I have to integrate PrestaShop 1.5 with pre-existing symfony application.
Through webservices, I can keep the databases in sync so a user can perform login with the same data on both PrestaShop and application software.
Now I want to to ensure that logging in application, the user is automatically logged in the PrestaShop platform.
Can you help me?
I don't know if you're still searching for a solution but there is a way actually.
DO MAKE SURE IT IS A SECURE LOGIN.
Since you're giving access to all prestashop data do make sure the login is very secure. I've been able to recreate it with PHP I think that with some additions you're able to recreate it the way you want it. See it as a guideline.
To create a login system by using the prestashop webservice you'll need three things
Access through webservice to the customers table
The COOKIE_KEY, defined in app/config -> parameters.php:: 'cookie_key' => '12321test';
Some expierence with PHP
The first thing is to get the customers table from the webservice.
// code placeholder
require_once('./../PSWebServiceLibrary.php');
/**
* get information from PrestaShop
*/
$webService = new PrestaShopWebservice($url, $key, $debug);
$COOKIE_KEY = 'CookieKey';
$email = $_REQUEST['email'];
$password = $_REQUEST['password'];
$optUser = array(
'resource' => 'customers',
'filter[email]' => '[' . $email . ']',
'display' => '[id,email,lastname,firstname,passwd]'
);
$resultUser = ($webService->get($optUser));
$json = json_encode($resultUser);
The second and most important thing is to Check the user input
// code placeholder
foreach ($resultUser->customers->customer as $info) {
// Prestashop uses the cookie_key in combination with a salt key. To check the password use the php function: password_verify();
$salt = substr($info->passwd, strrpos($info->passwd, ':') + 1, 2);
$ZCpassword = md5($COOKIE_KEY . $password) . ':' . $salt;
// Check if password comparison is true or false
if (password_verify($password, $info->passwd) == true) {
session_start();
$response = array();
$response['status'] = 'succes';
$response['message'] = "You did it!";
setcookie("userId", $info->id);
header('Content-type: application/json');
echo json_encode($response);
} else {
$response = array();
$response['status'] = 'error';
$response['message'] = 'Wrong password';
header('Content-type: application/json');
echo json_encode($response);
}
}
This is how to reproduce the issue to a working example.
What i've used is setting a cookie and check if it exists!
Hope this helps!
Related
Is there any mail-tags to use?
for instance; for tracking client's ip we can use; [_remote_ip]
First step is to create an API key. To get an API key we have to register in the site IPInfoDB.
Once API key is ready we have to download the file ip2locationlite.class.php from the site IPInfoDB.
Next step is to create our custom plugin.I named it as "country_custom_plugin.php". Its always good to create a custom plugin inside a folder, so that all the required files for the corresponding plugin stays in the folder. Named the folder as "country_custom_plugin"
Move the file "ip2locationlite.class.php" to the folder "country_custom_plugin".
/*Calling the function from contact-form-7 module and passing the result of the function stylus_ip_location_get_cc */
add_filter( 'wpcf7_special_mail_tags', 'country_custom_ip_location', 10, 2 );
/*Function to get location of an user from the ip address*/
function country_custom_ip_location( $output, $name ){
/*including the third party integration to get IP Location*/
include_once('ip2locationlite.class.php');
/*Special tag values are passed in format wpcf7.$name which we convert to _$name*/
$name = preg_replace( '/^wpcf7\./', '_', $name );
/*If location is requested in contact form enter the loop*/
if ( '_custom_ip_location' == $name ) {
$ipLite = new ip2location_lite;
/*Entering the API key value generated*/
$ipLite->setKey('"Enter your API Key Here"');
/*Getting the IP address*/
$ipaddress = preg_replace( '/[^0-9a-f.:, ]/', '', $_SERVER['REMOTE_ADDR'] );
/*Getting the Location*/
$visitorGeolocation = $ipLite->getCity($ipaddress);
if (!empty($visitorGeolocation) && is_array($visitorGeolocation)) {
$output = $visitorGeolocation['regionName'] . ', ' . $visitorGeolocation['countryName'] . ', ' . $visitorGeolocation['countryCode'];
}
}
return $output;
}
Reference.Hope this will help. Please let me know if any issue.
I have added custom fields on registration to allow the user to input their own password and have also created code to generate a verification code which then gets emailed over to the user. Of course, the users needs to click the link in the email before they can log in.
Here's where I am stuck. I am trying to add my own authentication to check the status of the verification when the user tried to log in.
Here's my code which isn't working;
function check_validation_status($username) {
$user = get_user_by('login', $username);
$userID = $user->ID;
$status = get_user_meta($userID, 'verified', true);
if($status == '0') {
return;
}
}
add_action('wp_authenticate', 'check_validation_status');
Unfortunately this code doesn't seem to do anything. I have also tried the following (hooking into a different action)
function check_validation_status($username) {
$user = get_user_by('login', $username);
$userID = $user->ID;
$status = get_user_meta($userID, 'verified', true);
if($status == '0') {
wp_logout(); // works but doesn't show an error :(
}
}
add_action('wp_login', 'check_validation_status');
This code is successfulling logging the user straight out if they are not verified however it shows no form of error to the user, they just get redirected straight back to the login page.
Logging the user in but straight back out seems like a sloppy way to do it, is there a way to prevent the log in in the first place?
I have managed to fix this issue now. I instead needed to hook into wp_authenticate_user and return a WP_Error. Here is my working code, I hope it helps someone out in the future.
function check_validation_status($user, $password) {
$userID = $user->ID;
$status = get_user_meta($userID, 'verified', true);
if($status == '0') {
$errors = new WP_Error();
$errors->add('title_error', __('<strong>ERROR</strong>: This account has not been verified.', 'podium'));
return $errors;
}
return $user;
}
add_action('wp_authenticate_user', 'check_validation_status', 10, 2);
I have change password at front-end and i m using wp_user_update function,but when user change password it have been log out. the problem is that my old cookies is not updated,so how to update password without log out.have any idea?..
global $wpdb, $current_user;
$user_id = $current_user->ID;
wp_update_user(array('ID'=>$user_id,'user_pass'=>$_POST['user_pass']));
The answer by Aaron Forgue at the WordPress Support is 3 years old, but might be interesting. I had to change the $wpdb->query() to make it work:
global $wpdb;
$profile_id = $_POST['prof_id'];
$username = $_POST['log_name'];
$password = $_POST['wachtwoord'];
$md5password = wp_hash_password($password);
// You may want to use $wpdb->prepare() here. As it stands, malicous code could be passed in via $_POST['prof_id'] or $_POST['log_name']
$wpdb->query( $wpdb->prepare(
"
UPDATE $wpdb->users SET user_pass = %s WHERE ID = %d
",
$md5password,
$profile_id
) );
// Here is the magic:
wp_cache_delete($profile_id, 'users');
wp_cache_delete($username, 'userlogins'); // This might be an issue for how you are doing it. Presumably you'd need to run this for the ORIGINAL user login name, not the new one.
wp_logout();
wp_signon(array('user_login' => $username, 'user_password' => $password));
Credits go to this plugin for the above trick: http://wordpress.org/extend/plugins/change-password-e-mail/
As mentioned by Robahas, make sure that this code is run before headers are sent, else the wp_signon() will not work and the user will be logged out anyway.
Originally creating a normal registration form (email + password) using the symfony form builder i found no problems at all registering my users.
For some technical issues and strategic stuff im not using any more the symfony form builder and i just made a common html form. The username, salt and password gets saved in database but when i tried to login it does not work, so the password or salt are wrong, and that makes me think that maybe the salt is created using a token send as a hidden field created by the symfony form builder, am i right?
So, originally since the symfony form builder allows you to parse the data directly into an entity i did something like this:
if( 'POST' === $this->getRequest( )->getMethod() ) {
$form->bindRequest( $this->getRequest( ) );
if( $form->isValid( ) ) {
$userSignup = $form->getData( );
$user = $userSignup->getUser( );
$user->setPassword( $this->_encodePassword( $user ) );
Now, since im using a normal form:
if(isset($_GET['user_signup']['user']['username']) && $this->_validemail($_GET['user_signup']['user']['username'])) $username = $_GET['user_signup']['user']['username']; else die('BAD EMAIL');
if(isset($_GET['user_signup']['user']['password']) && strlen($_GET['user_signup']['user']['password']) >= 5 && strlen($_GET['user_signup']['user']['password']) <= 20) $password = $_GET['user_signup']['user']['password']; else die('BAD PASSWORD');
$user = new user();
$user->setUsername($username);
$user->setPassword( $this->_encodePassword( $user ) );
The encodePassword function:
protected function _encodePassword( User $user )
{
$factory = $this->get( 'security.encoder_factory' );
$encoder = $factory->getEncoder( $user );
return $encoder->encodePassword( $user->getPassword( ), $user->getSalt( ) );
}
Im re utilizing someone else code so maybe im having trouble understanding how encodePassword works.
If you want registration system in your web application install FOSUserBundle.
Then you can use the userManager for create, register and edit any user.
you should create a salt first (using some random function) and use $user->setSalt($salt) in your controller ...
... or generate the salt inside the User's __construct() method.
FOSUserBundle i.e. creates the salt in the constructor of the User object using:
public function __construct()
{
$this->salt = base_convert(sha1(uniqid(mt_rand(), true)), 16, 36);
// ...
}
reference here.
Otherwise the encoder called at $this->_encodePassword($user) won't find the salt calling the user object's getter getSalt().
tip:
In symfony2 you should never try to access GET parameters using $_GET ...
... use the Request object instead.
Please read the Symfony2 and HTTP Fundamentals chapter of the book.
i have tried everything i could find to set the user password on registration, but no success... I have the fields showing up, the verification(if the passwords match etc) i print them on screen, i print the userid on screen so every argument needed is there, but the function doesn't seem to work at all...
This doesn't work...
$newpassword = "zzzzzz";
update_user_meta($user_id, 'user_pass', $newpassword);
This doesn't work either...
add_action( 'user_register', 'ts_register_extra_fields', 10 );
function ts_register_extra_fields($user_id, $password='11',$meta = array()){
$userdata = array();
if ( $_POST['password'] !== '' ) {
$userdata['user_pass'] = $_POST['password'];
}
$new_user_id = wp_update_user( $userdata );
}
My customer needs this for tomorrow, so I'm totally lost by now, i have no clue on why it's not working...
Forgot to add, all this code is added in the functions.php of my theme. (It gets into it as i already said that i post the variables on screen).
add_action( 'user_register', 'ts_register_extra_fields', 100 );
function ts_register_extra_fields( $user_id, $password = '', $meta = array() ) {
$userdata = array();
$userdata['ID'] = $user_id;
$userdata['contacto'] = $_POST['contacto'];
$userdata['nif'] = $_POST['nif'];
if ( $_POST['password'] !== '' ) {
$userdata['user_pass'] = $_POST['password'];
echo "im in";
}
$new_user_id = wp_insert_user( $userdata );
echo "id-".$userdata['ID'];
echo "contacto-".$userdata['contacto'];
echo "nif-".$userdata['nif'];
echo "pass-".$userdata['user_pass'];
}
All those echos output the correct data... for example id = 195 the next time i try 196 etc...
contacto and nif show the data that i input in the custom registration field and the pass also shows the data that i had inputed in the custom registration field password...
First of all, I think WordPress is using MD5 encryption for passwords.
$hash = wp_hash_password( $newpassword );
// then wp_update_user with $hash as the user_pass value
Secondly, you shouldn't send passwords in clear text over the Internet. If you can encrypt the password with javascript before you send it, it would probably be a lot safer.
At last, give a shot at updating an existing user by specifying ID in wp_update_user.
A HA! Found the error. I have another plugin installed called "New User Aprovement" which required an administrator aprovement in order for the user to login. That plugin when the administrator accepted the user to login, generated another password (to be able to send the password to the user in a readable mode), invalidating the password update that i made when the user registered(because it generated a random password after the admin accept).
I found this by disabling the plugin and testing the functions.php. It did work. In order to make them both work i just erased the code in the plugin that generated a random password. Although the user doesn't receive the account summary via email. It works for my needs.
Best Regards,
Vcoder