I am new to Magento and PHP. I use the following line to get the email, which works fine except in the case a customer just registered. Any suggestions? Thanks.
$userEmail = Mage::getSingleton('customer/session')->getCustomer()->getEmail();
I assume that this code runs before the customer object data was saved propperly.
There is a line of code callled: in the OnePageCheckout and it does the following:
/**
* Involve new customer to system
*
* #return Mage_Checkout_Model_Type_Onepage
*/
protected function _involveNewCustomer()
{
$customer = $this->getQuote()->getCustomer();
if ($customer->isConfirmationRequired()) {
$customer->sendNewAccountEmail('confirmation', '', $this->getQuote()->getStoreId());
$url = Mage::helper('customer')->getEmailConfirmationUrl($customer->getEmail());
$this->getCustomerSession()->addSuccess(
Mage::helper('customer')->__('Account confirmation is required. Please, check your e-mail for confirmation link. To resend confirmation email please click here.', $url)
);
} else {
$customer->sendNewAccountEmail('registered', '', $this->getQuote()->getStoreId());
$this->getCustomerSession()->loginById($customer->getId());
}
return $this;
}
If the customer is just registering, not using the checkout process, then there is a different function using the request parameters like Anton said:
/app/code/core/Mage/Customer/Block/Form/Register.php
/**
* Restore entity data from session
* Entity and form code must be defined for the form
*
* #param Mage_Customer_Model_Form $form
* #return Mage_Customer_Block_Form_Register
*/
public function restoreSessionData(Mage_Customer_Model_Form $form, $scope = null)
{
if ($this->getFormData()->getCustomerData()) {
$request = $form->prepareRequest($this->getFormData()->getData());
$data = $form->extractData($request, $scope, false);
$form->restoreData($data);
}
return $this;
}
you can get it from request parameters directly?
Related
I'm getting this error when i try to register via google api
string(331) "Legacy People API has not been used in project ******* before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/legacypeople.googleapis.com/overview?project=******** then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry."
And when i go that url i'm receiving
Failed to load.
There was an error while loading /apis/api/legacypeople.googleapis.com/overview?project=******&dcccrf=1. Please try again.
My google.php code in /vendor/league/oauth2-google/src/Provider is
<?php
namespace League\OAuth2\Client\Provider;
use League\OAuth2\Client\Exception\HostedDomainException;
use League\OAuth2\Client\Provider\Exception\IdentityProviderException;
use League\OAuth2\Client\Token\AccessToken;
use League\OAuth2\Client\Tool\BearerAuthorizationTrait;
use Psr\Http\Message\ResponseInterface;
class Google extends AbstractProvider
{
use BearerAuthorizationTrait;
const ACCESS_TOKEN_RESOURCE_OWNER_ID = 'id';
/**
* #var string If set, this will be sent to google as the "access_type" parameter.
* #link https://developers.google.com/accounts/docs/OAuth2WebServer#offline
*/
protected $accessType;
/**
* #var string If set, this will be sent to google as the "hd" parameter.
* #link https://developers.google.com/accounts/docs/OAuth2Login#hd-param
*/
protected $hostedDomain;
/**
* #var array Default fields to be requested from the user profile.
* #link https://developers.google.com/+/web/api/rest/latest/people
*/
protected $defaultUserFields = [
'id',
'name(familyName,givenName)',
'displayName',
'emails/value',
'image/url',
];
/**
* #var array Additional fields to be requested from the user profile.
* If set, these values will be included with the defaults.
*/
protected $userFields = [];
/**
* Use OpenID Connect endpoints for getting the user info/resource owner
* #var bool
*/
protected $useOidcMode = false;
public function getBaseAuthorizationUrl()
{
return 'https://accounts.google.com/o/oauth2/auth';
}
public function getBaseAccessTokenUrl(array $params)
{
return 'https://www.googleapis.com/oauth2/v4/token';
}
public function getResourceOwnerDetailsUrl(AccessToken $token)
{
if ($this->useOidcMode) {
// OIDC endpoints can be found https://accounts.google.com/.well-known/openid-configuration
return 'https://www.googleapis.com/oauth2/v3/userinfo';
}
// fields that are required based on other configuration options
$configurationUserFields = [];
if (isset($this->hostedDomain)) {
$configurationUserFields[] = 'domain';
}
$fields = array_merge($this->defaultUserFields, $this->userFields, $configurationUserFields);
return 'https://www.googleapis.com/plus/v1/people/me?' . http_build_query([
'fields' => implode(',', $fields),
'alt' => 'json',
]);
}
protected function getAuthorizationParameters(array $options)
{
$params = array_merge(
parent::getAuthorizationParameters($options),
array_filter([
'hd' => $this->hostedDomain,
'access_type' => $this->accessType,
// if the user is logged in with more than one account ask which one to use for the login!
'authuser' => '-1'
])
);
return $params;
}
protected function getDefaultScopes()
{
return [
'email',
'openid',
'profile',
];
}
protected function getScopeSeparator()
{
return ' ';
}
protected function checkResponse(ResponseInterface $response, $data)
{
if (!empty($data['error'])) {
$code = 0;
$error = $data['error'];
if (is_array($error)) {
$code = $error['code'];
$error = $error['message'];
}
throw new IdentityProviderException($error, $code, $data);
}
}
protected function createResourceOwner(array $response, AccessToken $token)
{
$user = new GoogleUser($response);
// Validate hosted domain incase the user edited the initial authorization code grant request
if ($this->hostedDomain === '*') {
if (empty($user->getHostedDomain())) {
throw HostedDomainException::notMatchingDomain($this->hostedDomain);
}
} elseif (!empty($this->hostedDomain) && $this->hostedDomain !== $user->getHostedDomain()) {
throw HostedDomainException::notMatchingDomain($this->hostedDomain);
}
return $user;
}
}
How to fix this issue?
Legacy People API has not been used in project ******* before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/legacypeople.googleapis.com/overview?project=********
As the error message states you have not enabled the people api in your project and as you have included email and profile and are trying to request profiled data about the user.
return 'https://www.googleapis.com/plus/v1/people/me?' . http_build_query([
'fields' => implode(',', $fields),
'alt' => 'json',
You need to enable the people api in our project before you can request data. Click the link and follow the instructions below.
Go to Google developer console click library on the left. Then search for the API you are looking to use and click enable button
Wait a couple of minutes then run your code again. Then you will be able to make requests to the people api.
return 'https://www.googleapis.com/plus/v1/people/me?' . http_build_query([
'fields' => implode(',', $fields),
'alt' => 'json',
Legacy endpoint:
I also recommend up update your endpoint to the new people.get endpoint
https://people.googleapis.com/v1/people/me
in a function of my controller, I initialize a form that I pass in parameter to a view. The form must then redirect to another action of my controller, like this:
Controller : index()
/**
* #Route("/validation/absences", name="validation_index")
*/
public function index(PaginatorInterface $paginator, Request $request, AbsenceService $absenceService)
{
$refusAbsence = new Absence();
$formRefus = $this->createForm(RefusAbsenceType::class, $refusAbsence);
$formRefus->handleRequest($request);
return $this->render('validation/index.html.twig', [
"formRefus" => $formRefus->createView(),
]);
My form action goes to this function :
/**
* Refuser une demande d'absence
*
* #Route("validation/absences/refuser/{id}", name="validation_refuser")
*
* #param Absence $absence
* #return void
*/
public function refuser(Request $request, Absence $absence)
{
$token = $request->get('refus_absence')['_token'];
if (!$this->isCsrfTokenValid('refus_absence__token', $token)) {
throw new \Symfony\Component\Security\Core\Exception\AccessDeniedException('Accès interdit');
}
$commentaire = $request->get('refus_absence')['commentaire'];
dd($commentaire);
}
I get my token back with the request, but I can not get it to be validated. I still have the mistake.
Yet on Symfony's documentation, they say:
if ($this->isCsrfTokenValid('token_id', $submittedToken)) {
// ... do something, like deleting an object
}
And in my HTML, I've :
<input type="hidden" id="refus_absence__token" name="refus_absence[_token]" value="7bbockF5tz3r7Ne9f6dQB7Y5YMcwd1QRES4vHrhQEQE">
in your receiving function, just recreate the form:
$form = $this->createForm(RefusAbsenceType::class, new Absence());
$form->handleRequest($request);
// also checks csrf, it is enabled globally, otherwise, recreate parameters
// in the createForm call.
if($form->isSubmitted() && $form->isValid()) {
$absence = $form->getData();
// do whatever ... persist and stuff ...
}
I have setup Woocommerce to automatically register a new customer when the order is completed.
Now I want to send the password and other things that has been generated to a third party using a API POST request to create the same user account.
Things I need to send from the Woocommerce generated account:
Email address (used for email and login on third party website)
First name
Last name
Password (Needs to be unhashed, same as used in new account email)
Can someone show me an example how to get this done? Or point me in to the right direction? I just can't find anything to start with.
I thought by adding Curl to the Woocommerce thank you page webhook. But this won't send the password unhashed, it just stay blank.
Hope someone knows an easy way to get this done.
Thanks!
Latest UPDATE: CODE USING IN MY FUNCTIONS.PHP
class NewCustomerRegistration
{
private $credentials;
public function __construct()
{
// Use PHP_INT_MAX so that it is the last filter run on this data
// in case there are other filter changing the password, for example
add_filter(
'woocommerce_new_customer_data',
[$this, 'when_user_is_created'],
1,
PHP_INT_MAX
);
add_action('woocommerce_new_customer', [$this, 'when_customer_is_created']);
}
public function when_user_is_created($customerData)
{
$this->credentials = [
'email' => $customerData['user_email'],
'password' => $customerData['user_pass'],
];
return $customerData;
}
public function when_customer_is_created($customerId)
{
$customer = get_userdata($customerId);
/**
* Perform the required actions with collected data
*
* Email: $this->credentials['email']
* Password: $this->credentials['password']
* First Name: $customer->first_name
* Last Name: $customer->last_name
*/
// Testing sending email function
$subject = "Test Email with data";
$email = "info#mydomain.com";
$message = "Hello, {$customer->first_name}\n\n";
$message .= "Here are your login details for {$customer->first_name} {$customer->last_name}\n\n";
$message .= "Your company is: {$customer->company}\n\n";
$message .= "Your username is: {$this->credentials['email']}\n\n";
$message .= "Your password is: {$this->credentials['password']}\n\n";
$message .= "Your email is: {$this->credentials['email']}\n\n";
$message .= "Your role is: {$customer->role}\n\n";
$headers = array();
add_filter( 'wp_mail_content_type', function( $content_type ) {return 'text/html';});
$headers[] = 'From: My Wordpress Website <info#mydomain.com>'."\r\n";
wp_mail( $email, $subject, $message, $headers);
// Reset content-type to avoid conflicts
remove_filter( 'wp_mail_content_type', 'set_html_content_type' );
}
}
It looks like the combining the actions woocommerce_created_customer (for email and password) and woocommerce_new_customer (for other customer details) could do the job for you.
My thinking is that you could do something like..
class NewCustomerRegistration
{
private $credentials;
public function __construct()
{
add_action('woocommerce_created_customer', [$this, 'when_user_is_created']);
add_action('woocommerce_new_customer', [$this, 'when_customer_is_created']);
}
public function when_user_is_created($customerId, $customerData)
{
$this->credentials = [
'email' => $customerData['user_email'],
'password' => $customerData['user_pass'],
];
}
public function when_customer_is_created($customerId)
{
$customer = get_userdata($customerId);
/**
* Send email with collected data
*
* Email: $this->credentials['email']
* Password: $this->credentials['password']
* First Name: $customer->first_name
* Last Name: $customer->last_name
*/
wp_mail(...);
}
}
NOTE You should probably clear the credentials after sending so that, if the woocommerce_new_customer action is called with a different user for some reason, the credentials aren't sent out to a different user. You should probably add some error checks in too, just for your own sanity.
UPDATE
As you are getting an error with the woocommerce_created_customer action you might get better results listening for the woocommerce_new_customer_data filter.
class NewCustomerRegistration
{
private $credentials;
public function __construct()
{
// Use PHP_INT_MAX so that it is the last filter run on this data
// in case there are other filter changing the password, for example
add_filter(
'woocommerce_new_customer_data',
[$this, 'when_user_is_created'],
1,
PHP_INT_MAX
);
add_action('woocommerce_new_customer', [$this, 'when_customer_is_created']);
}
public function when_user_is_created($customerData)
{
$this->credentials = [
'email' => $customerData['user_email'],
'password' => $customerData['user_pass'],
];
return $customerData;
}
public function when_customer_is_created($customerId)
{
$customer = get_userdata($customerId);
/**
* Perform the required actions with collected data
*
* Email: $this->credentials['email']
* Password: $this->credentials['password']
* First Name: $customer->first_name
* Last Name: $customer->last_name
*/
}
}
In my Laravel application, a User can have a Profile which they or a user with privileges can update.
The relation for these two models is defined in this method:
/**
* Get the profile associated with this user
*/
public function profile()
{
return $this->hasOne(Profile::class, 'user_username', 'username');
}
This is the method for updating a user profile:
/**
* Update the specified resource in storage.
