Magento: app/code/core/Mage/Customer/controllers/AccountController.php Source File

00001 <?php
00002 /**
00003  * Magento
00004  *
00005  * NOTICE OF LICENSE
00006  *
00007  * This source file is subject to the Open Software License (OSL 3.0)
00008  * that is bundled with this package in the file LICENSE.txt.
00009  * It is also available through the world-wide-web at this URL:
00010  * http://opensource.org/licenses/osl-3.0.php
00011  * If you did not receive a copy of the license and are unable to
00012  * obtain it through the world-wide-web, please send an email
00013  * to license@magentocommerce.com so we can send you a copy immediately.
00014  *
00015  * DISCLAIMER
00016  *
00017  * Do not edit or add to this file if you wish to upgrade Magento to newer
00018  * versions in the future. If you wish to customize Magento for your
00019  * needs please refer to http://www.magentocommerce.com for more information.
00020  *
00021  * @category   Mage
00022  * @package    Mage_Customer
00023  * @copyright  Copyright (c) 2008 Irubin Consulting Inc. DBA Varien (http://www.varien.com)
00024  * @license    http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
00025  */
00026 
00027 /**
00028  * Customer account controller
00029  *
00030  * @category   Mage
00031  * @package    Mage_Customer
00032  * @author      Magento Core Team <core@magentocommerce.com>
00033  */
00034 class Mage_Customer_AccountController extends Mage_Core_Controller_Front_Action
00035 {
00036     /**
00037      * Action list where need check enabled cookie
00038      *
00039      * @var array
00040      */
00041     protected $_cookieCheckActions = array('loginPost', 'create');
00042 
00043     /**
00044      * Retrieve customer session model object
00045      *
00046      * @return Mage_Customer_Model_Session
00047      */
00048     protected function _getSession()
00049     {
00050         return Mage::getSingleton('customer/session');
00051     }
00052 
00053     /**
00054      * Action predispatch
00055      *
00056      * Check customer authentication for some actions
00057      */
00058     public function preDispatch()
00059     {
00060         // a brute-force protection here would be nice
00061 
00062         parent::preDispatch();
00063 
00064         if (!$this->getRequest()->isDispatched()) {
00065             return;
00066         }
00067 
00068         $action = $this->getRequest()->getActionName();
00069         if (!preg_match('/^(create|login|logoutSuccess|forgotpassword|forgotpasswordpost|confirm|confirmation)/i', $action)) {
00070             if (!$this->_getSession()->authenticate($this)) {
00071                 $this->setFlag('', 'no-dispatch', true);
00072             }
00073         }
00074     }
00075 
00076     /**
00077      * Default customer account page
00078      */
00079     public function indexAction()
00080     {
00081         $this->loadLayout();
00082         $this->_initLayoutMessages('customer/session');
00083         $this->_initLayoutMessages('catalog/session');
00084 
00085         $this->getLayout()->getBlock('content')->append(
00086             $this->getLayout()->createBlock('customer/account_dashboard')
00087         );
00088         $this->getLayout()->getBlock('head')->setTitle($this->__('My Account'));
00089         $this->renderLayout();
00090     }
00091 
00092     /**
00093      * Customer login form page
00094      */
00095     public function loginAction()
00096     {
00097         if ($this->_getSession()->isLoggedIn()) {
00098             $this->_redirect('*/*/');
00099             return;
00100         }
00101         $this->getResponse()->setHeader('Login-Required', 'true');
00102         $this->loadLayout();
00103         $this->_initLayoutMessages('customer/session');
00104         $this->_initLayoutMessages('catalog/session');
00105         $this->renderLayout();
00106     }
00107 
00108     /**
00109      * Login post action
00110      */
00111     public function loginPostAction()
00112     {
00113         if ($this->_getSession()->isLoggedIn()) {
00114             $this->_redirect('*/*/');
00115             return;
00116         }
00117         $session = $this->_getSession();
00118 
00119         if ($this->getRequest()->isPost()) {
00120             $login = $this->getRequest()->getPost('login');
00121             if (!empty($login['username']) && !empty($login['password'])) {
00122                 try {
00123                     $session->login($login['username'], $login['password']);
00124                     if ($session->getCustomer()->getIsJustConfirmed()) {
00125                         $this->_welcomeCustomer($session->getCustomer(), true);
00126                     }
00127                 }
00128                 catch (Exception $e) {
00129                     switch ($e->getCode()) {
00130                         case Mage_Customer_Model_Customer::EXCEPTION_EMAIL_NOT_CONFIRMED:
