1: <?php
2: namespace Opencart\Admin\Controller\Common;
3: /**
4: * Class Forgotten
5: *
6: * @package Opencart\Admin\Controller\Common
7: */
8: class Forgotten extends \Opencart\System\Engine\Controller {
9: /**
10: * Index
11: *
12: * @return void
13: */
14: public function index(): void {
15: $this->load->language('common/forgotten');
16:
17: if ($this->user->isLogged() || !$this->config->get('config_mail_engine')) {
18: $this->response->redirect($this->url->link('common/login', '', true));
19: }
20:
21: $this->document->setTitle($this->language->get('heading_title'));
22:
23: $data['breadcrumbs'] = [];
24:
25: $data['breadcrumbs'][] = [
26: 'text' => $this->language->get('text_home'),
27: 'href' => $this->url->link('common/dashboard')
28: ];
29:
30: $data['breadcrumbs'][] = [
31: 'text' => $this->language->get('heading_title'),
32: 'href' => $this->url->link('common/forgotten')
33: ];
34:
35: $data['confirm'] = $this->url->link('common/forgotten.confirm');
36: $data['back'] = $this->url->link('common/login');
37:
38: $data['header'] = $this->load->controller('common/header');
39: $data['footer'] = $this->load->controller('common/footer');
40:
41: $this->response->setOutput($this->load->view('common/forgotten', $data));
42: }
43:
44: /**
45: * Confirm
46: *
47: * @return void
48: */
49: public function confirm(): void {
50: $this->load->language('common/forgotten');
51:
52: $json = [];
53:
54: // Stop any undefined index messages.
55: if ($this->user->isLogged() || !$this->config->get('config_mail_engine')) {
56: $json['redirect'] = $this->url->link('common/login', '', true);
57: }
58:
59: $keys = ['email'];
60:
61: foreach ($keys as $key) {
62: if (!isset($this->request->post[$key])) {
63: $this->request->post[$key] = '';
64: }
65: }
66:
67: $this->load->model('user/user');
68:
69: $user_info = $this->model_user_user->getUserByEmail($this->request->post['email']);
70:
71: if (!$user_info) {
72: $json['error'] = $this->language->get('error_email');
73: }
74:
75: if (!$json) {
76: $this->model_user_user->editCode($this->request->post['email'], oc_token(40));
77:
78: $this->session->data['success'] = $this->language->get('text_success');
79:
80: $json['redirect'] = $this->url->link('common/login', '', true);
81: }
82:
83: $this->response->addHeader('Content-Type: application/json');
84: $this->response->setOutput(json_encode($json));
85: }
86:
87: /**
88: * Reset
89: *
90: * @return void
91: */
92: public function reset(): void {
93: $this->load->language('common/forgotten');
94:
95: if (isset($this->request->get['email'])) {
96: $email = (string)$this->request->get['email'];
97: } else {
98: $email = '';
99: }
100:
101: if (isset($this->request->get['code'])) {
102: $code = (string)$this->request->get['code'];
103: } else {
104: $code = '';
105: }
106:
107: if ($this->user->isLogged() || !$this->config->get('config_mail_engine')) {
108: $this->response->redirect($this->url->link('common/login', '', true));
109: }
110:
111: $this->load->model('user/user');
112:
113: $user_info = $this->model_user_user->getUserByEmail($email);
114:
115: if (!$user_info || !$user_info['code'] || $user_info['code'] !== $code) {
116: $this->model_user_user->editCode($email, '');
117:
118: $this->session->data['error'] = $this->language->get('error_code');
119:
120: $this->response->redirect($this->url->link('common/login', '', true));
121: }
122:
123: $this->document->setTitle($this->language->get('heading_reset'));
124:
125: $data['breadcrumbs'] = [];
126:
127: $data['breadcrumbs'][] = [
128: 'text' => $this->language->get('text_home'),
129: 'href' => $this->url->link('common/dashboard')
130: ];
131:
132: $data['breadcrumbs'][] = [
133: 'text' => $this->language->get('heading_title'),
134: 'href' => $this->url->link('common/forgotten.reset')
135: ];
136:
137: $this->session->data['reset_token'] = substr(bin2hex(openssl_random_pseudo_bytes(26)), 0, 26);
138:
139: $data['reset'] = $this->url->link('common/forgotten.password', 'email=' . urlencode($email) . '&code=' . $code . '&reset_token=' . $this->session->data['reset_token']);
140: $data['back'] = $this->url->link('common/login');
141:
142: $data['header'] = $this->load->controller('common/header');
143: $data['footer'] = $this->load->controller('common/footer');
144:
145: $this->response->setOutput($this->load->view('common/forgotten_reset', $data));
146: }
147:
148: /**
149: * Password
150: *
151: * @return void
152: */
153: public function password(): void {
154: $this->load->language('common/forgotten');
155:
156: $json = [];
157:
158: if (isset($this->request->get['email'])) {
159: $email = (string)$this->request->get['email'];
160: } else {
161: $email = '';
162: }
163:
164: if (isset($this->request->get['code'])) {
165: $code = (string)$this->request->get['code'];
166: } else {
167: $code = '';
168: }
169:
170: $keys = [
171: 'password',
172: 'confirm'
173: ];
174:
175: foreach ($keys as $key) {
176: if (!isset($this->request->post[$key])) {
177: $this->request->post[$key] = '';
178: }
179: }
180:
181: if (!isset($this->request->get['reset_token']) || !isset($this->session->data['reset_token']) || ($this->session->data['reset_token'] != $this->request->get['reset_token'])) {
182: $this->session->data['error'] = $this->language->get('error_session');
183:
184: $json['redirect'] = $this->url->link('account/forgotten', '', true);
185: }
186:
187: $this->load->model('user/user');
188:
189: $user_info = $this->model_user_user->getUserByEmail($email);
190:
191: if (!$user_info || !$user_info['code'] || $user_info['code'] !== $code) {
192: $this->model_user_user->editCode($email, '');
193:
194: $this->session->data['error'] = $this->language->get('error_code');
195:
196: $json['redirect'] = $this->url->link('common/login', '', true);
197: }
198:
199: if (!$json) {
200: if ((oc_strlen(html_entity_decode($this->request->post['password'], ENT_QUOTES, 'UTF-8')) < 6) || (oc_strlen(html_entity_decode($this->request->post['password'], ENT_QUOTES, 'UTF-8')) > 40)) {
201: $json['error']['password'] = $this->language->get('error_password');
202: }
203:
204: if ($this->request->post['confirm'] != $this->request->post['password']) {
205: $json['error']['confirm'] = $this->language->get('error_confirm');
206: }
207: }
208:
209: if (!$json) {
210: $this->model_user_user->editPassword($user_info['user_id'], $this->request->post['password']);
211:
212: $this->session->data['success'] = $this->language->get('text_reset');
213:
214: unset($this->session->data['reset_token']);
215:
216: $json['redirect'] = $this->url->link('common/login', '', true);
217: }
218:
219: $this->response->addHeader('Content-Type: application/json');
220: $this->response->setOutput(json_encode($json));
221: }
222: }
223: