From 4b145f5c5fe1ff24b86a630e7a8047f26ae70e10 Mon Sep 17 00:00:00 2001 From: Konrad Rosenbaum Date: Mon, 26 Jul 2021 17:48:21 +0200 Subject: [PATCH] fix password reset --- www/inc/wext/customer.php | 90 +++++++++++++++++++++++++++++++++------------ www/index.php | 2 +- 2 files changed, 67 insertions(+), 25 deletions(-) diff --git a/www/inc/wext/customer.php b/www/inc/wext/customer.php index 408f0f2..8dc40da 100644 --- a/www/inc/wext/customer.php +++ b/www/inc/wext/customer.php @@ -1,5 +1,5 @@ customerid=$cc->getid(); $cn->insert(); } - + //return $trans->setcustomer(WOCustomer::fromTablecustomer($ct)); } - + /**called from ChangeCustomer transaction*/ public static function changeCustomer($trans) { @@ -129,11 +129,11 @@ class WOCustomer extends WOCustomerAbstract if(!in_array($cn->contactid,$cnlist)) $cn->deleteFromDB(); } - + //return $trans->setcustomer(WOCustomer::fromTablecustomer($ct)); } - + /**called from DeleteCustomer transaction*/ public static function deleteCustomer($trans) { @@ -222,7 +222,7 @@ class WOCustomer extends WOCustomerAbstract //return $trans->setcountry(WOCountry::fromTablecountry($tab)); } - + /**called from CreateContactType transaction*/ public static function createContactType($trans) { @@ -245,7 +245,7 @@ class WOCustomer extends WOCustomerAbstract //return $trans->setcontacttype(WOContactType::fromTablecontacttype($tab)); } - + /**called from ChangeCustomerMail transaction*/ public static function changeCustomerMail($trans) { @@ -265,39 +265,34 @@ class WOCustomer extends WOCustomerAbstract //set return value $trans->setcustomer(WOCustomer::fromTablecustomer($ct)); } - - ///the ResetCustomerPassword transaction - public static function resetPassword($trans) + + ///reset customer password request - internal function used by resetPassword and resetPasswordPage + private function resetPasswordReq($ct) { //check for customer - $ct=WTcustomer::getFromDB($trans->getcustomerid()); - if(!is_a($ct,"WTcustomer")){ - $trans->abortWithError(tr("Not a valid customer.")); - return; - } if(!isEmail($ct->email)){ - $trans->abortWithError(tr("Customer has no email address.")); - return; + error_log("not a mail ".$ct->email); + return "nomail"; } //set reset parameters global $CustomerResetTime,$MailFrom; $ct->rstcode=getRandom(160); $ct->rsttill=time()+$CustomerResetTime; $ct->update(); - //init twig + //init twig (init is intelligent and will not double initialize) BaseVars::initTwig(); BaseVars::init(); //gather basics and render mail global $twig,$basevars; $p=$twig->loadTemplate("resetlogin.txt"); - $list['customer']=WOCustomer::fromTablecustomer($ct); + $list['customer']=$this; $list['resetUrl']=$basevars['script']['customerResetLogin'] ."&customer=".urlencode($ct->email) ."&passcode=".$ct->rstcode; $list['passcode']=$ct->rstcode; $page=explode("\n",trim($p->render($list))); //parse mail - if(count($page)<2)return; + if(count($page)<2)return "template"; $subject=array_shift($page); $mode=0; $mailtext="";$mailheader=""; @@ -316,8 +311,55 @@ class WOCustomer extends WOCustomerAbstract else $tmail=$ct->email; mail($tmail,$subject,$mailtext,$mailheader); + return "ok"; + } + + ///the ResetCustomerPassword transaction + public static function resetPassword($trans) + { + //check for customer + $ct=WTcustomer::getFromDB($trans->getcustomerid()); + if(!is_a($ct,"WTcustomer")){ + $trans->abortWithError(tr("Not a valid customer.")); + return; + } + $ret=WOCustomer::fromTablecustomer($ct)->resetPasswordReq($ct); + if($ret=="nomail"){ + $trans->abortWithError(tr("Customer has no email address.")); + return; + } + if($ret=="template"){ + $trans->abortWithError(tr("Mail template Error.")); + return; + } } - + + ///reset customer password request web page + public static function resetPasswordPage($next) + { + global $HTTPARGS,$db,$basevars,$twig; + $vars=$basevars; + //find customer + $nameidx=$basevars['inputnames']['login']['name']; + if(!isset($HTTPARGS[$nameidx])){ + return self::loginError("param"); + } + $ct=WTcustomer::selectFromDB("email=".$db->escapeString($HTTPARGS[$nameidx])); + if(count($ct)<1){ + return self::loginError("login"); + } + //send mail + $co=WOCustomer::fromTablecustomer($ct[0]); + $ret=$co->resetPasswordReq($ct[0]); + $vars['mail']=$HTTPARGS[$nameidx]; + $vars['status']=$ret; + $vars['nextUrl']=$basevars['script'][$next]; + //render + $p=$twig->loadTemplate('resetloginrequest.html'); + $vars['customer']=$co; + return $p->render($vars); + } + /**page shown to the customer after clicking the password reset link above*/ static public function resetLoginPage() { @@ -371,7 +413,7 @@ class WOCustomer extends WOCustomerAbstract $vars['passcode']=$HTTPARGS['passcode']; return $p->render($vars); } - + /** creates a login page For templating info see \ref tpl_login Login Variables @@ -386,7 +428,7 @@ class WOCustomer extends WOCustomerAbstract $p=$twig->loadTemplate("carterror.html"); return $p->render($basevars); } - + //cart is ok, now get the object $cart = WOWebCart::fromTablecart(WTcart::getFromDB($cartid)); if(!is_a($cart,"WOWebCart")){ @@ -581,7 +623,7 @@ class WOCustomer extends WOCustomerAbstract //go to checkout page redirectHome(array("mode"=>"checkout")); } - + ///callback for the GetCreateCustomerHints transaction static public function createHints($trans) { diff --git a/www/index.php b/www/index.php index ca343a0..02c5d73 100644 --- a/www/index.php +++ b/www/index.php @@ -94,7 +94,7 @@ try{ $page=WOCustomer::registerCustomer("checkout",true); break; case "customerResetOrder": // reset password from order login page - //TODO + $page=WOCustomer::resetPasswordPage("orderLogin"); break; case "changeDeliveryAddress": case "changeInvoiceAddress": // change addresses -- 1.7.2.5