00131                             $message = Mage::helper('customer')->__('This account is not confirmed. <a href="%s">Click here</a> to resend confirmation email.',
00132                                 Mage::helper('customer')->getEmailConfirmationUrl($login['username'])
00133                             );
00134                             break;
00135                         case Mage_Customer_Model_Customer::EXCEPTION_INVALID_EMAIL_OR_PASSWORD:
00136                             $message = $e->getMessage();
00137                             break;
00138                         default:
00139                             $message = $e->getMessage();
00140                     }
00141                     $session->addError($message);
00142                     $session->setUsername($login['username']);
00143                 }
00144             } else {
00145                 $session->addError($this->__('Login and password are required'));
00146             }
00147         }
00148         if (!$session->getBeforeAuthUrl() || $session->getBeforeAuthUrl() == Mage::getBaseUrl() ) {
00149             $session->setBeforeAuthUrl(Mage::helper('customer')->getAccountUrl());
00150         }
00151         $this->_redirectUrl($session->getBeforeAuthUrl(true));
00152     }
00153 
00154     /**
00155      * Customer logout action
00156      */
00157     public function logoutAction()
00158     {
00159         $this->_getSession()->logout()
00160             ->setBeforeAuthUrl(Mage::getUrl());
00161 
00162         $this->_redirect('*/*/logoutSuccess');
00163     }
00164 
00165     /**
00166      * Logout success page
00167      */
00168     public function logoutSuccessAction()
00169     {
00170         $this->loadLayout();
00171         $this->renderLayout();
00172     }
00173 
00174     /**
00175      * Customer register form page
00176      */
00177     public function createAction()
00178     {
00179         if ($this->_getSession()->isLoggedIn()) {
00180             $this->_redirect('*/*');
00181             return;
00182         }
00183 
00184         $this->loadLayout();
00185         $this->_initLayoutMessages('customer/session');
00186         $this->renderLayout();
00187     }
00188 
00189     /**
00190      * Create customer account action
00191      */
00192     public function createPostAction()
00193     {
00194         if ($this->_getSession()->isLoggedIn()) {
00195             $this->_redirect('*/*/');
00196             return;
00197         }
00198         if ($this->getRequest()->isPost()) {
00199             $errors = array();
00200 
00201             if (!$customer = Mage::registry('current_customer')) {
00202                 $customer = Mage::getModel('customer/customer')->setId(null);
00203             }
00204 
00205             foreach (Mage::getConfig()->getFieldset('customer_account') as $code=>$node) {
00206                 if ($node->is('create') && ($value = $this->getRequest()->getParam($code)) !== null) {
00207                     $customer->setData($code, $value);
00208                 }
00209             }
00210 
00211             if ($this->getRequest()->getParam('is_subscribed', false)) {
00212                 $customer->setIsSubscribed(1);
00213             }
00214 
00215             /**
00216              * Initialize customer group id
00217              */
00218             $customer->getGroupId();
00219 
00220             if ($this->getRequest()->getPost('create_address')) {
00221                 $address = Mage::getModel('customer/address')
00222                     ->setData($this->getRequest()->getPost())
00223                     ->setIsDefaultBilling($this->getRequest()->getParam('default_billing', false))
00224                     ->setIsDefaultShipping($this->getRequest()->getParam('default_shipping', false))
00225                     ->setId(null);
00226                 $customer->addAddress($address);
00227 
00228                 $errors = $address->validate();
00229                 if (!is_array($errors)) {
00230                     $errors = array();
00231                 }
00232             }
00233 
00234             try {
00235                 $validationCustomer = $customer->validate();
00236                 if (is_array($validationCustomer)) {
00237                     $errors = array_merge($validationCustomer, $errors);
00238                 }
00239                 $validationResult = count($errors) == 0;
00240 
00241                 if (true === $validationResult) {
00242                     $customer->save();
00243 
00244                     if ($customer->isConfirmationRequired()) {
00245                         $customer->sendNewAccountEmail('confirmation', $this->_getSession()->getBeforeAuthUrl());
00246                         $this->_getSession()->addSuccess($this->__('Account confirmation is required. Please, check your e-mail for confirmation link. To resend confirmation email please <a href="%s">click here</a>.',
00247                             Mage::helper('customer')->getEmailConfirmationUrl($customer->getEmail())
00248                         ));
00249                         $this->_redirectSuccess(Mage::getUrl('*/*/index', array('_secure'=>true)));
00250                         return;
00251                     }
00252                     else {
00253                         $this->_getSession()->setCustomerAsLoggedIn($customer);
00254                         $url = $this->_welcomeCustomer($customer);
00255                         $this->_redirectSuccess($url);
00256                         return;
00257                     }
00258                 } else {
00259                     $this->_getSession()->setCustomerFormData($this->getRequest()->getPost());
00260                     if (is_array($errors)) {
00261                         foreach ($errors as $errorMessage) {
00262                             $this->_getSession()->addError($errorMessage);
00263                         }
00264                     }
00265                     else {
00266                         $this->_getSession()->addError($this->__('Invalid customer data'));
00267                     }
00268                 }
00269             }
00270             catch (Mage_Core_Exception $e) {
00271                 $this->_getSession()->addError($e->getMessage())
00272                     ->setCustomerFormData($this->getRequest()->getPost());
00273             }
00274             catch (Exception $e) {
00275                 $this->_getSession()->setCustomerFormData($this->getRequest()->getPost())
00276                     ->addException($e, $this->__('Can\'t save customer'));
00277             }
00278         }
00279 
00280         $this->_redirectError(Mage::getUrl('*/*/create', array('_secure'=>true)));
00281     }
00282 
00283     /**
00284      * Add welcome message and send new account email.
00285      * Returns success URL
00286      *
00287      * @param Mage_Customer_Model_Customer $customer
00288      * @param bool $isJustConfirmed
00289      * @return string
00290      */
00291     protected function _welcomeCustomer(Mage_Customer_Model_Customer $customer, $isJustConfirmed = false)
00292     {
00293         $this->_getSession()->addSuccess($this->__('Thank you for registering with %s', Mage::app()->getStore()->getName()));
00294 
00295         $customer->sendNewAccountEmail($isJustConfirmed ? 'confirmed' : 'registered');
00296 
00297         $successUrl = Mage::getUrl('*/*/index', array('_secure'=>true));
00298         if ($this->_getSession()->getBeforeAuthUrl()) {
00299             $successUrl = $this->_getSession()->getBeforeAuthUrl(true);
00300         }
00301         return $successUrl;
00302     }
00303 
00304     /**
00305      * Confirm customer account by id and confirmation key
00306      */
00307     public function confirmAction()
00308     {
00309         if ($this->_getSession()->isLoggedIn()) {
00310             $this->_redirect('*/*/');
00311             return;
00312         }
00313         try {
00314             $id      = $this->getRequest()->getParam('id', false);
00315             $key     = $this->getRequest()->getParam('key', false);
00316             $backUrl = $this->getRequest()->getParam('back_url', false);
00317             if (empty($id) || empty($key)) {
00318                 throw new Exception($this->__('Bad request.'));
00319             }
00320 
00321             // load customer by id (try/catch in case if it throws exceptions)
00322             try {
00323                 $customer = Mage::getModel('customer/customer')->load($id);
00324                 if ((!$customer) || (!$customer->getId())) {
00325                     throw new Exception('Failed to load customer by id.');
00326                 }
00327             }
00328             catch (Exception $e) {
00329                 throw new Exception($this->__('Wrong customer account specified.'));
00330             }
00331 
00332             // check if it is inactive
00333             if ($customer->getConfirmation()) {
00334                 if ($customer->getConfirmation() !== $key) {
00335                     throw new Exception($this->__('Wrong confirmation key.'));
00336                 }
00337 
00338                 // activate customer
00339                 try {
00340                     $customer->setConfirmation(null);
00341                     $customer->save();
00342                 }
00343                 catch (Exception $e) {
00344                     throw new Exception($this->__('Failed to confirm customer account.'));
00345                 }
00346 
00347                 // log in and send greeting email, then die happy
00348                 $this->_getSession()->setCustomerAsLoggedIn($customer);
00349                 $successUrl = $this->_welcomeCustomer($customer, true);
00350                 $this->_redirectSuccess($backUrl ? $backUrl : $successUrl);
00351                 return;
00352             }
00353 
00354             // die happy
00355             $this->_redirectSuccess(Mage::getUrl('*/*/index', array('_secure'=>true)));
00356             return;
00357         }
00358         catch (Exception $e) {
00359             // die unhappy
00360             $this->_getSession()->addError($e->getMessage());
00361             $this->_redirectError(Mage::getUrl('*/*/index', array('_secure'=>true)));
00362             return;
00363         }
00364     }
00365 
00366     /**
00367      * Send confirmation link to specified email
00368      */
00369     public function confirmationAction()
00370     {
00371         $customer = Mage::getModel('customer/customer');
00372         if ($this->_getSession()->isLoggedIn()) {
00373             $this->_redirect('*/*/');
00374             return;
00375         }
00376 
00377         // try to confirm by email
00378         $email = $this->getRequest()->getPost('email');
00379         if ($email) {
00380             try {
00381                 $customer->setWebsiteId(Mage::app()->getStore()->getWebsiteId())->loadByEmail($email);
00382                 if (!$customer->getId()) {
00383                     throw new Exception('');
00384                 }
00385                 if ($customer->getConfirmation()) {
00386                     $customer->sendNewAccountEmail('confirmation');
00387                     $this->_getSession()->addSuccess($this->__('Please, check your e-mail for confirmation key.'));
00388                 }
00389                 else {
00390                     $this->_getSession()->addSuccess($this->__('This e-mail does not require confirmation.'));
00391                 }
00392                 $this->_getSession()->setUsername($email);
00393                 $this->_redirectSuccess(Mage::getUrl('*/*/index', array('_secure' => true)));
00394             }
00395             catch (Exception $e) {
00396                 $this->_getSession()->addError($this->__('Wrong email.'));
00397                 $this->_redirectError(Mage::getUrl('*/*/*', array('email' => $email, '_secure' => true)));
00398             }
00399             return;
00400         }
00401 
00402         // output form
00403         $this->loadLayout();
00404 
00405         $this->getLayout()->getBlock('accountConfirmation')
00406             ->setEmail($this->getRequest()->getParam('email', $email));
00407 
00408         $this->_initLayoutMessages('customer/session');
00409         $this->renderLayout();
00410     }
00411 
00412     /**
00413      * Forgot customer password page
00414      */
00415     public function forgotPasswordAction()
00416     {
00417         $this->loadLayout();
00418 
00419         $this->getLayout()->getBlock('forgotPassword')->setEmailValue(
00420             $this->_getSession()->getForgottenEmail()
00421         );
00422         $this->_getSession()->unsForgottenEmail();
00423 
00424         $this->_initLayoutMessages('customer/session');
00425         $this->renderLayout();
00426     }
00427 
00428     /**
00429      * Forgot customer password action
00430      */
00431     public function forgotPasswordPostAction()
00432     {
00433         $email = $this->getRequest()->getPost('email');
00434         if ($email) {
00435             if (!Zend_Validate::is($email, 'EmailAddress')) {
00436                 $this->_getSession()->setForgottenEmail($email);
00437                 $this->_getSession()->addError($this->__('Invalid email address'));
00438                 $this->getResponse()->setRedirect(Mage::getUrl('*/*/forgotpassword'));
00439                 return;
00440             }
00441             $customer = Mage::getModel('customer/customer')
00442                 ->setWebsiteId(Mage::app()->getStore()->getWebsiteId())
00443                 ->loadByEmail($email);
00444 
00445             if ($customer->getId()) {
00446                 try {
00447                     $newPassword = $customer->generatePassword();
00448                     $customer->changePassword($newPassword, false);
00449                     $customer->sendPasswordReminderEmail();
00450 
00451                     $this->_getSession()->addSuccess($this->__('A new password was sent'));
00452 
00453                     $this->getResponse()->setRedirect(Mage::getUrl('*/*'));
00454                     return;
00455                 }
00456                 catch (Exception $e){
00457                     $this->_getSession()->addError($e->getMessage());
00458                 }
00459             }
00460             else {
00461                 $this->_getSession()->addError($this->__('This email address was not found in our records'));
00462                 $this->_getSession()->setForgottenEmail($email);
00463             }
00464         } else {
00465             $this->_getSession()->addError($this->__('Please enter your email.'));
00466             $this->getResponse()->setRedirect(Mage::getUrl('*/*/forgotpassword'));
00467             return;
00468         }
00469 
00470         $this->getResponse()->setRedirect(Mage::getUrl('*/*/forgotpassword'));