*
* #param \Illuminate\Http\Request $request
* #param \App\Profile $profile
* #return \Illuminate\Http\Response
*/
public function update(UpdateProfile $request, User $user)
{
if ($user) {
// Only proceed if there is a logged in user
$profile = $user->profile;
// If there is no profile, create one for this user as they'll need one.
if (!empty(request()->get('background'))) {
$profile->background = clean($request->get('background'));
}
if (!empty(request()->get('skills'))) {
$profile->skills = clean($request->get('skills'));
}
if (!empty(request()->get('filepath'))) {
$profile->displayPicture = $request->get('filepath');
}
if (!empty(request()->get('linkedInUrl'))) {
$socialProfilesDecoded = json_decode($user->profile->socialProfiles, true);
$socialProfilesDecoded["LinkedIn"] = $request->get('linkedInUrl');
$profile->socialProfiles = json_encode($socialProfilesDecoded);
}
if (!empty(request()->get('twitterUrl'))) {
$socialProfilesDecoded = json_decode($user->profile->socialProfiles, true);
$socialProfilesDecoded["Twitter"] = $request->get('twitterUrl');
$profile->socialProfiles = json_encode($socialProfilesDecoded);
}
$user->profile()->save($profile);
return redirect()->back()->withSuccess('Your profile has been successfully updated');
}
}
The route for updating a profile is:
Route::post('profile/{user}', 'ProfileController#update');
It came to my attention that exposing the username presents a vulnerability as if you're able to grab the request with a web proxy you can just change the username and update another user's profile.
Without changing the URL could I put a Policy in place to check that:
The user has permission to update said profile
The profile being updated is the correct profile (and the request wasn't tampered with.
Or, should I change the URL and have a way to edit profiles in an admin area only?
Also, as a Profile is associated with a User, how could a privileged user access another user's profile?
Maybe a hidden input?
Update:
if ($request->is('admin/*')) {
//
}
Could I check if this matches the POST request?
Update 2
Added a simple check to ensure the logged in user had permissions to update a Profile.
/**
* Update the specified resource in storage.
*
* #param \Illuminate\Http\Request $request
* #param \App\Profile $profile
* #return \Illuminate\Http\Response
*/
public function update(UpdateProfile $request, User $user)
{
// Check this user
if(auth()->user() == $user || auth()->user()->can('Approve user profile')){
if ($user) {
// Only proceed if there is a logged in user
$profile = $user->profile;
// If there is no profile, create one for this user as they'll need one.
if (!empty(request()->get('background'))) {
$profile->background = clean($request->get('background'));
}
if (!empty(request()->get('skills'))) {
$profile->skills = clean($request->get('skills'));
}
if (!empty(request()->get('filepath'))) {
$profile->displayPicture = $request->get('filepath');
}
if (!empty(request()->get('linkedInUrl'))) {
$socialProfilesDecoded = json_decode($user->profile->socialProfiles, true);
$socialProfilesDecoded["LinkedIn"] = $request->get('linkedInUrl');
$profile->socialProfiles = json_encode($socialProfilesDecoded);
}
if (!empty(request()->get('twitterUrl'))) {
$socialProfilesDecoded = json_decode($user->profile->socialProfiles, true);
$socialProfilesDecoded["Twitter"] = $request->get('twitterUrl');
$profile->socialProfiles = json_encode($socialProfilesDecoded);
}
$user->profile()->save($profile);
return redirect()->back()->withSuccess('Your profile has been successfully updated');
}
}
}
I use Codeigniter framework + Tank_Auth registiration library. They work great but I just need to change register form a bit.
I want to generate username from email address instead of getting it from registeration form. I added a simple function to libraries/Tank_auth.php file. Here is my username generator function:
function _create_username_from_email($email)
{
$user = strstr($email, '#', true); // As of PHP 5.3.0
return $user;
}
Please let me know where I need to run my function and write it to database.
I will also need to remove username field from register form. So I need how I can pass form validation for username field in my controller.
I will be really happy if any of you can help me about these problem.
Thanks
At line 121 in application/models/tank_auth/users you have:
/**
* Create new user record
*
* #param array
* #param bool
* #return array
*/
function create_user($data, $activated = TRUE)
{
$data['created'] = date('Y-m-d H:i:s');
$data['activated'] = $activated ? 1 : 0;
if ($this->db->insert($this->table_name, $data)) {
$user_id = $this->db->insert_id();
if ($activated) $this->create_profile($user_id);
return array('user_id' => $user_id);
}
return NULL;
}
Just before the if ($this->db->insert($this->table_name, $data)) { insert:
$data['username'] = strstr($data['email'], '#', true);
P.S.
I hope you understand it, but just in case - if you have two or more users with same email's username part like john#hotmail.com and john#gmail.com they both will have the same username, which may lead to unexpected behavior.