359 lines
13 KiB
PHP
Executable File
359 lines
13 KiB
PHP
Executable File
<?php
|
|
class AuthController extends AuthControllerCore
|
|
{
|
|
public function preProcess()
|
|
{
|
|
// We can't run parent::preProcess() here since it would run the authentication process
|
|
|
|
if (!isset($this->php_self)) {
|
|
$this->php_self = strtolower(basename($_SERVER['PHP_SELF']));
|
|
}
|
|
if ($this->php_self == '404.php') {
|
|
$page_name = 'page-404';
|
|
} else {
|
|
if(preg_match('#^'.__PS_BASE_URI__.'modules/([a-zA-Z0-9_-]+?)/([^?]*)(\?(.*))?$#', strtolower($_SERVER['REQUEST_URI']), $m)) {
|
|
$page_name = 'module-'.$m[1].'-'.str_replace(array('.php', '/'), array('', '-'), $m[2]);
|
|
} else {
|
|
$page_name = preg_replace('/\.php$/', '', $this->php_self);
|
|
}
|
|
}
|
|
self::$smarty->assign(array('page_name' => $page_name));
|
|
|
|
$displayLeft = array(
|
|
'page-404', 'address', 'addresses', /*'authentication',*/ 'best-sales',
|
|
'breadcrumb', 'category', 'category-cms-tree-branch',
|
|
'category-tree-branch', 'cms', 'contact-form', 'discount',
|
|
'errors', 'footer', 'guest-tracking', 'header', 'history',
|
|
'identity', /*'index',*/ 'maintenance', 'manufacturer',
|
|
'manufacturer-list', 'my-account', 'new-products', 'order',
|
|
'order-address', 'order-carrier', 'order-confirmation',
|
|
'order-detail', 'order-follow', 'order-opc',
|
|
'order-opc-new-account', 'order-payment', 'order-return',
|
|
'order-slip', 'order-steps', 'pagination', /*'password',*/ 'payment',
|
|
'prices-drop', /*'product',*/ 'product-compare', 'product-list',
|
|
'products-comparison', 'product-sort', 'restricted-country',
|
|
'scenes', 'search', 'shopping-cart', 'shopping-cart-product-line',
|
|
'sitemap', 'store_infos', 'stores', 'supplier', 'supplier-list',
|
|
'module-privatesales-salechange', 'module-invite-invite-program',
|
|
'module-referralprogram-referral-program', 'module-cheque-payment',
|
|
'module-bankwire-payment', 'module-invite-invite-rules',
|
|
);
|
|
if($page_name == 'index') {
|
|
global $cookie;
|
|
if($cookie->isLogged()) {
|
|
$displayLeft[] = 'index';
|
|
}
|
|
}
|
|
$displayRight = array(
|
|
/*'page-404', 'address', 'addresses', 'authentication', 'best-sales',
|
|
'breadcrumb', 'category', 'category-cms-tree-branch',
|
|
'category-tree-branch', 'cms', 'contact-form', 'discount',
|
|
'errors', 'footer', 'guest-tracking', 'header', 'history',
|
|
'identity', 'index', 'maintenance', 'manufacturer',
|
|
'manufacturer-list', 'my-account', 'new-products', 'order',
|
|
'order-address', 'order-carrier', 'order-confirmation',
|
|
'order-detail', 'order-follow', 'order-opc',
|
|
'order-opc-new-account', 'order-payment', 'order-return',
|
|
'order-slip', 'order-steps', 'pagination', 'password', 'payment',
|
|
'prices-drop', 'product', 'product-compare', 'product-list',
|
|
'products-comparison', 'product-sort', 'restricted-country',
|
|
'scenes', 'search', 'shopping-cart', 'shopping-cart-product-line',
|
|
'sitemap', 'store_infos', 'stores', 'supplier', 'supplier-list',
|
|
'module-privatesales-salechange', 'module-invite-invite-program',
|
|
'module-referralprogram-referral-program', 'module-cheque-payment',
|
|
'module-bankwire-payment', 'module-invite-invite-rules',*/
|
|
);
|
|
|
|
$countCols = count(array_keys($displayLeft + $displayRight, $page_name));
|
|
|
|
$bodyClass = 'singleCol';
|
|
if($countCols == 1) {
|
|
$bodyClass = 'doubleCol';
|
|
} elseif($countCols == 2) {
|
|
$bodyClass = 'tripleCol';
|
|
}
|
|
|
|
self::$smarty->assign(array(
|
|
'displayLeft' => $displayLeft,
|
|
'displayRight' => $displayRight,
|
|
'bodyClass' => $bodyClass,
|
|
));
|
|
|
|
Module::hookExec('preprocess');
|
|
|
|
if (self::$cookie->isLogged() && !Tools::isSubmit('ajax')) {
|
|
Tools::redirect('/');
|
|
}
|
|
|
|
if (Tools::getValue('create_account')) {
|
|
$create_account = 1;
|
|
self::$smarty->assign('email_create', 1);
|
|
}
|
|
|
|
if (Tools::isSubmit('SubmitCreate')) {
|
|
$create_account = 1;
|
|
self::$smarty->assign('email_create', Tools::safeOutput($email));
|
|
}
|
|
|
|
if (Tools::isSubmit('submitAccount') || Tools::isSubmit('submitGuestAccount')) {
|
|
$create_account = 1;
|
|
if(Tools::isSubmit('submitAccount')) {
|
|
self::$smarty->assign('email_create', 1);
|
|
}
|
|
|
|
/* New Guest customer */
|
|
if (!Tools::getValue('is_new_customer', 1) && !Configuration::get('PS_GUEST_CHECKOUT_ENABLED')) {
|
|
$this->errors[] = Tools::displayError('You cannot create a guest account.');
|
|
}
|
|
|
|
if (!Tools::getValue('is_new_customer', 1)) {
|
|
$_POST['passwd'] = md5(time()._COOKIE_KEY_);
|
|
}
|
|
|
|
$email = Tools::getValue('email');
|
|
if (Tools::getValue('guest_email') !== false) {
|
|
$email = Tools::getValue('guest_email');
|
|
}
|
|
$email = strtolower(trim($email));
|
|
|
|
/** @Override Antadis - mail fixing */
|
|
$email = str_replace(array('@hotmil.','@htmail.','@hotmal.','@hotml.','@hotmai.'),'@hotmail.', $email);
|
|
$email = str_replace(array('@gmal.','@gail.','@gml.','@gmai.','@gmil.'),'@gmail.', $email);
|
|
$email = str_replace('@gmailcom','@gmail.com', $email);
|
|
$email = str_replace('@hotmailcom','@hotmail.com', $email);
|
|
$email = str_replace('@hotmailfr','@hotmail.fr', $email);
|
|
/** @End Override Antadis - mail fixing */
|
|
|
|
/* Preparing customer */
|
|
$customer = new Customer();
|
|
$lastnameAddress = $_POST['lastname'];
|
|
$firstnameAddress = $_POST['firstname'];
|
|
$_POST['lastname'] = $_POST['customer_lastname'];
|
|
$_POST['firstname'] = $_POST['customer_firstname'];
|
|
if (!@checkdate(Tools::getValue('months'), Tools::getValue('days'), Tools::getValue('years')) AND !(Tools::getValue('months') == '' AND Tools::getValue('days') == '' AND Tools::getValue('years') == '')) {
|
|
$this->errors[] = Tools::displayError('Invalid date of birth');
|
|
}
|
|
$customer->birthday = (empty($_POST['years']) ? '' : (int)($_POST['years']).'-'.(int)($_POST['months']).'-'.(int)($_POST['days']));
|
|
|
|
$this->errors = array_unique(array_merge($this->errors, $customer->validateControler()));
|
|
$_POST['lastname'] = $lastnameAddress;
|
|
$_POST['firstname'] = $firstnameAddress;
|
|
|
|
if (!sizeof($this->errors)) {
|
|
if(Customer::customerExists($email)) {
|
|
$this->errors[] = Tools::displayError('An account is already registered with this e-mail, please fill in the password or request a new one.');
|
|
}
|
|
if(Tools::isSubmit('newsletter')) {
|
|
$customer->ip_registration_newsletter = pSQL(Tools::getRemoteAddr());
|
|
$customer->newsletter_date_add = pSQL(date('Y-m-d H:i:s'));
|
|
}
|
|
|
|
$customer->birthday = (empty($_POST['years'])? '': (int)($_POST['years']).'-'.(int)($_POST['months']).'-'.(int)($_POST['days']));
|
|
|
|
if (!sizeof($this->errors)) {
|
|
$customer->active = 1;
|
|
/* New Guest customer */
|
|
if (Tools::isSubmit('is_new_customer')) {
|
|
$customer->is_guest = !Tools::getValue('is_new_customer', 1);
|
|
} else {
|
|
$customer->is_guest = 0;
|
|
}
|
|
if (!$customer->add()) {
|
|
$this->errors[] = Tools::displayError('An error occurred while creating your account.');
|
|
} else {
|
|
if(!$customer->is_guest) {
|
|
if(!Mail::Send((int)(self::$cookie->id_lang), 'account', Mail::l('Welcome!'),
|
|
array('{firstname}' => $customer->firstname, '{lastname}' => $customer->lastname, '{email}' => $customer->email, '{passwd}' => Tools::getValue('passwd')), $customer->email, $customer->firstname.' '.$customer->lastname))
|
|
$this->errors[] = Tools::displayError('Cannot send email');
|
|
}
|
|
|
|
global $site_version_front;
|
|
Db::getInstance()->ExecuteS('
|
|
INSERT INTO `'._DB_PREFIX_.'customer_version`
|
|
VALUES (
|
|
'.(int) $customer->id.',
|
|
"'.pSQL(!isset($site_version_front) ? 'fr': $site_version_front).'",
|
|
NOW()
|
|
)
|
|
');
|
|
|
|
|
|
self::$smarty->assign('confirmation', 1);
|
|
self::$cookie->id_customer = (int)($customer->id);
|
|
self::$cookie->customer_lastname = $customer->lastname;
|
|
self::$cookie->customer_firstname = $customer->firstname;
|
|
self::$cookie->passwd = $customer->passwd;
|
|
self::$cookie->logged = 1;
|
|
self::$cookie->email = $customer->email;
|
|
self::$cookie->is_guest = !Tools::getValue('is_new_customer', 1);
|
|
/* Update cart address */
|
|
self::$cart->secure_key = $customer->secure_key;
|
|
self::$cart->id_address_delivery = 0;
|
|
self::$cart->id_address_invoice = 0;
|
|
self::$cart->update();
|
|
Module::hookExec('createAccount', array(
|
|
'_POST' => $_POST,
|
|
'newCustomer' => $customer
|
|
));
|
|
if (Tools::isSubmit('ajax')) {
|
|
$return = array(
|
|
'hasError' => !empty($this->errors),
|
|
'errors' => $this->errors,
|
|
'isSaved' => true,
|
|
'id_customer' => (int)self::$cookie->id_customer,
|
|
'id_address_delivery' => 0,
|
|
'id_address_invoice' => 0,
|
|
'token' => Tools::getToken(false)
|
|
);
|
|
die(Tools::jsonEncode($return));
|
|
}
|
|
if ($back = Tools::getValue('back')) {
|
|
if($back == '/') {
|
|
$back = '/index.php?validation=1';
|
|
Tools::redirect($back);
|
|
}
|
|
Tools::redirect($back.'?validation=1');
|
|
}
|
|
Tools::redirect('my-account.php?validation=1');
|
|
}
|
|
}
|
|
}
|
|
|
|
if (sizeof($this->errors)) {
|
|
if(!Tools::getValue('is_new_customer')) {
|
|
unset($_POST['passwd']);
|
|
}
|
|
if(Tools::isSubmit('ajax')) {
|
|
$return = array(
|
|
'hasError' => !empty($this->errors),
|
|
'errors' => $this->errors,
|
|
'isSaved' => false,
|
|
'id_customer' => 0
|
|
);
|
|
die(Tools::jsonEncode($return));
|
|
}
|
|
}
|
|
}
|
|
|
|
if (Tools::isSubmit('SubmitLogin')) {
|
|
Module::hookExec('beforeAuthentication');
|
|
$passwd = trim(Tools::getValue('passwd'));
|
|
$email = trim(Tools::getValue('email'));
|
|
if (empty($email)) {
|
|
$this->errors[] = Tools::displayError('E-mail address required');
|
|
} elseif (!Validate::isEmail($email)) {
|
|
$this->errors[] = Tools::displayError('Invalid e-mail address');
|
|
} elseif (empty($passwd)) {
|
|
$this->errors[] = Tools::displayError('Password is required');
|
|
} elseif (Tools::strlen($passwd) > 32) {
|
|
$this->errors[] = Tools::displayError('Password is too long');
|
|
} elseif (!Validate::isPasswd($passwd)) {
|
|
$this->errors[] = Tools::displayError('Invalid password');
|
|
} else {
|
|
$customer = new Customer();
|
|
$authentication = $customer->getByEmail(trim($email), trim($passwd));
|
|
if (!$authentication || !$customer->id) {
|
|
