bebeboutik/override/controllers/AuthController.php
2016-04-08 15:31:40 +02:00

342 lines
13 KiB
PHP
Executable File

<?php
class AuthController extends AuthControllerCore {
public function preProcess() {
// We can't run parent::preProcess() here since it would run the authentication process
if(!isset($this->php_self)) {
$this->php_self = strtolower(basename($_SERVER['PHP_SELF']));
}
if($this->php_self == '404.php') {
$page_name = 'page-404';
} else {
if(preg_match('#^'.__PS_BASE_URI__.'modules/([a-zA-Z0-9_-]+?)/([^?]*)(\?(.*))?$#', strtolower($_SERVER['REQUEST_URI']), $m)) {
$page_name = 'module-'.$m[1].'-'.str_replace(array('.php', '/'), array('', '-'), $m[2]);
} else {
$page_name = preg_replace('/\.php$/', '', $this->php_self);
}
}
self::$smarty->assign(array('page_name' => $page_name));
$displayLeft = array(
'page-404', 'address', 'addresses', /*'authentication',*/ 'best-sales',
'breadcrumb', 'category', 'category-cms-tree-branch',
'category-tree-branch', 'cms', 'contact-form', 'discount',
'errors', 'footer', 'guest-tracking', 'header', 'history',
'identity', /*'index',*/ 'maintenance', 'manufacturer',
'manufacturer-list', 'my-account', 'new-products', 'order',
'order-address', 'order-carrier', 'order-confirmation',
'order-detail', 'order-follow', 'order-opc',
'order-opc-new-account', 'order-payment', 'order-return',
'order-slip', 'order-steps', 'pagination', /*'password',*/ 'payment',
'prices-drop', /*'product',*/ 'product-compare', 'product-list',
'products-comparison', 'product-sort', 'restricted-country',
'scenes', 'search', 'shopping-cart', 'shopping-cart-product-line',
'sitemap', 'store_infos', 'stores', 'supplier', 'supplier-list',
'module-privatesales-salechange', 'module-invite-invite-program',
'module-referralprogram-referral-program', 'module-cheque-payment',
'module-bankwire-payment', 'module-invite-invite-rules',
);
if($page_name == 'index') {
global $cookie;
if($cookie->isLogged()) {
$displayLeft[] = 'index';
}
}
$displayRight = array(
/*'page-404', 'address', 'addresses', 'authentication', 'best-sales',
'breadcrumb', 'category', 'category-cms-tree-branch',
'category-tree-branch', 'cms', 'contact-form', 'discount',
'errors', 'footer', 'guest-tracking', 'header', 'history',
'identity', 'index', 'maintenance', 'manufacturer',
'manufacturer-list', 'my-account', 'new-products', 'order',
'order-address', 'order-carrier', 'order-confirmation',
'order-detail', 'order-follow', 'order-opc',
'order-opc-new-account', 'order-payment', 'order-return',
'order-slip', 'order-steps', 'pagination', 'password', 'payment',
'prices-drop', 'product', 'product-compare', 'product-list',
'products-comparison', 'product-sort', 'restricted-country',
'scenes', 'search', 'shopping-cart', 'shopping-cart-product-line',
'sitemap', 'store_infos', 'stores', 'supplier', 'supplier-list',
'module-privatesales-salechange', 'module-invite-invite-program',
'module-referralprogram-referral-program', 'module-cheque-payment',
'module-bankwire-payment', 'module-invite-invite-rules',*/
);
$countCols = count(array_keys($displayLeft + $displayRight, $page_name));
$bodyClass = 'singleCol';
if($countCols == 1) {
$bodyClass = 'doubleCol';
} elseif($countCols == 2) {
$bodyClass = 'tripleCol';
}
self::$smarty->assign(array(
'displayLeft' => $displayLeft,
'displayRight' => $displayRight,
'bodyClass' => $bodyClass,
));
Module::hookExec('preprocess');
if(self::$cookie->isLogged() && !Tools::isSubmit('ajax')) {
Tools::redirect('my-account.php');
}
if(Tools::getValue('create_account')) {
$create_account = 1;
self::$smarty->assign('email_create', 1);
}
if(Tools::isSubmit('SubmitCreate')) {
$create_account = 1;
self::$smarty->assign('email_create', Tools::safeOutput($email));
}
if(Tools::isSubmit('submitAccount') || Tools::isSubmit('submitGuestAccount')) {
$create_account = 1;
if(Tools::isSubmit('submitAccount'))
self::$smarty->assign('email_create', 1);
/* New Guest customer */
if(!Tools::getValue('is_new_customer', 1) && !Configuration::get('PS_GUEST_CHECKOUT_ENABLED')) {
$this->errors[] = Tools::displayError('You cannot create a guest account.');
}
if(!Tools::getValue('is_new_customer', 1)) {
$_POST['passwd'] = md5(time()._COOKIE_KEY_);
}
if(isset($_POST['guest_email']) && $_POST['guest_email']) {
$_POST['email'] = $_POST['guest_email'];
}
$_POST['email'] = trim($_POST['email']);
/* Preparing customer */
$customer = new Customer();
$lastnameAddress = $_POST['lastname'];
$firstnameAddress = $_POST['firstname'];
$_POST['lastname'] = $_POST['customer_lastname'];
$_POST['firstname'] = $_POST['customer_firstname'];
if (!@checkdate(Tools::getValue('months'), Tools::getValue('days'), Tools::getValue('years')) AND !(Tools::getValue('months') == '' AND Tools::getValue('days') == '' AND Tools::getValue('years') == '')) {
$this->errors[] = Tools::displayError('Invalid date of birth');
}
$customer->birthday = (empty($_POST['years']) ? '' : (int)($_POST['years']).'-'.(int)($_POST['months']).'-'.(int)($_POST['days']));
$this->errors = array_unique(array_merge($this->errors, $customer->validateControler()));
$_POST['lastname'] = $lastnameAddress;
$_POST['firstname'] = $firstnameAddress;
if(!sizeof($this->errors)) {
if(Customer::customerExists(Tools::getValue('email'))) {
$this->errors[] = Tools::displayError('An account is already registered with this e-mail, please fill in the password or request a new one.');
}
if(Tools::isSubmit('newsletter')) {
$customer->ip_registration_newsletter = pSQL(Tools::getRemoteAddr());
$customer->newsletter_date_add = pSQL(date('Y-m-d H:i:s'));
}
$customer->birthday = (empty($_POST['years'])? '': (int)($_POST['years']).'-'.(int)($_POST['months']).'-'.(int)($_POST['days']));
if(!sizeof($this->errors)) {
$customer->active = 1;
/* New Guest customer */
if(Tools::isSubmit('is_new_customer')) {
$customer->is_guest = !Tools::getValue('is_new_customer', 1);
} else {
$customer->is_guest = 0;
}
if(!$customer->add()) {
$this->errors[] = Tools::displayError('An error occurred while creating your account.');
} else {
if(!$customer->is_guest) {
if(!Mail::Send((int)(self::$cookie->id_lang), 'account', Mail::l('Welcome!'),
array('{firstname}' => $customer->firstname, '{lastname}' => $customer->lastname, '{email}' => $customer->email, '{passwd}' => Tools::getValue('passwd')), $customer->email, $customer->firstname.' '.$customer->lastname))
$this->errors[] = Tools::displayError('Cannot send email');
}
global $site_version_front;
Db::getInstance()->ExecuteS('
INSERT INTO `'._DB_PREFIX_.'customer_version`
VALUES (
'.(int) $customer->id.',
"'.pSQL(!isset($site_version_front) ? 'fr': $site_version_front).'",
NOW()
)
');
self::$smarty->assign('confirmation', 1);
self::$cookie->id_customer = (int)($customer->id);
self::$cookie->customer_lastname = $customer->lastname;
self::$cookie->customer_firstname = $customer->firstname;
self::$cookie->passwd = $customer->passwd;
self::$cookie->logged = 1;
self::$cookie->email = $customer->email;
self::$cookie->is_guest = !Tools::getValue('is_new_customer', 1);
/* Update cart address */
self::$cart->secure_key = $customer->secure_key;
self::$cart->id_address_delivery = 0;
self::$cart->id_address_invoice = 0;
self::$cart->update();
Module::hookExec('createAccount', array(
'_POST' => $_POST,
'newCustomer' => $customer
));
if(Tools::isSubmit('ajax')) {
$return = array(
'hasError' => !empty($this->errors),
'errors' => $this->errors,
'isSaved' => true,
'id_customer' => (int)self::$cookie->id_customer,
'id_address_delivery' => 0,
'id_address_invoice' => 0,
'token' => Tools::getToken(false)
);
die(Tools::jsonEncode($return));
}
if($back = Tools::getValue('back')) {
if($back == '/') {
$back = '/index.php?validation=1';
Tools::redirect($back);
}
Tools::redirect($back.'?validation=1');
}
Tools::redirect('my-account.php?validation=1');
}
}
}
if(sizeof($this->errors)) {
if(!Tools::getValue('is_new_customer')) {
unset($_POST['passwd']);
}
if(Tools::isSubmit('ajax')) {
$return = array(
