + $url = strval($_GET['redirect'].(isset($_GET['token']) ? ('&token='.$_GET['token']) : '')); + else + $url = 'index.php'; + if (!Validate::isCleanHtml($url)){ + die(Tools::displayError()); + } + echo ' + + + + +
'.translate('Click here to launch Administration panel').'
+ + '; + exit ; + } else { + $errors[] = Tools::displayError('An error occured during the updating'); + } + } + } + } +} + +echo ' + + + + + PrestaShop™ - '.translate('Administration panel').''; +echo ' + + +
'; + +if ($nbErrors = sizeof($errors)) +{ + echo ' +
+

'.($nbErrors > 1 ? translate('There are') : translate('There is')).' '.$nbErrors.' '.($nbErrors > 1 ? translate('errors') : translate('error')).'

+
    '; + foreach ($errors AS $error) + echo '
  1. '.$error.'
    2. '; + echo ' +
+
+
'; +} + +echo ' +
+

'.Tools::htmlentitiesUTF8(Configuration::get('PS_SHOP_NAME')).'

+

'.translate('It\'s time to change your password').'

+
'; + +$randomNb = rand(100, 999); +if (file_exists(PS_ADMIN_DIR.'/../install') OR file_exists(PS_ADMIN_DIR.'/../admin')) +{ + echo ' '.translate('For security reasons, you cannot connect to the Back Office until after you have:').'

+ - '.translate('delete the /install folder').'
+ - '.translate('renamed the /admin folder (eg. ').'/admin'.$randomNb.')
+
'.translate('Please then access this page by the new url (eg. http://www.domain.tld/admin').$randomNb.')'; +} +else +{ + // If https enabled, we force it except if you try to log in from maintenance or local ip + if ( (empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) == 'off') + AND ( Configuration::get('PS_SSL_ENABLED') AND !$clientIsMaintenanceOrLocal) + ) + echo '
'.$warningSslMessage.'
'; + else + echo ' +
+ +
+
+ +
+
+
+ +
+
+
+
+ '; +} +?> + + +
+

© Copyright by PrestaShop. all rights reserved.