/* Handle brute force attacks */
|
|
sleep(1);
|
|
$this->errors[] = Tools::displayError('Authentication failed');
|
|
} else {
|
|
self::$cookie->id_customer = (int)($customer->id);
|
|
self::$cookie->customer_lastname = $customer->lastname;
|
|
self::$cookie->customer_firstname = $customer->firstname;
|
|
self::$cookie->logged = 1;
|
|
self::$cookie->is_guest = $customer->isGuest();
|
|
self::$cookie->passwd = $customer->passwd;
|
|
self::$cookie->email = $customer->email;
|
|
if(Configuration::get('PS_CART_FOLLOWING') && (empty(self::$cookie->id_cart) || Cart::getNbProducts(self::$cookie->id_cart) == 0)) {
|
|
self::$cookie->id_cart = (int)(Cart::lastNoneOrderedCart((int)($customer->id)));
|
|
}
|
|
/* Update cart address */
|
|
self::$cart->id_carrier = 0;
|
|
self::$cart->id_address_delivery = 0;
|
|
self::$cart->id_address_invoice = 0;
|
|
// If a logged guest logs in as a customer, the cart secure key was already set and needs to be updated
|
|
self::$cart->secure_key = $customer->secure_key;
|
|
self::$cart->update();
|
|
|
|
// update customer version
|
|
global $site_version_front;
|
|
Db::getInstance()->ExecuteS('
|
|
INSERT INTO `'._DB_PREFIX_.'customer_version`
|
|
VALUES (
|
|
'.(int) $customer->id.',
|
|
"'.pSQL($site_version_front).'",
|
|
NOW()
|
|
)
|
|
ON DUPLICATE KEY UPDATE
|
|
`version` = "'.pSQL($site_version_front).'"
|
|
');
|
|
|
|
Module::hookExec('authentication');
|
|
if(!Tools::isSubmit('ajax')) {
|
|
if ($back = Tools::getValue('back'))
|
|
Tools::redirect($back);
|
|
Tools::redirect('my-account.php');
|
|
}
|
|
}
|
|
}
|
|
if (Tools::isSubmit('ajax')) {
|
|
$return = array(
|
|
'hasError' => !empty($this->errors),
|
|
'errors' => $this->errors,
|
|
'token' => Tools::getToken(false)
|
|
);
|
|
die(Tools::jsonEncode($return));
|
|
}
|
|
}
|
|
|
|
if (isset($create_account)) {
|
|
/* Call a hook to display more information on form */
|
|
self::$smarty->assign(array(
|
|
'HOOK_CREATE_ACCOUNT_FORM' => Module::hookExec('createAccountForm'),
|
|
'HOOK_CREATE_ACCOUNT_TOP' => Module::hookExec('createAccountTop')
|
|
));
|
|
}
|
|
|
|
/* Generate years, months and days */
|
|
if (isset($_POST['years']) && is_numeric($_POST['years'])) {
|
|
$selectedYears = (int)($_POST['years']);
|
|
}
|
|
$years = Tools::dateYears();
|
|
if (isset($_POST['months']) && is_numeric($_POST['months'])) {
|
|
$selectedMonths = (int)($_POST['months']);
|
|
}
|
|
$months = Tools::dateMonths();
|
|
|
|
if (isset($_POST['days']) && is_numeric($_POST['days'])) {
|
|
$selectedDays = (int)($_POST['days']);
|
|
}
|
|
$days = Tools::dateDays();
|
|
|
|
self::$smarty->assign(array(
|
|
'years' => $years,
|
|
'sl_year' => (isset($selectedYears)? $selectedYears: 0),
|
|
'months' => $months,
|
|
'sl_month' => (isset($selectedMonths)? $selectedMonths: 0),
|
|
'days' => $days,
|
|
'sl_day' => (isset($selectedDays)? $selectedDays: 0)
|
|
));
|
|
self::$smarty->assign('newsletter', (int)Module::getInstanceByName('blocknewsletter')->active);
|
|
}
|
|
|
|
public function displayContent()
|
|
{
|
|
Tools::safePostVars();
|
|
self::$smarty->assign('errors', $this->errors);
|
|
self::$smarty->assign('HOOK_CREATE_ACCOUNT_FORM_BOTTOM', Module::hookExec('createAccountFormBottom', array()));
|
|
self::$smarty->display(_PS_THEME_DIR_.'authentication.tpl');
|
|
}
|
|
|
|
public function setMedia()
|
|
{
|
|
parent::setMedia();
|
|
|
|
global $css_files;
|
|
$css_files = array_slice($css_files, 0, 1);
|
|
}
|
|
}
|