'hasError' => !empty($this->errors),
'errors' => $this->errors,
'isSaved' => false,
'id_customer' => 0
);
die(Tools::jsonEncode($return));
}
}
}
if(Tools::isSubmit('SubmitLogin')) {
Module::hookExec('beforeAuthentication');
$passwd = trim(Tools::getValue('passwd'));
$email = trim(Tools::getValue('email'));
if (empty($email)) {
$this->errors[] = Tools::displayError('E-mail address required');
} elseif (!Validate::isEmail($email)) {
$this->errors[] = Tools::displayError('Invalid e-mail address');
} elseif (empty($passwd)) {
$this->errors[] = Tools::displayError('Password is required');
} elseif (Tools::strlen($passwd) > 32) {
$this->errors[] = Tools::displayError('Password is too long');
} elseif (!Validate::isPasswd($passwd)) {
$this->errors[] = Tools::displayError('Invalid password');
} else {
$customer = new Customer();
$authentication = $customer->getByEmail(trim($email), trim($passwd));
if(!$authentication || !$customer->id) {
/* Handle brute force attacks */
sleep(1);
$this->errors[] = Tools::displayError('Authentication failed');
} else {
self::$cookie->id_customer = (int)($customer->id);
self::$cookie->customer_lastname = $customer->lastname;
self::$cookie->customer_firstname = $customer->firstname;
self::$cookie->logged = 1;
self::$cookie->is_guest = $customer->isGuest();
self::$cookie->passwd = $customer->passwd;
self::$cookie->email = $customer->email;
if(Configuration::get('PS_CART_FOLLOWING') && (empty(self::$cookie->id_cart) || Cart::getNbProducts(self::$cookie->id_cart) == 0)) {
self::$cookie->id_cart = (int)(Cart::lastNoneOrderedCart((int)($customer->id)));
}
/* Update cart address */
self::$cart->id_carrier = 0;
self::$cart->id_address_delivery = 0;
self::$cart->id_address_invoice = 0;
// If a logged guest logs in as a customer, the cart secure key was already set and needs to be updated
self::$cart->secure_key = $customer->secure_key;
self::$cart->update();
// update customer version
global $site_version_front;
Db::getInstance()->ExecuteS('
INSERT INTO `'._DB_PREFIX_.'customer_version`
VALUES (
'.(int) $customer->id.',
"'.pSQL($site_version_front).'",
NOW()
)
ON DUPLICATE KEY UPDATE
`version` = "'.pSQL($site_version_front).'"
');
Module::hookExec('authentication');
if(!Tools::isSubmit('ajax')) {
if ($back = Tools::getValue('back'))
Tools::redirect($back);
Tools::redirect('my-account.php');
}
}
}
if(Tools::isSubmit('ajax')) {
$return = array(
'hasError' => !empty($this->errors),
'errors' => $this->errors,
'token' => Tools::getToken(false)
);
die(Tools::jsonEncode($return));
}
}
if(isset($create_account)) {
/* Call a hook to display more information on form */
self::$smarty->assign(array(
'HOOK_CREATE_ACCOUNT_FORM' => Module::hookExec('createAccountForm'),
'HOOK_CREATE_ACCOUNT_TOP' => Module::hookExec('createAccountTop')
));
}
/* Generate years, months and days */
if (isset($_POST['years']) && is_numeric($_POST['years'])) {
$selectedYears = (int)($_POST['years']);
}
$years = Tools::dateYears();
if (isset($_POST['months']) && is_numeric($_POST['months'])) {
$selectedMonths = (int)($_POST['months']);
}
$months = Tools::dateMonths();
if (isset($_POST['days']) && is_numeric($_POST['days'])) {
$selectedDays = (int)($_POST['days']);
}
$days = Tools::dateDays();
self::$smarty->assign(array(
'years' => $years,
'sl_year' => (isset($selectedYears)? $selectedYears: 0),
'months' => $months,
'sl_month' => (isset($selectedMonths)? $selectedMonths: 0),
'days' => $days,
'sl_day' => (isset($selectedDays)? $selectedDays: 0)
));
self::$smarty->assign('newsletter', (int)Module::getInstanceByName('blocknewsletter')->active);
}
public function displayContent() {
Tools::safePostVars();
self::$smarty->assign('errors', $this->errors);
self::$smarty->assign('HOOK_CREATE_ACCOUNT_FORM_BOTTOM', Module::hookExec('createAccountFormBottom', array()));
self::$smarty->display(_PS_THEME_DIR_.'authentication.tpl');
}
public function setMedia() {
parent::setMedia();
global $css_files;
$css_files = array_slice($css_files, 0, 1);
}
}