Skip to content

Instantly share code, notes, and snippets.

@EdEichman

EdEichman/PasswordController.php

Last active November 10, 2015 17:42
Show Gist options
  • Save EdEichman/3cb16855f4d92a8a0fdc to your computer and use it in GitHub Desktop.
Save EdEichman/3cb16855f4d92a8a0fdc to your computer and use it in GitHub Desktop.
Download ZIP
Raw
PasswordController.php
<?php
class PasswordController extends PasswordControllerCore
{
public function postProcess()
{
if (Tools::isSubmit('email')) {
$this->sendForgettenPasswordEmail();
} elseif (($token = Tools::getValue('token')) && ($id_customer = (int)Tools::getValue('id_customer'))) {
$this->processForgettenPasswordConfirmation($token, $id_customer);
} elseif (($new_password = Tools::getValue('new_passwd')) && ($new_password_confirm = Tools::getValue('new_passwd_confirm'))) {
$this->processPasswordChange($new_password, $new_password_confirm);
} else {
parent::postProcess();
}
}
protected function sendForgettenPasswordEmail()
{
if (!($email = trim(Tools::getValue('email'))) || !Validate::isEmail($email)) {
$this->errors[] = Tools::displayError('Invalid email address.');
} else {
$customer = new Customer();
$customer->getByemail($email);
if (!Validate::isLoadedObject($customer)) {
$this->errors[] = Tools::displayError('There is no account registered for this email address.');
} elseif (!$customer->active) {
$this->errors[] = Tools::displayError('This account is not active. Please contact customer support.');
} else {
//record when we are sending the forgotten password email, and generate a corresponding token
$token = md5(uniqid(rand(), true));
$password_request = array (
'datetime_password_request' => date('Y-m-d H:i:s'),
'token_password_request' => $token
);
if (Db::getInstance()->getValue("select id_customer from customer_extra_info where id_customer = {$customer->id}")) {
$token_saved = Db::getInstance()->update('customer_extra_info', $password_request, "id_customer = {$customer->id}");
} else {
$password_request['id_customer'] = $customer->id;
$token_saved = Db::getInstance()->insert('customer_extra_info', $password_request);
}
$mail_params = array (
'{email}' => $customer->email,
'{lastname}' => $customer->lastname,
'{firstname}' => $customer->firstname,
'{url}' => $this->context->link->getPageLink('password', true, null,
'token=' . $token . '&id_customer=' . (int)$customer->id)
);
if ($token_saved && Mail::Send($this->context->language->id,
'password_query',
Mail::l('Password query confirmation'),
$mail_params,
$customer->email,
$customer->firstname . ' ' . $customer->lastname)
) {
$this->context->smarty->assign(array ('confirmation' => 2, 'customer_email' => $customer->email));
} else {
$this->errors[] = Tools::displayError('An error occurred while preparing the email.');
}
}
}
}
protected function processForgettenPasswordConfirmation($token, $id_customer)
{
$this->logOutOtherCustomers ($id_customer);
$datetime_password_request = Db::getInstance()->getValue("
select
datetime_password_request
from
customer_extra_info as cei
where
id_customer = $id_customer
and token_password_request = '$token'");
if ($datetime_password_request) {
$customer = new Customer($id_customer);
if (!Validate::isLoadedObject($customer)) {
$this->errors[] = Tools::displayError('Customer account not found');
} elseif (!$customer->active) {
$this->errors[] = Tools::displayError('This account is not active. Please contact customer support.');
} elseif ((strtotime($datetime_password_request . '+60 minutes') - time()) < 0) {
$this->errors[] = Tools::displayError('Your password change request expired after one hour. Please try again.');
} else {
$this->smartyForChangePassword($id_customer);
}
} else {
$this->errors[] = Tools::displayError('We cannot regenerate your password with the data you\'ve submitted.');
}
}
protected function logOutOtherCustomers ($id_customer)
{
if (isset ($this->context) &&
isset ($this->context->customer) &&
isset ($this->context->customer->id) &&
$this->context->customer->id > 0 &&
$this->context->customer->id != $id_customer)
{
$customer = new Customer ($this->context->customer->id);
$customer->logout();
}
}
protected function smartyForChangePassword($id_customer)
{
$this->context->smarty->assign(array (
'change_password' => 1,
'id_customer' => $id_customer
));
}
protected function processPasswordChange($new_password, $new_password_confirm)
{
$id_customer = (int)Tools::getValue('id_customer');
$this->logOutOtherCustomers ($id_customer);
$new_password = trim($new_password);
$new_password_confirm = trim($new_password_confirm);
if (0 != strcmp($new_password, $new_password_confirm) /* 0 indicates they are equal */) {
$this->errors[] = Tools::displayError('Email addresses are not equal.');
} else {
$password_changed = false;
if (isset ($this->context) && isset ($this->context->cookie)) {
$customer = new Customer((int)$id_customer);
if (Validate::isLoadedObject($customer)) {
$customer->passwd = $this->context->cookie->passwd = Tools::encrypt($new_password);
if ($customer->update()) {
$this->context->smarty->assign(array (
'password_changed' => 1,
'id_customer' => $id_customer
));
$password_changed = true;
}
}
}
if (!$password_changed) {
$this->errors[] = Tools::displayError('Password could not be changed.');
}
}
if (count ($this->errors) > 0)
{
$this->smartyForChangePassword($id_customer);
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment