This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /* |
||
3 | * This file is part of EC-CUBE |
||
4 | * |
||
5 | * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved. |
||
6 | * |
||
7 | * http://www.lockon.co.jp/ |
||
8 | * |
||
9 | * This program is free software; you can redistribute it and/or |
||
10 | * modify it under the terms of the GNU General Public License |
||
11 | * as published by the Free Software Foundation; either version 2 |
||
12 | * of the License, or (at your option) any later version. |
||
13 | * |
||
14 | * This program is distributed in the hope that it will be useful, |
||
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
17 | * GNU General Public License for more details. |
||
18 | * |
||
19 | * You should have received a copy of the GNU General Public License |
||
20 | * along with this program; if not, write to the Free Software |
||
21 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
||
22 | */ |
||
23 | |||
24 | namespace Eccube\Controller; |
||
25 | |||
26 | use Eccube\Application; |
||
27 | use Eccube\Event\EccubeEvents; |
||
28 | use Eccube\Event\EventArgs; |
||
29 | use Symfony\Component\HttpFoundation\Request; |
||
30 | use Symfony\Component\HttpKernel\Exception as HttpException; |
||
31 | use Symfony\Component\Validator\Constraints as Assert; |
||
32 | |||
33 | class ForgotController extends AbstractController |
||
34 | { |
||
35 | /** |
||
36 | * パスワードリマインダ. |
||
37 | * |
||
38 | * @param Application $app |
||
39 | * @param Request $request |
||
40 | * @return \Symfony\Component\HttpFoundation\RedirectResponse|\Symfony\Component\HttpFoundation\Response |
||
41 | */ |
||
42 | 4 | public function index(Application $app, Request $request) |
|
43 | { |
||
44 | |||
45 | 4 | $builder = $app['form.factory'] |
|
46 | 4 | ->createNamedBuilder('', 'forgot'); |
|
47 | |||
48 | 4 | $event = new EventArgs( |
|
49 | array( |
||
50 | 4 | 'builder' => $builder, |
|
51 | ), |
||
52 | $request |
||
53 | ); |
||
54 | 4 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_FORGOT_INDEX_INITIALIZE, $event); |
|
55 | |||
56 | 4 | $form = $builder->getForm(); |
|
57 | 4 | $form->handleRequest($request); |
|
58 | |||
59 | 4 | if ($form->isSubmitted() && $form->isValid()) { |
|
60 | 2 | $Customer = $app['eccube.repository.customer'] |
|
61 | 2 | ->getActiveCustomerByEmail($form->get('login_email')->getData()); |
|
62 | |||
63 | 2 | if (!is_null($Customer)) { |
|
64 | // リセットキーの発行・有効期限の設定 |
||
65 | $Customer |
||
66 | 2 | ->setResetKey($app['eccube.repository.customer']->getUniqueResetKey($app)) |
|
67 | 2 | ->setResetExpire(new \DateTime('+' . $app['config']['customer_reset_expire'] .' min')); |
|
68 | |||
69 | // リセットキーを更新 |
||
70 | 2 | $app['orm.em']->persist($Customer); |
|
71 | 2 | $app['orm.em']->flush(); |
|
72 | |||
73 | 2 | $event = new EventArgs( |
|
74 | array( |
||
75 | 2 | 'form' => $form, |
|
76 | 2 | 'Customer' => $Customer, |
|
77 | ), |
||
78 | $request |
||
79 | ); |
||
80 | 2 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_FORGOT_INDEX_COMPLETE, $event); |
|
81 | |||
82 | // 完了URLの生成 |
||
83 | 2 | $reset_url = $app->url('forgot_reset', array('reset_key' => $Customer->getResetKey())); |
|
84 | |||
85 | // メール送信 |
||
86 | 2 | $app['eccube.service.mail']->sendPasswordResetNotificationMail($Customer, $reset_url); |
|
87 | |||
88 | // ログ出力 |
||
89 | 2 | $app['monolog']->addInfo( |
|