00471     }
00472 
00473     /**
00474      * Forgot customer account information page
00475      */
00476     public function editAction()
00477     {
00478         $this->loadLayout();
00479         $this->_initLayoutMessages('customer/session');
00480         $this->_initLayoutMessages('catalog/session');
00481 
00482         if ($block = $this->getLayout()->getBlock('customer_edit')) {
00483             $block->setRefererUrl($this->_getRefererUrl());
00484         }
00485         $data = $this->_getSession()->getCustomerFormData(true);
00486         $customer = $this->_getSession()->getCustomer();
00487         if (!empty($data)) {
00488             $customer->addData($data);
00489         }
00490         if($this->getRequest()->getParam('changepass')==1){
00491             $customer->setChangePassword(1);
00492         }
00493 
00494         $this->getLayout()->getBlock('head')->setTitle($this->__('Account Information'));
00495 
00496         $this->renderLayout();
00497     }
00498 
00499     /**
00500      * Change customer password action
00501      */
00502     public function editPostAction()
00503     {
00504         if (!$this->_validateFormKey()) {
00505             return $this->_redirect('*/*/edit');
00506         }
00507 
00508         if ($this->getRequest()->isPost()) {
00509             $customer = Mage::getModel('customer/customer')
00510                 ->setId($this->_getSession()->getCustomerId())
00511                 ->setWebsiteId($this->_getSession()->getCustomer()->getWebsiteId());
00512 
00513             $fields = Mage::getConfig()->getFieldset('customer_account');
00514             foreach ($fields as $code=>$node) {
00515                 if ($node->is('update') && ($value = $this->getRequest()->getParam($code)) !== null) {
00516                     $customer->setData($code, $value);
00517                 }
00518             }
00519 
00520             $errors = $customer->validate();
00521             if (!is_array($errors)) {
00522                 $errors = array();
00523             }
00524 
00525             /**
00526              * we would like to preserver the existing group id
00527              */
00528             if ($this->_getSession()->getCustomerGroupId()) {
00529                 $customer->setGroupId($this->_getSession()->getCustomerGroupId());
00530             }
00531 
00532             if ($this->getRequest()->getParam('change_password')) {
00533                 $currPass = $this->getRequest()->getPost('current_password');
00534                 $newPass  = $this->getRequest()->getPost('password');
00535                 $confPass  = $this->getRequest()->getPost('confirmation');
00536 
00537                 if (empty($currPass) || empty($newPass) || empty($confPass)) {
00538                     $errors[] = $this->__('Password fields can\'t be empty.');
00539                 }
00540 
00541                 if ($newPass != $confPass) {
00542                     $errors[] = $this->__('Please make sure your passwords match.');
00543                 }
00544 
00545                 $oldPass = $this->_getSession()->getCustomer()->getPasswordHash();
00546                 if (strpos($oldPass, ':')) {
00547                     list($_salt, $salt) = explode(':', $oldPass);
00548                 } else {
00549                     $salt = false;
00550                 }
00551 
00552                 if ($customer->hashPassword($currPass, $salt) == $oldPass) {
00553                     $customer->setPassword($newPass);
00554                 } else {
00555                     $errors[] = $this->__('Invalid current password');
00556                 }
00557             }
00558 
00559             if (!empty($errors)) {
00560                 $this->_getSession()->setCustomerFormData($this->getRequest()->getPost());
00561                 foreach ($errors as $message) {
00562                     $this->_getSession()->addError($message);
00563                 }
00564                 $this->_redirect('*/*/edit');
00565                 return $this;
00566             }
00567 
00568 
00569             try {
00570                 $customer->save();
00571                 $this->_getSession()->setCustomer($customer)
00572                     ->addSuccess($this->__('Account information was successfully saved'));
00573 
00574                 $this->_redirect('customer/account');
00575                 return;
00576             }
00577             catch (Mage_Core_Exception $e) {
00578                 $this->_getSession()->setCustomerFormData($this->getRequest()->getPost())
00579                     ->addError($e->getMessage());
00580             }
00581             catch (Exception $e) {
00582                 $this->_getSession()->setCustomerFormData($this->getRequest()->getPost())
00583                     ->addException($e, $this->__('Can\'t save customer'));
00584             }
00585         }
00586 
00587         $this->_redirect('*/*/edit');
00588     }
00589 }