| Server IP : 213.186.33.4 / Your IP : 216.73.216.193 Web Server : Apache System : Linux webm006.cluster103.gra.hosting.ovh.net 5.15.206-ovh-vps-grsec-zfs-classid #1 SMP Fri May 15 02:41:25 UTC 2026 x86_64 User : awebpaca ( 35430) PHP Version : 8.5.0 Disable Function : _dyuweyrj4,_dyuweyrj4r,dl MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /home/awebpaca/boutiques/app/code/core/Mage/Customer/controllers/ |
Upload File : |
<?php
/**
* Magento
*
* NOTICE OF LICENSE
*
* This source file is subject to the Open Software License (OSL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/osl-3.0.php
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@magentocommerce.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade Magento to newer
* versions in the future. If you wish to customize Magento for your
* needs please refer to http://www.magentocommerce.com for more information.
*
* @category Mage
* @package Mage_Customer
* @copyright Copyright (c) 2010 Magento Inc. (http://www.magentocommerce.com)
* @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
*/
/**
* Customer account controller
*
* @category Mage
* @package Mage_Customer
* @author Magento Core Team <core@magentocommerce.com>
*/
class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
{
/**
* Action list where need check enabled cookie
*
* @var array
*/
protected $_cookieCheckActions = array('loginPost', 'create');
/**
* Retrieve customer session model object
*
* @return Mage_Customer_Model_Session
*/
protected function _getSession()
{
return Mage::getSingleton('customer/session');
}
/**
* Action predispatch
*
* Check customer authentication for some actions
*/
public function preDispatch()
{
// a brute-force protection here would be nice
parent::preDispatch();
if (!$this->getRequest()->isDispatched()) {
return;
}
$action = $this->getRequest()->getActionName();
if (!preg_match('/^(create|login|logoutSuccess|forgotpassword|forgotpasswordpost|confirm|confirmation)/i', $action)) {
if (!$this->_getSession()->authenticate($this)) {
$this->setFlag('', 'no-dispatch', true);
}
} else {
$this->_getSession()->setNoReferer(true);
}
}
/**
* Action postdispatch
*
* Remove No-referer flag from customer session after each action
*/
public function postDispatch()
{
parent::postDispatch();
$this->_getSession()->unsNoReferer(false);
}
/**
* Default customer account page
*/
public function indexAction()
{
$this->loadLayout();
$this->_initLayoutMessages('customer/session');
$this->_initLayoutMessages('catalog/session');
$this->getLayout()->getBlock('content')->append(
$this->getLayout()->createBlock('customer/account_dashboard')
);
$this->getLayout()->getBlock('head')->setTitle($this->__('My Account'));
$this->renderLayout();
}
/**
* Customer login form page
*/
public function loginAction()
{
if ($this->_getSession()->isLoggedIn()) {
$this->_redirect('*/*/');
return;
}
$this->getResponse()->setHeader('Login-Required', 'true');
$this->loadLayout();
$this->_initLayoutMessages('customer/session');
$this->_initLayoutMessages('catalog/session');
$this->renderLayout();
}
/**
* Login post action
*/
public function loginPostAction()
{
if ($this->_getSession()->isLoggedIn()) {
$this->_redirect('*/*/');
return;
}
$session = $this->_getSession();
if ($this->getRequest()->isPost()) {
$login = $this->getRequest()->getPost('login');
if (!empty($login['username']) && !empty($login['password'])) {
try {
$session->login($login['username'], $login['password']);
if ($session->getCustomer()->getIsJustConfirmed()) {
$this->_welcomeCustomer($session->getCustomer(), true);
}
} catch (Mage_Core_Exception $e) {
switch ($e->getCode()) {
case Mage_Customer_Model_Customer::EXCEPTION_EMAIL_NOT_CONFIRMED:
$message = Mage::helper('customer')->__('This account is not confirmed. <a href="%s">Click here</a> to resend confirmation email.', Mage::helper('customer')->getEmailConfirmationUrl($login['username']));
break;
case Mage_Customer_Model_Customer::EXCEPTION_INVALID_EMAIL_OR_PASSWORD:
$message = $e->getMessage();
break;
default:
$message = $e->getMessage();
}
$session->addError($message);
$session->setUsername($login['username']);
} catch (Exception $e) {
// Mage::logException($e); // PA DSS violation: this exception log can disclose customer password
}
} else {
$session->addError($this->__('Login and password are required.'));
}
}
$this->_loginPostRedirect();
}
/**
* Define target URL and redirect customer after logging in
*/
protected function _loginPostRedirect()
{
$session = $this->_getSession();
if (!$session->getBeforeAuthUrl() || $session->getBeforeAuthUrl() == Mage::getBaseUrl() ) {
// Set default URL to redirect customer to
$session->setBeforeAuthUrl(Mage::helper('customer')->getAccountUrl());
// Redirect customer to the last page visited after logging in
if ($session->isLoggedIn())
{
if (!Mage::getStoreConfigFlag('customer/startup/redirect_dashboard')) {
if ($referer = $this->getRequest()->getParam(Mage_Customer_Helper_Data::REFERER_QUERY_PARAM_NAME)) {
$referer = Mage::helper('core')->urlDecode($referer);
if ($this->_isUrlInternal($referer)) {
$session->setBeforeAuthUrl($referer);
}
}
}
else if ($session->getAfterAuthUrl()) {
$session->setBeforeAuthUrl($session->getAfterAuthUrl(true));
}
} else {
$session->setBeforeAuthUrl(Mage::helper('customer')->getLoginUrl());
}
} else if ($session->getBeforeAuthUrl() == Mage::helper('customer')->getLogoutUrl()) {
$session->setBeforeAuthUrl(Mage::helper('customer')->getDashboardUrl());
}
else {
if (!$session->getAfterAuthUrl()) {
$session->setAfterAuthUrl($session->getBeforeAuthUrl());
}
if ($session->isLoggedIn()) {
$session->setBeforeAuthUrl($session->getAfterAuthUrl(true));
}
}
$this->_redirectUrl($session->getBeforeAuthUrl(true));
}
/**
* Customer logout action
*/
public function logoutAction()
{
$this->_getSession()->logout()
->setBeforeAuthUrl(Mage::getUrl());
$this->_redirect('*/*/logoutSuccess');
}
/**
* Logout success page
*/
public function logoutSuccessAction()
{
$this->loadLayout();
$this->renderLayout();
}
/**
* Customer register form page
*/
public function createAction()
{
if ($this->_getSession()->isLoggedIn()) {
$this->_redirect('*/*');
return;
}
$this->loadLayout();
$this->_initLayoutMessages('customer/session');
$this->renderLayout();
}
/**
* Create customer account action
*/
public function createPostAction()
{
$session = $this->_getSession();
if ($session->isLoggedIn()) {
$this->_redirect('*/*/');
return;
}
$session->setEscapeMessages(true); // prevent XSS injection in user input
if ($this->getRequest()->isPost()) {
$errors = array();
if (!$customer = Mage::registry('current_customer')) {
$customer = Mage::getModel('customer/customer')->setId(null);
}
$data = $this->_filterPostData($this->getRequest()->getPost());
foreach (Mage::getConfig()->getFieldset('customer_account') as $code=>$node) {
if ($node->is('create') && isset($data[$code])) {
if ($code == 'email') {
$data[$code] = trim($data[$code]);
}
$customer->setData($code, $data[$code]);
}
}
if ($this->getRequest()->getParam('is_subscribed', false)) {
$customer->setIsSubscribed(1);
}
/**
* Initialize customer group id
*/
$customer->getGroupId();
if ($this->getRequest()->getPost('create_address')) {
$address = Mage::getModel('customer/address')
->setData($this->getRequest()->getPost())
->setIsDefaultBilling($this->getRequest()->getParam('default_billing', false))
->setIsDefaultShipping($this->getRequest()->getParam('default_shipping', false))
->setId(null);
$customer->addAddress($address);
$errors = $address->validate();
if (!is_array($errors)) {
$errors = array();
}
}
try {
$validationCustomer = $customer->validate();
if (is_array($validationCustomer)) {
$errors = array_merge($validationCustomer, $errors);
}
$validationResult = count($errors) == 0;
if (true === $validationResult) {
$customer->save();
if ($customer->isConfirmationRequired()) {
$customer->sendNewAccountEmail('confirmation', $session->getBeforeAuthUrl());
$session->addSuccess($this->__('Account confirmation is required. Please, check your email for the confirmation link. To resend the confirmation email please <a href="%s">click here</a>.', Mage::helper('customer')->getEmailConfirmationUrl($customer->getEmail())));
$this->_redirectSuccess(Mage::getUrl('*/*/index', array('_secure'=>true)));
return;
}
else {
$session->setCustomerAsLoggedIn($customer);
$url = $this->_welcomeCustomer($customer);
$this->_redirectSuccess($url);
return;
}
} else {
$session->setCustomerFormData($this->getRequest()->getPost());
if (is_array($errors)) {
foreach ($errors as $errorMessage) {
$session->addError($errorMessage);
}
}
else {
$session->addError($this->__('Invalid customer data'));
}
}
}
catch (Mage_Core_Exception $e) {
$session->setCustomerFormData($this->getRequest()->getPost());
if ($e->getCode() === Mage_Customer_Model_Customer::EXCEPTION_EMAIL_EXISTS) {
$url = Mage::getUrl('customer/account/forgotpassword');
$message = $this->__('There is already an account with this email address. If you are sure that it is your email address, <a href="%s">click here</a> to get your password and access your account.', $url);
$session->setEscapeMessages(false);
}
else {
$message = $e->getMessage();
}
$session->addError($message);
}
catch (Exception $e) {
$session->setCustomerFormData($this->getRequest()->getPost())
->addException($e, $this->__('Cannot save the customer.'));
}
}
$this->_redirectError(Mage::getUrl('*/*/create', array('_secure' => true)));
}
/**
* Add welcome message and send new account email.
* Returns success URL
*
* @param Mage_Customer_Model_Customer $customer
* @param bool $isJustConfirmed
* @return string
*/
protected function _welcomeCustomer(Mage_Customer_Model_Customer $customer, $isJustConfirmed = false)
{
$this->_getSession()->addSuccess($this->__('Thank you for registering with %s.', Mage::app()->getStore()->getFrontendName()));
$customer->sendNewAccountEmail($isJustConfirmed ? 'confirmed' : 'registered');
$successUrl = Mage::getUrl('*/*/index', array('_secure'=>true));
if ($this->_getSession()->getBeforeAuthUrl()) {
$successUrl = $this->_getSession()->getBeforeAuthUrl(true);
}
return $successUrl;
}
/**
* Confirm customer account by id and confirmation key
*/
public function confirmAction()
{
if ($this->_getSession()->isLoggedIn()) {
$this->_redirect('*/*/');
return;
}
try {
$id = $this->getRequest()->getParam('id', false);
$key = $this->getRequest()->getParam('key', false);
$backUrl = $this->getRequest()->getParam('back_url', false);
if (empty($id) || empty($key)) {
throw new Exception($this->__('Bad request.'));
}
// load customer by id (try/catch in case if it throws exceptions)
try {
$customer = Mage::getModel('customer/customer')->load($id);
if ((!$customer) || (!$customer->getId())) {
throw new Exception('Failed to load customer by id.');
}
}
catch (Exception $e) {
throw new Exception($this->__('Wrong customer account specified.'));
}
// check if it is inactive
if ($customer->getConfirmation()) {
if ($customer->getConfirmation() !== $key) {
throw new Exception($this->__('Wrong confirmation key.'));
}
// activate customer
try {
$customer->setConfirmation(null);
$customer->save();
}
catch (Exception $e) {
throw new Exception($this->__('Failed to confirm customer account.'));
}
// log in and send greeting email, then die happy
$this->_getSession()->setCustomerAsLoggedIn($customer);
$successUrl = $this->_welcomeCustomer($customer, true);
$this->_redirectSuccess($backUrl ? $backUrl : $successUrl);
return;
}
// die happy
$this->_redirectSuccess(Mage::getUrl('*/*/index', array('_secure'=>true)));
return;
}
catch (Exception $e) {
// die unhappy
$this->_getSession()->addError($e->getMessage());
$this->_redirectError(Mage::getUrl('*/*/index', array('_secure'=>true)));
return;
}
}
/**
* Send confirmation link to specified email
*/
public function confirmationAction()
{
$customer = Mage::getModel('customer/customer');
if ($this->_getSession()->isLoggedIn()) {
$this->_redirect('*/*/');
return;
}
// try to confirm by email
$email = $this->getRequest()->getPost('email');
if ($email) {
try {
$customer->setWebsiteId(Mage::app()->getStore()->getWebsiteId())->loadByEmail($email);
if (!$customer->getId()) {
throw new Exception('');
}
if ($customer->getConfirmation()) {
$customer->sendNewAccountEmail('confirmation');
$this->_getSession()->addSuccess($this->__('Please, check your email for confirmation key.'));
}
else {
$this->_getSession()->addSuccess($this->__('This email does not require confirmation.'));
}
$this->_getSession()->setUsername($email);
$this->_redirectSuccess(Mage::getUrl('*/*/index', array('_secure' => true)));
}
catch (Exception $e) {
$this->_getSession()->addError($this->__('Wrong email.'));
$this->_redirectError(Mage::getUrl('*/*/*', array('email' => $email, '_secure' => true)));
}
return;
}
// output form
$this->loadLayout();
$this->getLayout()->getBlock('accountConfirmation')
->setEmail($this->getRequest()->getParam('email', $email));
$this->_initLayoutMessages('customer/session');
$this->renderLayout();
}
/**
* Forgot customer password page
*/
public function forgotPasswordAction()
{
$this->loadLayout();
$this->getLayout()->getBlock('forgotPassword')->setEmailValue(
$this->_getSession()->getForgottenEmail()
);
$this->_getSession()->unsForgottenEmail();
$this->_initLayoutMessages('customer/session');
$this->renderLayout();
}
/**
* Forgot customer password action
*/
public function forgotPasswordPostAction()
{
$email = $this->getRequest()->getPost('email');
if ($email) {
if (!Zend_Validate::is($email, 'EmailAddress')) {
$this->_getSession()->setForgottenEmail($email);
$this->_getSession()->addError($this->__('Invalid email address.'));
$this->getResponse()->setRedirect(Mage::getUrl('*/*/forgotpassword'));
return;
}
$customer = Mage::getModel('customer/customer')
->setWebsiteId(Mage::app()->getStore()->getWebsiteId())
->loadByEmail($email);
if ($customer->getId()) {
try {
$newPassword = $customer->generatePassword();
$customer->changePassword($newPassword, false);
$customer->sendPasswordReminderEmail();
$this->_getSession()->addSuccess($this->__('A new password has been sent.'));
$this->getResponse()->setRedirect(Mage::getUrl('*/*'));
return;
}
catch (Exception $e){
$this->_getSession()->addError($e->getMessage());
}
}
else {
$this->_getSession()->addError($this->__('This email address was not found in our records.'));
$this->_getSession()->setForgottenEmail($email);
}
} else {
$this->_getSession()->addError($this->__('Please enter your email.'));
$this->getResponse()->setRedirect(Mage::getUrl('*/*/forgotpassword'));
return;
}
$this->getResponse()->setRedirect(Mage::getUrl('*/*/forgotpassword'));
}
/**
* Forgot customer account information page
*/
public function editAction()
{
$this->loadLayout();
$this->_initLayoutMessages('customer/session');
$this->_initLayoutMessages('catalog/session');
if ($block = $this->getLayout()->getBlock('customer_edit')) {
$block->setRefererUrl($this->_getRefererUrl());
}
$data = $this->_getSession()->getCustomerFormData(true);
$customer = $this->_getSession()->getCustomer();
if (!empty($data)) {
$customer->addData($data);
}
if($this->getRequest()->getParam('changepass')==1){
$customer->setChangePassword(1);
}
$this->getLayout()->getBlock('head')->setTitle($this->__('Account Information'));
$this->renderLayout();
}
/**
* Change customer password action
*/
public function editPostAction()
{
if (!$this->_validateFormKey()) {
return $this->_redirect('*/*/edit');
}
if ($this->getRequest()->isPost()) {
$customer = Mage::getModel('customer/customer')
->setId($this->_getSession()->getCustomerId())
->setWebsiteId($this->_getSession()->getCustomer()->getWebsiteId());
$fields = Mage::getConfig()->getFieldset('customer_account');
$data = $this->_filterPostData($this->getRequest()->getPost());
foreach ($fields as $code=>$node) {
if ($node->is('update') && isset($data[$code])) {
$customer->setData($code, $data[$code]);
}
}
$errors = $customer->validate();
if (!is_array($errors)) {
$errors = array();
}
/**
* we would like to preserver the existing group id
*/
if ($this->_getSession()->getCustomerGroupId()) {
$customer->setGroupId($this->_getSession()->getCustomerGroupId());
}
if ($this->getRequest()->getParam('change_password')) {
$currPass = $this->getRequest()->getPost('current_password');
$newPass = $this->getRequest()->getPost('password');
$confPass = $this->getRequest()->getPost('confirmation');
if (empty($currPass) || empty($newPass) || empty($confPass)) {
$errors[] = $this->__('The password fields cannot be empty.');
}
if ($newPass != $confPass) {
$errors[] = $this->__('Please make sure your passwords match.');
}
$oldPass = $this->_getSession()->getCustomer()->getPasswordHash();
if (strpos($oldPass, ':')) {
list($_salt, $salt) = explode(':', $oldPass);
} else {
$salt = false;
}
if ($customer->hashPassword($currPass, $salt) == $oldPass) {
$customer->setPassword($newPass);
} else {
$errors[] = $this->__('Invalid current password');
}
}
if (!empty($errors)) {
$this->_getSession()->setCustomerFormData($this->getRequest()->getPost());
foreach ($errors as $message) {
$this->_getSession()->addError($message);
}
$this->_redirect('*/*/edit');
return $this;
}
try {
$customer->save();
$this->_getSession()->setCustomer($customer)
->addSuccess($this->__('The account information has been saved.'));
$this->_redirect('customer/account');
return;
}
catch (Mage_Core_Exception $e) {
$this->_getSession()->setCustomerFormData($this->getRequest()->getPost())
->addError($e->getMessage());
}
catch (Exception $e) {
$this->_getSession()->setCustomerFormData($this->getRequest()->getPost())
->addException($e, $this->__('Cannot save the customer.'));
}
}
$this->_redirect('*/*/edit');
}
/**
* Filtering posted data. Converting localized data if needed
*
* @param array
* @return array
*/
protected function _filterPostData($data)
{
$data = $this->_filterDates($data, array('dob'));
return $data;
}
}