90 | 2 | 'send reset password mail to:' . "{$Customer->getId()} {$Customer->getEmail()} {$request->getClientIp()}" |
|
91 | ); |
||
92 | } else { |
||
93 | log_warning('Un active customer try send reset password email: ', array('Enter email' => $form->get('login_email')->getData())); |
||
94 | } |
||
95 | |||
96 | 2 | return $app->redirect($app->url('forgot_complete')); |
|
97 | } |
||
98 | |||
99 | 2 | return $app->render('Forgot/index.twig', array( |
|
100 | 2 | 'form' => $form->createView(), |
|
101 | )); |
||
102 | } |
||
103 | |||
104 | /** |
||
105 | * パスワードリマインダ完了画面. |
||
106 | * |
||
107 | * @param Application $app |
||
108 | * @param Request $request |
||
109 | * @return \Symfony\Component\HttpFoundation\Response |
||
110 | */ |
||
111 | 1 | public function complete(Application $app, Request $request) |
|
0 ignored issues
–
show
|
|||
112 | { |
||
113 | 1 | return $app->render('Forgot/complete.twig'); |
|
114 | } |
||
115 | |||
116 | /** |
||
117 | * パスワード再発行実行画面. |
||
118 | * |
||
119 | * @param Application $app |
||
120 | * @param Request $request |
||
121 | * @param $reset_key |
||
122 | * @return \Symfony\Component\HttpFoundation\Response |
||
123 | */ |
||
124 | 4 | public function reset(Application $app, Request $request, $reset_key) |
|
125 | { |
||
126 | 4 | $errors = $app['validator']->validateValue($reset_key, array( |
|
127 | 4 | new Assert\NotBlank(), |
|
128 | 4 | new Assert\Regex(array( |
|
129 | 4 | 'pattern' => '/^[a-zA-Z0-9]+$/', |
|
130 | ))) |
||
131 | ); |
||
132 | |||
133 | 4 | if ('GET' === $request->getMethod() |
|
134 | 4 | && count($errors) === 0) { |
|
135 | try { |
||
136 | 3 | $Customer = $app['eccube.repository.customer'] |
|
137 | 3 | ->getActiveCustomerByResetKey($reset_key); |
|
138 | 1 | } catch (\Exception $e) { |
|
139 | 1 | throw new HttpException\NotFoundHttpException('有効期限が切れているか、無効なURLです。'); |
|
140 | } |
||
141 | |||
142 | // パスワードの発行・更新 |
||
143 | 2 | $pass = $app['eccube.repository.customer']->getResetPassword(); |
|
144 | 2 | $Customer->setPassword($pass); |
|
145 | |||
146 | // 発行したパスワードの暗号化 |
||
147 | 2 | if ($Customer->getSalt() === null) { |
|
148 | $Customer->setSalt($app['eccube.repository.customer']->createSalt(5)); |
||
149 | } |
||
150 | 2 | $encPass = $app['eccube.repository.customer']->encryptPassword($app, $Customer); |
|
151 | 2 | $Customer->setPassword($encPass); |
|
152 | |||
153 | 2 | $Customer->setResetKey(null); |
|
154 | |||
155 | // パスワードを更新 |
||
156 | 2 | $app['orm.em']->persist($Customer); |
|
157 | 2 | $app['orm.em']->flush(); |
|
158 | |||
159 | 2 | $event = new EventArgs( |
|
160 | array( |
||
161 | 2 | 'Customer' => $Customer, |
|
162 | ), |
||
163 | $request |
||
164 | ); |
||
165 | 2 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_FORGOT_RESET_COMPLETE, $event); |
|
166 | |||
167 | // メール送信 |
||
168 | 2 | $app['eccube.service.mail']->sendPasswordResetCompleteMail($Customer, $pass); |
|
169 | |||
170 | // ログ出力 |
||
171 | 2 | $app['monolog']->addInfo( |
|
172 | 2 | 'reset password complete:' . "{$Customer->getId()} {$Customer->getEmail()} {$request->getClientIp()}" |
|
173 | ); |
||
174 | } else { |
||
175 | 1 | throw new HttpException\AccessDeniedHttpException('不正なアクセスです。'); |
|
176 | } |
||
177 | |||
178 | 2 | return $app->render('Forgot/reset.twig'); |
|
179 | } |
||
180 | |||
181 | } |
||
182 |
This check looks from parameters that have been defined for a function or method, but which are not used in the method body.