API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 22nd, 2015
149
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.39 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3. * 2007-2013 PrestaShop
  4. *
  5. * NOTICE OF LICENSE
  6. *
  7. * This source file is subject to the Open Software License (OSL 3.0)
  8. * that is bundled with this package in the file LICENSE.txt.
  9. * It is also available through the world-wide-web at this URL:
  10. * http://opensource.org/licenses/osl-3.0.php
  11. * If you did not receive a copy of the license and are unable to
  12. * obtain it through the world-wide-web, please send an email
  13. * to license@prestashop.com so we can send you a copy immediately.
  14. *
  15. * DISCLAIMER
  16. *
  17. * Do not edit or add to this file if you wish to upgrade PrestaShop to newer
  18. * versions in the future. If you wish to customize PrestaShop for your
  19. * needs please refer to http://www.prestashop.com for more information.
  20. *
  21. * @author PrestaShop SA <contact@prestashop.com>
  22. * @copyright 2007-2013 PrestaShop SA
  23. * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
  24. * International Registered Trademark & Property of PrestaShop SA
  25. */
  26.  
  27. class AdminLoginControllerCore extends AdminController
  28. {
  29. public function __construct()
  30. {
  31. $this->errors = array();
  32. $this->context = Context::getContext();
  33. $this->display_header = false;
  34. $this->display_footer = false;
  35.  
  36. $this->meta_title = $this->l('Administration panel');
  37.  
  38. parent::__construct();
  39. }
  40.  
  41. public function setMedia()
  42. {
  43. $this->addJquery();
  44. $this->addCSS(_PS_CSS_DIR_.'login.css');
  45. $this->addJS(_PS_JS_DIR_.'login.js');
  46. $this->addJqueryUI('ui.widget');
  47. $this->addJqueryUI('effects.shake');
  48. $this->addJqueryUI('effects.slide');
  49. }
  50.  
  51. public function initContent()
  52. {
  53. if ((empty($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) == 'off') && Configuration::get('PS_SSL_ENABLED'))
  54. {
  55. // You can uncomment these lines if you want to force https even from localhost and automatically redirect
  56. // header('HTTP/1.1 301 Moved Permanently');
  57. // header('Location: '.Tools::getShopDomainSsl(true).$_SERVER['REQUEST_URI']);
  58. // exit();
  59. $clientIsMaintenanceOrLocal = in_array(Tools::getRemoteAddr(), array_merge(array('127.0.0.1'), explode(',', Configuration::get('PS_MAINTENANCE_IP'))));
  60. // If ssl is enabled, https protocol is required. Exception for maintenance and local (127.0.0.1) IP
  61. if ($clientIsMaintenanceOrLocal)
  62. $this->errors[] = Tools::displayError('SSL is activated. However, your IP is allowed to enter unsecure mode for maintenance or local IP issues.');
  63. else
  64. {
  65. $warningSslMessage = Tools::displayError('SSL is activated. Please connect using the following URL to log into secure mode (https://).');
  66. $warningSslMessage .= '<a href="https://'.Tools::safeOutput(Tools::getServerName()).Tools::safeOutput($_SERVER['REQUEST_URI']).'">https://'.Tools::safeOutput(Tools::getServerName()).Tools::safeOutput($_SERVER['REQUEST_URI']).'</a>';
  67. $this->context->smarty->assign(array('warningSslMessage' => $warningSslMessage));
  68. }
  69. }
  70.  
  71. if (file_exists(_PS_ADMIN_DIR_.'/../install'))
  72. $this->context->smarty->assign('wrong_install_name', true);
  73.  
  74. if (basename(_PS_ADMIN_DIR_) == 'admin' && file_exists(_PS_ADMIN_DIR_.'/../admin/'))
  75. {
  76. $rand = 'admin'.sprintf('%04d', rand(0, 9999)).'/';
  77. if (@rename(_PS_ADMIN_DIR_.'/../admin/', _PS_ADMIN_DIR_.'/../'.$rand))
  78. Tools::redirectAdmin('../'.$rand);
  79. else
  80. $this->context->smarty->assign(array(
  81. 'wrong_folder_name' => true
  82. ));
  83. }
  84. else
  85. $rand = basename(_PS_ADMIN_DIR_).'/';
  86.  
  87. $this->context->smarty->assign(array(
  88. 'randomNb' => $rand,
  89. 'adminUrl' => Tools::getCurrentUrlProtocolPrefix().Tools::getShopDomain().__PS_BASE_URI__.$rand
  90. ));
  91.  
  92. // Redirect to admin panel
  93. if (Tools::isSubmit('redirect') && Validate::isControllerName(Tools::getValue('redirect')))
  94. $this->context->smarty->assign('redirect', Tools::getValue('redirect'));
  95. else
  96. {
  97. $tab = new Tab((int)$this->context->employee->default_tab);
  98. $this->context->smarty->assign('redirect', $this->context->link->getAdminLink($tab->class_name));
  99. }
  100.  
  101. if ($nb_errors = count($this->errors))
  102. $this->context->smarty->assign(array(
  103. 'errors' => $this->errors,
  104. 'nbErrors' => $nb_errors,
  105. 'shop_name' => Tools::safeOutput(Configuration::get('PS_SHOP_NAME')),
  106. 'disableDefaultErrorOutPut' => true,
  107. ));
  108.  
  109. $this->setMedia();
  110. $this->initHeader();
  111. parent::initContent();
  112. $this->initFooter();
  113. }
  114.  
  115. public function checkToken()
  116. {
  117. return true;
  118. }
  119.  
  120. /**
  121. * All BO users can access the login page
  122. *
  123. * @return bool
  124. */
  125. public function viewAccess()
  126. {
  127. return true;
  128. }
  129.  
  130. public function postProcess()
  131. {
  132. if (Tools::isSubmit('submitLogin'))
  133. $this->processLogin();
  134. elseif (Tools::isSubmit('submitForgot'))
  135. $this->processForgot();
  136. }
  137.  
  138. public function processLogin()
  139. {
  140. /* Check fields validity */
  141. $passwd = trim(Tools::getValue('passwd'));
  142. $email = trim(Tools::getValue('email'));
  143. if (empty($email))
  144. $this->errors[] = Tools::displayError('Email is empty.');
  145. elseif (!Validate::isEmail($email))
  146. $this->errors[] = Tools::displayError('Invalid email address.');
  147.  
  148. if (empty($passwd))
  149. $this->errors[] = Tools::displayError('The password field is blank.');
  150. elseif (!Validate::isPasswd($passwd))
  151. $this->errors[] = Tools::displayError('Invalid password.');
  152.  
  153. if (!count($this->errors))
  154. {
  155. // Find employee
  156. $this->context->employee = new Employee();
  157. $is_employee_loaded = $this->context->employee->getByEmail($email, $passwd);
  158. $employee_associated_shop = $this->context->employee->getAssociatedShops();
  159. if (!$is_employee_loaded)
  160. {
  161. $this->errors[] = Tools::displayError('The Employee does not exist, or the password provided is incorrect.');
  162. $this->context->employee->logout();
  163. }
  164. elseif (empty($employee_associated_shop) && !$this->context->employee->isSuperAdmin())
  165. {
  166. $this->errors[] = Tools::displayError('This employee does not manage the shop anymore (Either the shop has been deleted or permissions have been revoked).');
  167. $this->context->employee->logout();
  168. }
  169. else
  170. {
  171. Logger::addLog(sprintf($this->l('Back Office connection from %s', 'AdminTab', false, false), Tools::getRemoteAddr()), 1, null, '', 0, true, (int)$this->context->employee->id);
  172.  
  173. $this->context->employee->remote_addr = ip2long(Tools::getRemoteAddr());
  174. // Update cookie
  175. $cookie = Context::getContext()->cookie;
  176. $cookie->id_employee = $this->context->employee->id;
  177. $cookie->email = $this->context->employee->email;
  178. $cookie->profile = $this->context->employee->id_profile;
  179. $cookie->passwd = $this->context->employee->passwd;
  180. $cookie->remote_addr = $this->context->employee->remote_addr;
  181. $cookie->write();
  182.  
  183. // If there is a valid controller name submitted, redirect to it
  184. if (isset($_POST['redirect']) && Validate::isControllerName($_POST['redirect']))
  185. $url = $this->context->link->getAdminLink($_POST['redirect']);
  186. else
  187. {
  188. $tab = new Tab((int)$this->context->employee->default_tab);
  189. $url = $this->context->link->getAdminLink($tab->class_name);
  190. }
  191.  
  192. if (Tools::isSubmit('ajax'))
  193. die(Tools::jsonEncode(array('hasErrors' => false, 'redirect' => $url)));
  194. else
  195. $this->redirect_after = $url;
  196. }
  197. }
  198. if (Tools::isSubmit('ajax'))
  199. die(Tools::jsonEncode(array('hasErrors' => true, 'errors' => $this->errors)));
  200. }
  201.  
  202. public function processForgot()
  203. {
  204. if (_PS_MODE_DEMO_)
  205. $this->errors[] = Tools::displayError('This functionality has been disabled.');
  206. elseif (!($email = trim(Tools::getValue('email_forgot'))))
  207. $this->errors[] = Tools::displayError('Email is empty.');
  208. elseif (!Validate::isEmail($email))
  209. $this->errors[] = Tools::displayError('Invalid email address.');
  210. else
  211. {
  212. $employee = new Employee();
  213. if (!$employee->getByEmail($email) || !$employee)
  214. $this->errors[] = Tools::displayError('This account does not exist.');
  215. elseif ((strtotime($employee->last_passwd_gen.'+'.Configuration::get('PS_PASSWD_TIME_BACK').' minutes') - time()) > 0)
  216. $this->errors[] = sprintf(
  217. Tools::displayError('You can regenerate your password only every %d minute(s)'),
  218. Configuration::get('PS_PASSWD_TIME_BACK')
  219. );
  220. }
  221.  
  222. if (!count($this->errors))
  223. {
  224. $pwd = Tools::passwdGen();
  225. $employee->passwd = md5(pSQL(_COOKIE_KEY_.$pwd));
  226. $employee->last_passwd_gen = date('Y-m-d H:i:s', time());
  227.  
  228. $params = array(
  229. '{email}' => $employee->email,
  230. '{lastname}' => $employee->lastname,
  231. '{firstname}' => $employee->firstname,
  232. '{passwd}' => $pwd
  233. );
  234.  
  235. if (Mail::Send($employee->id_lang, 'password', Mail::l('Your new password', $employee->id_lang), $params, $employee->email, $employee->firstname.' '.$employee->lastname))
  236. {
  237. // Update employee only if the mail can be sent
  238. $result = $employee->update();
  239. if (!$result)
  240. $this->errors[] = Tools::displayError('An error occurred while attempting to change your password.');
  241. else
  242. die(Tools::jsonEncode(array(
  243. 'hasErrors' => false,
  244. 'confirm' => $this->l('Your password has been emailed to you.', 'AdminTab', false, false)
  245. )));
  246. }
  247. else
  248. die(Tools::jsonEncode(array(
  249. 'hasErrors' => true,
  250. 'errors' => array(Tools::displayError('An error occurred while attempting to change your password.'))
  251. )));
  252.  
  253. }
  254. else if (Tools::isSubmit('ajax'))
  255. die(Tools::jsonEncode(array('hasErrors' => true, 'errors' => $this->errors)));
  256. }
  257. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!