+
+ +'; diff --git a/modules/ant_resetbopassword/ant_resetbopassword.php b/modules/ant_resetbopassword/ant_resetbopassword.php index ba06a1b9..5d5ce685 100644 --- a/modules/ant_resetbopassword/ant_resetbopassword.php +++ b/modules/ant_resetbopassword/ant_resetbopassword.php @@ -117,8 +117,20 @@ class Ant_Resetbopassword extends Module return $this->_html; } - public function hookObjectEmployeeUpdateAfter($params) + public function hookAnt_Initadmin($params) { - + $now = new Datetime("now"); + $date_passwd_upd = new Datetime($params['employee']->date_passwd_upd); + $updated_date_send = new Datetime(Configuration::get('ANT_RESETBOPASSWORD_DATE')); + $limit = (int)Configuration::get('ANT_RESETBOPASSWORD_LIMIT'); + $limit_day = $day_limit = $limit>1?$limit.' days':'1 day'; + $date_send = $updated_date_send; + $date_send->modify("+".$limit_day.""); + $now->modify("-".$limit_day.""); + if($now > $date_send && $date_passwd_upd < $updated_date_send){ + $destination = substr($_SERVER['REQUEST_URI'], strlen(dirname($_SERVER['SCRIPT_NAME'])) + 1); + Tools::redirectAdmin('resetpasswd.php'.(empty($destination) || ($destination == 'index.php?logout') ? '' : '?redirect='.$destination)); + } + return true; } } diff --git a/modules/ant_resetbopassword/cron.php b/modules/ant_resetbopassword/cron.php index 67ec2e9c..5b3b0296 100644 --- a/modules/ant_resetbopassword/cron.php +++ b/modules/ant_resetbopassword/cron.php @@ -10,11 +10,15 @@ $sending_date = Configuration::get('ANT_RESETBOPASSWORD_DATE'); $frequency = Configuration::get('ANT_RESETBOPASSWORD_FREQ'); $limit = Configuration::get('ANT_RESETBOPASSWORD_LIMIT'); -$now = new Datetime(); -$last_sent = new Datetime($sending_date); -$diff = $now->diff($last_sent); +// First sending -if($diff->format("")>=(int)$frequency){ +$now = new Datetime("now"); +$last_sent = new Datetime($sending_date); + +$intervale = (int)$frequency>1?'+'.$frequency.' months':'+1 month'; +$last_sent->modify($intervale); + +if($now >= $last_sent){ $employees = Db::getInstance()->ExecuteS(' SELECT `id_employee`, CONCAT(`firstname`, \' \', `lastname`) AS "name", email @@ -25,22 +29,28 @@ if($diff->format("")>=(int)$frequency){ foreach ($employees as $key => $employee) { // sending email } - Configuration::updateValue('ANT_RESETBOPASSWORD_DATE', date('Y-m-d H:i:s')); } + +// Resending ! + +$updated_date_send = new Datetime(Configuration::get('ANT_RESETBOPASSWORD_DATE')); +$sending_date = $updated_date_send; + +$day_limit = $limit>1?'+'.$limit.' days':'+1 day'; +$updated_date_send->modify($day_limit); + $employees = Db::getInstance()->ExecuteS(' SELECT `id_employee`, CONCAT(`firstname`, \' \', `lastname`) AS "name", `email`, `date_passwd_upd` FROM `'._DB_PREFIX_.'employee` WHERE `active` = 1 AND ORDER BY `email` '); - foreach ($employees as $key => $employee) { $date_passwd_upd = new Datetime($employee['date_passwd_upd']); - $diff_limit = $now->diff($date_passwd_upd); - if($diff->format("%D")>=(int)$limit){ - // resending a mail + if($now > $updated_date_send && $date_passwd_upd < $sending_date){ + // resending an email } } diff --git a/override/classes/Employee.php b/override/classes/Employee.php index 6c4c25e7..638913e8 100644 --- a/override/classes/Employee.php +++ b/override/classes/Employee.php @@ -1,6 +1,37 @@ id_profile; + $fields['id_lang'] = (int)$this->id_lang; + $fields['lastname'] = pSQL($this->lastname); + $fields['firstname'] = pSQL(Tools::ucfirst($this->firstname)); + $fields['email'] = pSQL($this->email); + $fields['passwd'] = pSQL($this->passwd); + $fields['last_passwd_gen'] = pSQL($this->last_passwd_gen); + $fields['date_passwd_upd'] = pSQL($this->date_passwd_upd); + + if (empty($this->stats_date_from)) + $this->stats_date_from = date('Y-m-d 00:00:00'); + $fields['stats_date_from'] = pSQL($this->stats_date_from); + + if (empty($this->stats_date_to)) + $this->stats_date_to = date('Y-m-d 23:59:59'); + $fields['stats_date_to'] = pSQL($this->stats_date_to); + + $fields['bo_color'] = pSQL($this->bo_color); + $fields['bo_theme'] = pSQL($this->bo_theme); + $fields['bo_uimode'] = pSQL($this->bo_uimode); + $fields['bo_show_screencast'] = (int)$this->bo_show_screencast; + $fields['active'] = (int)$this->active; + + return $fields; + } public static function getEmployeesByProfile($id_profiles=array()) { @@ -14,9 +45,9 @@ class Employee extends EmployeeCore { public function update($nullValues = false) { - $result = parent::update(); + $result = parent::update($nullValues); - if($_POST('passwd')!==null && $result){ + if(isset($_POST['passwd']) && $_POST['passwd']!==null && $result){ Db::getInstance()->ExecuteS(' UPDATE `'._DB_PREFIX_.'employee` SET `date_passwd_upd` = "'.pSQL(date('Y-m-d H:i:s')).'"