PageRenderTime 56ms CodeModel.GetById 28ms RepoModel.GetById 0ms app.codeStats 0ms

/authentication.php

https://github.com/pal/prestashop
PHP | 233 lines | 205 code | 21 blank | 7 comment | 35 complexity | 98202d36012723e4c605a0eb020e015d MD5 | raw file
    

  1. <?php
    2. 

  2. 

  3. /* SSL Management */
    4. 

  4. $useSSL = true;
    5. 

  5. 

  6. include(dirname(__FILE__).'/config/config.inc.php');
    7. 

  7. include(dirname(__FILE__).'/init.php');
    8. 

  8. if ($cookie->isLogged())
    9. 

  9. 	Tools::redirect('my-account.php');
    10. 

  10. 

  11. //CSS ans JS file calls
    12. 

  12. $js_files = array(
    13. 

  13. 	_THEME_JS_DIR_.'tools/statesManagement.js',
    14. 

  14. 	__PS_BASE_URI__.'js/jquery/jquery-typewatch.pack.js'
    15. 

  15. );
    16. 

  16. $errors = array();
    17. 

  17. 

  18. $back = Tools::getValue('back');
    19. 

  19. $key = Tools::safeOutput(Tools::getValue('key'));
    20. 

  20. if (!empty($key))
    21. 

  21. 	$back .= (strpos($back, '?') !== false ? '&' : '?').'key='.$key;
    22. 

  22. if (!empty($back))
    23. 

  23. 	$smarty->assign('back', Tools::safeOutput($back));
    24. 

  24. 

  25. 

  26. if (Tools::getValue('create_account'))
    27. 

  27. {
    28. 

  28. 	$create_account = 1;
    29. 

  29. 	$smarty->assign('email_create', 1);
    30. 

  30. }
    31. 

  31. 

  32. if (Tools::isSubmit('SubmitCreate'))
    33. 

  33. {
    34. 

  34. 	if (!Validate::isEmail($email = Tools::getValue('email_create')))
    35. 

  35. 		$errors[] = Tools::displayError('invalid e-mail address');
    36. 

  36. 	elseif (Customer::customerExists($email))
    37. 

  37. 		$errors[] = Tools::displayError('someone has already registered with this e-mail address');	
    38. 

  38. 	else
    39. 

  39. 	{
    40. 

  40. 		$create_account = 1;
    41. 

  41. 		$smarty->assign('email_create', Tools::safeOutput($email));
    42. 

  42. 		$_POST['email'] = $email;
    43. 

  43. 	}
    44. 

  44. }
    45. 

  45. 

  46. if (Tools::isSubmit('submitAccount'))
    47. 

  47. {
    48. 

  48. 	$create_account = 1;
    49. 

  49. 	$smarty->assign('email_create', 1);
    50. 

  50. 	$validateDni = Validate::isDni(Tools::getValue('dni'));
    51. 

  51. 

  52. 	if (!Validate::isEmail($email = Tools::getValue('email')))
    53. 

  53. 		$errors[] = Tools::displayError('e-mail not valid');
    54. 

  54. 	elseif (!Validate::isPasswd(Tools::getValue('passwd')))
    55. 

  55. 		$errors[] = Tools::displayError('invalid password');
    56. 

  56. 	elseif (Customer::customerExists($email))
    57. 

  57. 		$errors[] = Tools::displayError('someone has already registered with this e-mail address');
    58. 

  58. 	elseif (Tools::getValue('dni') != NULL AND $validateDni != 1)
    59. 

  59. 	{
    60. 

  60. 		$error = array(
    61. 

  61. 		0 => Tools::displayError('DNI isn\'t valid'),
    62. 

  62. 		-1 => Tools::displayError('this DNI has been already used'),
    63. 

  63. 		-2 => Tools::displayError('NIF isn\'t valid'),
    64. 

  64. 		-3 => Tools::displayError('CIF isn\'t valid'),
    65. 

  65. 		-4 => Tools::displayError('NIE isn\'t valid')
    66. 

  66. 		);
    67. 

  67. 		$errors[] = $error[$validateDni];
    68. 

  68. 	}
    69. 

  69. 	elseif (!@checkdate(Tools::getValue('months'), Tools::getValue('days'), Tools::getValue('years')) AND !(Tools::getValue('months') == '' AND Tools::getValue('days') == '' AND Tools::getValue('years') == ''))
    70. 

  70. 		$errors[] = Tools::displayError('invalid birthday');
    71. 

  71. 	else
    72. 

  72. 	{
    73. 

  73. 		$customer = new Customer();
    74. 

  74. 		if (Tools::isSubmit('newsletter'))
    75. 

  75. 		{
    76. 

  76. 			$customer->ip_registration_newsletter = pSQL($_SERVER['REMOTE_ADDR']);
    77. 

  77. 			$customer->newsletter_date_add = pSQL(date('Y-m-d H:i:s'));
    78. 

  78. 		}
    79. 

  79. 

  80. 		$customer->birthday = (empty($_POST['years']) ? '' : intval($_POST['years']).'-'.intval($_POST['months']).'-'.intval($_POST['days']));
    81. 

  81. 

  82. 		/* Customer and address, same fields, caching data */
    83. 

  83. 		$addrLastname = isset($_POST['lastname']) ? $_POST['lastname'] : $_POST['customer_lastname'];
    84. 

  84. 		$addrFirstname = isset( $_POST['firstname']) ?  $_POST['firstname'] : $_POST['customer_firstname'];
    85. 

  85. 		$_POST['lastname'] = $_POST['customer_lastname'];
    86. 

  86. 		$_POST['firstname'] = $_POST['customer_firstname'];
    87. 

  87. 		$errors = $customer->validateControler();
    88. 

  88. 		$_POST['lastname'] = $addrLastname;
    89. 

  89. 		$_POST['firstname'] = $addrFirstname;
    90. 

  90. 		$address = new Address();
    91. 

  91. 		$address->id_customer = 1;
    92. 

  92. 		$errors = array_unique(array_merge($errors, $address->validateControler()));
    93. 

  93. 		if (!sizeof($errors))
    94. 

  94. 		{
    95. 

  95. 			if (!$country = new Country($address->id_country) OR !Validate::isLoadedObject($country))
    96. 

  96. 				die(Tools::displayError());
    97. 

  97. 			if (intval($country->contains_states) AND !intval($address->id_state))
    98. 

  98. 				$errors[] = Tools::displayError('this country require a state selection');
    99. 

  99. 			else
    100. 

  100. 			{
    101. 

  101. 				$customer->active = 1;
    102. 

  102. 				if (!$customer->add())
    103. 

  103. 					$errors[] = Tools::displayError('an error occurred while creating your account');
    104. 

  104. 				else
    105. 

  105. 				{
    106. 

  106. 					$address->id_customer = intval($customer->id);
    107. 

  107. 					if (!$address->add())
    108. 

  108. 						$errors[] = Tools::displayError('an error occurred while creating your address');
    109. 

  109. 					else
    110. 

  110. 					{
    111. 

  111. 						if (!Mail::Send(intval($cookie->id_lang), 'account', 'Welcome!', 
    112. 

  112. 						array('{firstname}' => $customer->firstname, '{lastname}' => $customer->lastname, '{email}' => $customer->email, '{passwd}' => Tools::getValue('passwd')), $customer->email, $customer->firstname.' '.$customer->lastname))
    113. 

  113. 							$errors[] = Tools::displayError('cannot send email');
    114. 

  114. 						$smarty->assign('confirmation', 1);
    115. 

  115. 						$cookie->id_customer = intval($customer->id);
    116. 

  116. 						$cookie->customer_lastname = $customer->lastname;
    117. 

  117. 						$cookie->customer_firstname = $customer->firstname;
    118. 

  118. 						$cookie->passwd = $customer->passwd;
    119. 

  119. 						$cookie->logged = 1;
    120. 

  120. 						$cookie->email = $customer->email;
    121. 

  121. 						Module::hookExec('createAccount', array(
    122. 

  122. 							'_POST' => $_POST,
    123. 

  123. 							'newCustomer' => $customer
    124. 

  124. 						));
    125. 

  125. 						if ($back)
    126. 

  126. 							Tools::redirect($back);
    127. 

  127. 					}
    128. 

  128. 				}
    129. 

  129. 			}
    130. 

  130. 		}
    131. 

  131. 	}
    132. 

  132. }
    133. 

  133. 

  134. if (Tools::isSubmit('SubmitLogin'))
    135. 

  135. {
    136. 

  136. 	$passwd = trim(Tools::getValue('passwd'));
    137. 

  137. 	$email = trim(Tools::getValue('email'));
    138. 

  138. 	if (empty($email))
    139. 

  139. 		$errors[] = Tools::displayError('e-mail address is required');
    140. 

  140. 	elseif (!Validate::isEmail($email))
    141. 

  141. 		$errors[] = Tools::displayError('invalid e-mail address');
    142. 

  142. 	elseif (empty($passwd))
    143. 

  143. 		$errors[] = Tools::displayError('password is required');
    144. 

  144. 	elseif (Tools::strlen($passwd) > 32)
    145. 

  145. 		$errors[] = Tools::displayError('password is too long');
    146. 

  146. 	elseif (!Validate::isPasswd($passwd))
    147. 

  147. 		$errors[] = Tools::displayError('invalid password');
    148. 

  148. 	else
    149. 

  149. 	{
    150. 

  150. 		$customer = new Customer();
    151. 

  151. 		$authentication = $customer->getByemail(trim($email), trim($passwd));
    152. 

  152. 		/* Handle brute force attacks */
    153. 

  153. 		sleep(1);
    154. 

  154. 		if (!$authentication OR !$customer->id)
    155. 

  155. 			$errors[] = Tools::displayError('authentication failed');
    156. 

  156. 		else
    157. 

  157. 		{
    158. 

  158. 			$cookie->id_customer = intval($customer->id);
    159. 

  159. 			$cookie->customer_lastname = $customer->lastname;
    160. 

  160. 			$cookie->customer_firstname = $customer->firstname;
    161. 

  161. 			$cookie->logged = 1;
    162. 

  162. 			$cookie->passwd = $customer->passwd;
    163. 

  163. 			$cookie->email = $customer->email;
    164. 

  164. 			if (Configuration::get('PS_CART_FOLLOWING') AND (empty($cookie->id_cart) OR Cart::getNbProducts($cookie->id_cart) == 0))
    165. 

  165. 				$cookie->id_cart = intval(Cart::lastNoneOrderedCart(intval($customer->id)));
    166. 

  166. 			$id_address = intval(Address::getFirstCustomerAddressId(intval($customer->id)));
    167. 

  167. 			$cookie->id_address_delivery = $id_address;
    168. 

  168. 			$cookie->id_address_invoice = $id_address;
    169. 

  169. 			Module::hookExec('authentication');
    170. 

  170. 			if ($back = Tools::getValue('back'))
    171. 

  171. 				Tools::redirect($back);
    172. 

  172. 			Tools::redirect('my-account.php');
    173. 

  173. 		}
    174. 

  174. 	}
    175. 

  175. }
    176. 

  176. 

  177. if (isset($create_account))
    178. 

  178. {
    179. 

  179. 	/* Generate years, months and days */
    180. 

  180. 	if (isset($_POST['years']) AND is_numeric($_POST['years']))
    181. 

  181. 		$selectedYears = intval($_POST['years']);
    182. 

  182. 	$years = Tools::dateYears();
    183. 

  183. 	if (isset($_POST['months']) AND is_numeric($_POST['months']))
    184. 

  184. 		$selectedMonths = intval($_POST['months']);
    185. 

  185. 	$months = Tools::dateMonths();
    186. 

  186. 

  187. 	if (isset($_POST['days']) AND is_numeric($_POST['days']))
    188. 

  188. 		$selectedDays = intval($_POST['days']);
    189. 

  189. 	$days = Tools::dateDays();
    190. 

  190. 

  191. 	/* Select the most appropriate country */
    192. 

  192. 	if (isset($_POST['id_country']) AND is_numeric($_POST['id_country']))
    193. 

  193. 		$selectedCountry = intval($_POST['id_country']);
    194. 

  194. 	elseif (isset($_SERVER['HTTP_ACCEPT_LANGUAGE']))
    195. 

  195. 	{
    196. 

  196. 		$array = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
    197. 

  197. 		if (Validate::isLanguageIsoCode($array[0]))
    198. 

  198. 		{
    199. 

  199. 			$selectedCountry = Country::getByIso($array[0]);
    200. 

  200. 			if (!$selectedCountry)
    201. 

  201. 				$selectedCountry = intval(Configuration::get('PS_COUNTRY_DEFAULT'));
    202. 

  202. 		}
    203. 

  203. 	}
    204. 

  204. 	if (!isset($selectedCountry))
    205. 

  205. 		$selectedCountry = intval(Configuration::get('PS_COUNTRY_DEFAULT'));
    206. 

  206. 	$countries = Country::getCountries(intval($cookie->id_lang), true);
    207. 

  207. 

  208. 	$smarty->assign(array(
    209. 

  209. 		'years' => $years,
    210. 

  210. 		'sl_year' => (isset($selectedYears) ? $selectedYears : 0),
    211. 

  211. 		'months' => $months,
    212. 

  212. 		'sl_month' => (isset($selectedMonths) ? $selectedMonths : 0),
    213. 

  213. 		'days' => $days,
    214. 

  214. 		'sl_day' => (isset($selectedDays) ? $selectedDays : 0),
    215. 

  215. 		'countries' => $countries,
    216. 

  216. 		'sl_country' => (isset($selectedCountry) ? $selectedCountry : 0)
    217. 

  217. 	));
    218. 

  218. 

  219. 	/* Call a hook to display more information on form */
    220. 

  220. 	$smarty->assign(array('HOOK_CREATE_ACCOUNT_FORM' => Module::hookExec('createAccountForm'),
    221. 

  221. 																			'HOOK_CREATE_ACCOUNT_TOP' => Module::hookExec('createAccountTop')
    222. 

  222. 														));
    223. 

  223. }
    224. 

  224. 

  225. include(dirname(__FILE__).'/header.php');
    226. 

  226. 

  227. $smarty->assign('errors', $errors);
    228. 

  228. Tools::safePostVars();
    229. 

  229. $smarty->display(_PS_THEME_DIR_.'authentication.tpl');
    230. 

  230. 

  231. include(dirname(__FILE__).'/footer.php');
    232. 

  232. 

  233. ?>
    234. 

  234.