fix password reset
authorKonrad Rosenbaum <konrad@silmor.de>
Mon, 26 Jul 2021 15:48:21 +0000 (17:48 +0200)
committerKonrad Rosenbaum <konrad@silmor.de>
Mon, 26 Jul 2021 15:48:21 +0000 (17:48 +0200)
www/inc/wext/customer.php
www/index.php

index 408f0f2..8dc40da 100644 (file)
@@ -1,5 +1,5 @@
 <?php
-// (c) Konrad Rosenbaum, 2007-2011
+// (c) Konrad Rosenbaum, 2007-2021
 // protected under the GNU AGPL version 3 or at your option any newer
 // see COPYING.AGPL
 
@@ -43,11 +43,11 @@ class WOCustomer extends WOCustomerAbstract
                        $cn->customerid=$cc->getid();
                        $cn->insert();
                }
-               
+
                //return
                $trans->setcustomer(WOCustomer::fromTablecustomer($ct));
        }
-       
+
        /**called from ChangeCustomer transaction*/
        public static function changeCustomer($trans)
        {
@@ -129,11 +129,11 @@ class WOCustomer extends WOCustomerAbstract
                        if(!in_array($cn->contactid,$cnlist))
                                $cn->deleteFromDB();
                }
-               
+
                //return
                $trans->setcustomer(WOCustomer::fromTablecustomer($ct));
        }
-       
+
        /**called from DeleteCustomer transaction*/
        public static function deleteCustomer($trans)
        {
@@ -222,7 +222,7 @@ class WOCustomer extends WOCustomerAbstract
                //return
                $trans->setcountry(WOCountry::fromTablecountry($tab));
        }
-       
+
        /**called from CreateContactType transaction*/
        public static function createContactType($trans)
        {
@@ -245,7 +245,7 @@ class WOCustomer extends WOCustomerAbstract
                //return
                $trans->setcontacttype(WOContactType::fromTablecontacttype($tab));
        }
-       
+
        /**called from ChangeCustomerMail transaction*/
        public static function changeCustomerMail($trans)
        {
@@ -265,39 +265,34 @@ class WOCustomer extends WOCustomerAbstract
                //set return value
                $trans->setcustomer(WOCustomer::fromTablecustomer($ct));
        }
-       
-       ///the ResetCustomerPassword transaction
-       public static function resetPassword($trans)
+
+       ///reset customer password request - internal function used by resetPassword and resetPasswordPage
+       private function resetPasswordReq($ct)
        {
                //check for customer
-               $ct=WTcustomer::getFromDB($trans->getcustomerid());
-               if(!is_a($ct,"WTcustomer")){
-                       $trans->abortWithError(tr("Not a valid customer."));
-                       return;
-               }
                if(!isEmail($ct->email)){
-                       $trans->abortWithError(tr("Customer has no email address."));
-                       return;
+            error_log("not a mail ".$ct->email);
+                       return "nomail";
                }
                //set reset parameters
                global $CustomerResetTime,$MailFrom;
                $ct->rstcode=getRandom(160);
                $ct->rsttill=time()+$CustomerResetTime;
                $ct->update();
-               //init twig
+               //init twig (init is intelligent and will not double initialize)
                BaseVars::initTwig();
                BaseVars::init();
                //gather basics and render mail
                global $twig,$basevars;
                $p=$twig->loadTemplate("resetlogin.txt");
-               $list['customer']=WOCustomer::fromTablecustomer($ct);
+               $list['customer']=$this;
                $list['resetUrl']=$basevars['script']['customerResetLogin']
                        ."&customer=".urlencode($ct->email)
                        ."&passcode=".$ct->rstcode;
                $list['passcode']=$ct->rstcode;
                $page=explode("\n",trim($p->render($list)));
                //parse mail
-               if(count($page)<2)return;
+               if(count($page)<2)return "template";
                $subject=array_shift($page);
                $mode=0;
                $mailtext="";$mailheader="";
@@ -316,8 +311,55 @@ class WOCustomer extends WOCustomerAbstract
                else
                        $tmail=$ct->email;
                mail($tmail,$subject,$mailtext,$mailheader);
+               return "ok";
+       }
+
+       ///the ResetCustomerPassword transaction
+       public static function resetPassword($trans)
+       {
+               //check for customer
+               $ct=WTcustomer::getFromDB($trans->getcustomerid());
+               if(!is_a($ct,"WTcustomer")){
+                       $trans->abortWithError(tr("Not a valid customer."));
+                       return;
+               }
+               $ret=WOCustomer::fromTablecustomer($ct)->resetPasswordReq($ct);
+               if($ret=="nomail"){
+                       $trans->abortWithError(tr("Customer has no email address."));
+                       return;
+               }
+               if($ret=="template"){
+            $trans->abortWithError(tr("Mail template Error."));
+            return;
+        }
        }
-       
+
+       ///reset customer password request web page
+       public static function resetPasswordPage($next)
+       {
+               global $HTTPARGS,$db,$basevars,$twig;
+               $vars=$basevars;
+               //find customer
+               $nameidx=$basevars['inputnames']['login']['name'];
+               if(!isset($HTTPARGS[$nameidx])){
+                       return self::loginError("param");
+               }
+               $ct=WTcustomer::selectFromDB("email=".$db->escapeString($HTTPARGS[$nameidx]));
+               if(count($ct)<1){
+                       return self::loginError("login");
+               }
+               //send mail
+               $co=WOCustomer::fromTablecustomer($ct[0]);
+               $ret=$co->resetPasswordReq($ct[0]);
+               $vars['mail']=$HTTPARGS[$nameidx];
+               $vars['status']=$ret;
+               $vars['nextUrl']=$basevars['script'][$next];
+               //render
+               $p=$twig->loadTemplate('resetloginrequest.html');
+               $vars['customer']=$co;
+               return $p->render($vars);
+       }
+
        /**page shown to the customer after clicking the password reset link above*/
        static public function resetLoginPage()
        {
@@ -371,7 +413,7 @@ class WOCustomer extends WOCustomerAbstract
                $vars['passcode']=$HTTPARGS['passcode'];
                return $p->render($vars);
        }
-       
+
        /** creates a login page
 
        For templating info see \ref tpl_login Login Variables
@@ -386,7 +428,7 @@ class WOCustomer extends WOCustomerAbstract
                        $p=$twig->loadTemplate("carterror.html");
                        return $p->render($basevars);
                }
-               
+
                //cart is ok, now get the object
                $cart = WOWebCart::fromTablecart(WTcart::getFromDB($cartid));
                if(!is_a($cart,"WOWebCart")){
@@ -581,7 +623,7 @@ class WOCustomer extends WOCustomerAbstract
                //go to checkout page
                redirectHome(array("mode"=>"checkout"));
        }
-       
+
        ///callback for the GetCreateCustomerHints transaction
        static public function createHints($trans)
        {
index ca343a0..02c5d73 100644 (file)
@@ -94,7 +94,7 @@ try{
                        $page=WOCustomer::registerCustomer("checkout",true);
                        break;
                case "customerResetOrder": // reset password from order login page
-                       //TODO
+                       $page=WOCustomer::resetPasswordPage("orderLogin");
                        break;
                case "changeDeliveryAddress":
                case "changeInvoiceAddress": // change addresses