1+ <?php
2+ require_once ("Mage/Customer/controllers/AccountController.php " );
3+
4+ /**
5+ * Customer account controller
6+ */
7+ class CRW_Auth_AccountController extends Mage_Customer_AccountController
8+ {
9+ // Check user is in Unapproved grousp
10+ public function is_user_approved () {
11+ // Check Customer is loggedin or not
12+ if (Mage::getSingleton ('customer/session ' )->isLoggedIn ()){
13+ // Get group Id
14+ $ groupIdgetSingleton ('customer/session ' )->getCustomerGroupId ();
15+ //Get customer Group name
16+ $ groupgetModel ('customer/group ' )->load ($ groupId
17+ // Check approved
18+ if ($ groupgetCode () == 'Unapproved ' )
19+ // User is unapproved
20+ return false ;
21+ else
22+ // User is approved now
23+ return true ;
24+ }
25+ else {
26+ // User is unapproved
27+ return false ;
28+ }
29+ }
30+
31+ /**
32+ * Customer login form page
33+ */
34+ public function indexAction ()
35+ {
36+ if ($ this is_user_approved ()) {
37+ $ this getResponse ()->setHeader ('Login-Required ' , 'true ' );
38+ $ this loadLayout ();
39+ $ this _initLayoutMessages ('customer/session ' );
40+ $ this _initLayoutMessages ('catalog/session ' );
41+ $ this renderLayout ();
42+ }
43+ else {
44+ $ sessionaddError ($ this __ ('You must be an approved user ' ));
45+ $ this logoutAction ();
46+ }
47+ }
48+
49+ /**
50+ * Login post action
51+ */
52+ public function loginPostAction ()
53+ {
54+ if (!$ this _validateFormKey ()) {
55+ $ this _redirect ('*/*/ ' );
56+ return ;
57+ }
58+
59+ if ($ this _getSession ()->isLoggedIn ()) {
60+ $ this _redirect ('*/*/ ' );
61+ return ;
62+ }
63+ $ session$ this _getSession ();
64+
65+ if ($ this getRequest ()->isPost ()) {
66+ $ login$ this getRequest ()->getPost ('login ' );
67+ if (!empty ($ login'username ' ]) && !empty ($ login'password ' ])) {
68+ try {
69+ $ sessionlogin ($ login'username ' ], $ login'password ' ]);
70+ if ($ sessiongetCustomer ()->getIsJustConfirmed ()) {
71+ $ this _welcomeCustomer ($ sessiongetCustomer (), true );
72+ }
73+ } catch (Mage_Core_Exception $ e
74+ switch ($ egetCode ()) {
75+ case Mage_Customer_Model_Customer::EXCEPTION_EMAIL_NOT_CONFIRMED :
76+ $ value$ this _getHelper ('customer ' )->getEmailConfirmationUrl ($ login'username ' ]);
77+ $ message$ this _getHelper ('customer ' )->__ ('This account is not confirmed. <a href="%s">Click here</a> to resend confirmation email. ' , $ value
78+ break ;
79+ case Mage_Customer_Model_Customer::EXCEPTION_INVALID_EMAIL_OR_PASSWORD :
80+ $ message$ egetMessage ();
81+ break ;
82+ default :
83+ $ message$ egetMessage ();
84+ }
85+ $ sessionaddError ($ message
86+ $ sessionsetUsername ($ login'username ' ]);
87+ } catch (Exception $ e
88+ // Mage::logException($e); // PA DSS violation: this exception log can disclose customer password
89+ }
90+ } else {
91+ $ sessionaddError ($ this __ ('Login and password are required. ' ));
92+ }
93+ }
94+ // Check if customer is an approved
95+ if ($ this is_user_approved ()) {
96+ $ this _loginPostRedirect ();
97+ }
98+ else {
99+ $ sessionaddError ($ this __ ('You must be an approved user ' ));
100+ $ this logoutAction ();
101+ }
102+ }
103+
104+ /**
105+ * Create customer account action
106+ */
107+ public function createPostAction ()
108+ {
109+ /** @var $session Mage_Customer_Model_Session */
110+ $ session$ this _getSession ();
111+ if ($ sessionisLoggedIn ()) {
112+ $ this _redirect ('*/*/ ' );
113+ return ;
114+ }
115+ $ sessionsetEscapeMessages (true ); // prevent XSS injection in user input
116+ if (!$ this getRequest ()->isPost ()) {
117+ $ errUrl$ this _getUrl ('*/*/create ' , array ('_secure ' => true ));
118+ $ this _redirectError ($ errUrl
119+ return ;
120+ }
121+
122+ $ customer$ this _getCustomer ();
123+
124+ try {
125+ $ errors$ this _getCustomerErrors ($ customer
126+ // Check if customer is an approved
127+ if ($ this is_user_approved ()) {
128+ $ this _loginPostRedirect ();
129+ }
130+ else {
131+ $ sessionaddError ($ this __ ('You must be an approved user ' ));
132+
133+ }
134+
135+ if (empty ($ errors
136+ $ customercleanPasswordsValidationData ();
137+ $ customersave ();
138+ $ this _dispatchRegisterSuccess ($ customer
139+ $ this _successProcessRegistration ($ customer
140+ $ this logoutAction ();
141+ return ;
142+ } else {
143+ $ this _addSessionError ($ errors
144+ }
145+ } catch (Mage_Core_Exception $ e
146+ $ sessionsetCustomerFormData ($ this getRequest ()->getPost ());
147+ if ($ egetCode () === Mage_Customer_Model_Customer::EXCEPTION_EMAIL_EXISTS ) {
148+ $ url$ this _getUrl ('customer/account/forgotpassword ' );
149+ $ message$ this __ ('There is already an account with this email address. If you are sure that it is your email address, <a href="%s">click here</a> to get your password and access your account. ' , $ url
150+ $ sessionsetEscapeMessages (false );
151+ } else {
152+ $ message$ egetMessage ();
153+ }
154+ $ sessionaddError ($ message
155+ } catch (Exception $ e
156+ $ sessionsetCustomerFormData ($ this getRequest ()->getPost ())
157+ ->addException ($ e$ this __ ('Cannot save the customer. ' ));
158+ }
159+ $ errUrl$ this _getUrl ('*/*/create ' , array ('_secure ' => true ));
160+ $ this _redirectError ($ errUrl
161+ }
162+
163+ }
164+ ?>
0 commit comments