* @copyright 2007-2011 PrestaShop SA
* @version Release: $Revision: 9346 $
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
* International Registered Trademark & Property of PrestaShop SA
*/
ob_start();
define('PS_ADMIN_DIR', getcwd());
include(PS_ADMIN_DIR.'/../config/config.inc.php');
include(PS_ADMIN_DIR.'/functions.php');
$clientIsMaintenanceOrLocal = in_array(Tools::getRemoteAddr(), array_merge(array('127.0.0.1'),explode(',', Configuration::get('PS_MAINTENANCE_IP'))));
$errors = array();
if ((empty($_SERVER['HTTPS']) OR strtolower($_SERVER['HTTPS']) == 'off')
AND Configuration::get('PS_SSL_ENABLED'))
{
// You can uncomment theses lines if you want to force https even from localhost and automatically redirect
// header('HTTP/1.1 301 Moved Permanently');
// header('Location: '.Tools::getShopDomainSsl(true).$_SERVER['REQUEST_URI']);
// exit();
// If ssl is enabled, https protocol is required. Exception for maintenance and local (127.0.0.1) IP
if ($clientIsMaintenanceOrLocal)
$errors[] = translate('SSL is activated. However, your IP is allowed to use unsecure mode (Maintenance or local IP).').' ';
else
$warningSslMessage = translate('SSL is activated. Please connect using the following url to log in in secure mode (https).')
.'
https://'.Tools::getServerName().Tools::safeOutput($_SERVER['REQUEST_URI']).'';
}
$timerStart = microtime(true);
$currentFileName = array_reverse(explode("/", $_SERVER['SCRIPT_NAME']));
$cookieLifetime = (time() + (((int)Configuration::get('PS_COOKIE_LIFETIME_BO') > 0 ? (int)Configuration::get('PS_COOKIE_LIFETIME_BO') : 1)* 3600));
$cookie = new Cookie('psAdmin', substr($_SERVER['SCRIPT_NAME'], strlen(__PS_BASE_URI__), -strlen($currentFileName['0'])), $cookieLifetime);
if (!isset($cookie->id_lang))
$cookie->id_lang = Configuration::get('PS_LANG_DEFAULT');
$iso = strtolower(Language::getIsoById((int)($cookie->id_lang)));
include(_PS_TRANSLATIONS_DIR_.$iso.'/admin.php');
include(_PS_TRANSLATIONS_DIR_.$iso.'/errors.php');
if($cookie->isLoggedBack){
$cookie->logout();
}
/* Cookie creation and redirection */
if (Tools::isSubmit('Submit'))
{
/* Check fields validity */
$passwd = trim(Tools::getValue('passwd'));
$passwd_conf = trim(Tools::getValue('passwd_conf'));
$email = trim(Tools::getValue('email'));
if (empty($email)) {
$errors[] = Tools::displayError('E-mail is empty');
}
elseif (!Validate::isEmail($email)) {
$errors[] = Tools::displayError('Invalid e-mail address');
}
elseif (empty($passwd) || empty($passwd_conf)) {
$errors[] = Tools::displayError('Password is blank');
}
elseif (!Validate::isPasswd($passwd) || !Validate::isPasswd($passwd_conf)) {
$errors[] = Tools::displayError('Invalid password');
}
elseif ($passwd!==$passwd_conf) {
$errors[] = Tools::displayError('Confirmation password different from password');
}
else
{
/* Seeking for employee */
$employee = new Employee();
$employee = $employee->getByemail($email);
if (!$employee)
{
$errors[] = Tools::displayError('Employee does not exist or password is incorrect.');
$cookie->logout();
}
else
{
$_employee = $employee->getByemail($email,$passwd);
if($_employee){
$errors[] = Tools::displayError('You have to change your password');
} else {
$employee->passwd = Tools::encrypt($passwd);
if($employee->update()){
/* Creating cookie */
$cookie->id_employee = $employee->id;
$cookie->email = $employee->email;
$cookie->profile = $employee->id_profile;
$cookie->passwd = $employee->passwd;
$cookie->remote_addr = ip2long(Tools::getRemoteAddr());
$cookie->write();
/* Redirect to admin panel */
if (isset($_GET['redirect']))
$url = strval($_GET['redirect'].(isset($_GET['token']) ? ('&token='.$_GET['token']) : ''));
else
$url = 'index.php';
if (!Validate::isCleanHtml($url)){
die(Tools::displayError());
}
echo '