Admin2 - Version 1.0.0

Version Notes

Extension should be safe for usage. It uses action pre-dispatch hook to hook into specific controller and specific action.

Download this release

Release Info

Developer	Branko Ajzele
Extension	Admin2
Version	1.0.0
Comparing to
See all releases

Version 1.0.0

Files changed (11) hide show

app/code/community/ActiveCodeline/Admin2/Helper/Data.php +14 -0
app/code/community/ActiveCodeline/Admin2/Model/Mysql4/Pcck.php +17 -0
app/code/community/ActiveCodeline/Admin2/Model/Mysql4/Pcck/Collection.php +17 -0
app/code/community/ActiveCodeline/Admin2/Model/Observer.php +180 -0
app/code/community/ActiveCodeline/Admin2/Model/Pcck.php +17 -0
app/code/community/ActiveCodeline/Admin2/doc/ActiveCodeline_Admin2_screen1.png +0 -0
app/code/community/ActiveCodeline/Admin2/doc/README.txt +3 -0
app/code/community/ActiveCodeline/Admin2/etc/config.xml +72 -0
app/code/community/ActiveCodeline/Admin2/sql/activecodeline_admin2_setup/mysql4-install-1.0.0.php +25 -0
app/locale/en_US/template/email/forgotpassword_confirmation_email.html +6 -0
package.xml +18 -0

app/code/community/ActiveCodeline/Admin2/Helper/Data.php ADDED Viewed

	@@ -0,0 +1,14 @@


1	+ <?php
2	+ /**
3	+ * ActiveCodeline_Admin2_Helper_Data
4	+ *
5	+ * @category ActiveCodeline
6	+ * @package ActiveCodeline_Admin2
7	+ * @author Branko Ajzele (http://activecodeline.net)
8	+ * @copyright Copyright (c) Branko Ajzele
9	+ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
10	+ */
11	+ class ActiveCodeline_Admin2_Helper_Data extends Mage_Core_Helper_Abstract
12	+ {
13	+
14	+ }

app/code/community/ActiveCodeline/Admin2/Model/Mysql4/Pcck.php ADDED Viewed

	@@ -0,0 +1,17 @@


1	+ <?php
2	+ /**
3	+ * ActiveCodeline_Admin2_Model_Mysql4_Pcck
4	+ *
5	+ * @category ActiveCodeline
6	+ * @package ActiveCodeline_Admin2
7	+ * @author Branko Ajzele (http://activecodeline.net)
8	+ * @copyright Copyright (c) Branko Ajzele
9	+ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
10	+ */
11	+ class ActiveCodeline_Admin2_Model_Mysql4_Pcck extends Mage_Core_Model_Mysql4_Abstract
12	+ {
13	+ protected function _construct()
14	+ {
15	+ $this->_init('activecodeline_admin2/pcck', 'pcck_id');
16	+ }
17	+ }

app/code/community/ActiveCodeline/Admin2/Model/Mysql4/Pcck/Collection.php ADDED Viewed

	@@ -0,0 +1,17 @@


1	+ <?php
2	+ /**
3	+ * ActiveCodeline_Admin2_Model_Model_Mysql4_Pcck_Collection
4	+ *
5	+ * @category ActiveCodeline
6	+ * @package ActiveCodeline_Admin2
7	+ * @author Branko Ajzele (http://activecodeline.net)
8	+ * @copyright Copyright (c) Branko Ajzele
9	+ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
10	+ */
11	+ class ActiveCodeline_Admin2_Model_Model_Mysql4_Pcck_Collection extends Mage_Core_Model_Mysql4_Collection_Abstract
12	+ {
13	+ protected function _construct()
14	+ {
15	+ $this->_init('activecodeline_admin2/pcck');
16	+ }
17	+ }

app/code/community/ActiveCodeline/Admin2/Model/Observer.php ADDED Viewed

	@@ -0,0 +1,180 @@


1	+ <?php
2	+ /**
3	+ * ActiveCodeline_Admin2_Model_Observer
4	+ *
5	+ * @category ActiveCodeline
6	+ * @package ActiveCodeline_Admin2
7	+ * @author Branko Ajzele (http://activecodeline.net)
8	+ * @copyright Copyright (c) Branko Ajzele
9	+ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
10	+ */
11	+ class ActiveCodeline_Admin2_Model_Observer
12	+ {
13	+ private function _genRandomString($length)
14	+ {
15	+ $characters = '0123456789abcdefghijklmnopqrstuvwxyz';
16	+ $string = "";
17	+
18	+ for($p = 0; $p < $length; $p++) {
19	+ $string .= $characters[mt_rand(0, strlen($characters))];
20	+ }
21	+
22	+ return $string;
23	+ }
24	+
25	+ public function hookToAdminhtmlControllerActionPredispatchStart()
26	+ {
27	+ $actionName = 'forgotpassword';
28	+ $controllerModule = 'Mage_Adminhtml';
29	+
30	+ if (Mage::app()->getRequest()->getActionName() == $actionName
31	+ && Mage::app()->getRequest()->getControllerModule() == $controllerModule)
32	+ {
33	+ $email = Mage::app()->getRequest()->getParam('email');
34	+ $params = Mage::app()->getRequest()->getParams();
35	+ $email = Mage::app()->getRequest()->getParam('email');
36	+
37	+ //pcck = Password change confirmation key
38	+ $changeConfirmationKey = Mage::app()->getRequest()->getParam('pcck');
39	+
40	+ if (!empty($email) && !empty($params) && empty($changeConfirmationKey)) {
41	+ $collection = Mage::getResourceModel('admin/user_collection');
42	+ /* @var $collection Mage_Admin_Model_Mysql4_User_Collection */
43	+ $collection->addFieldToFilter('email', $email);
44	+ $collection->load(false);
45	+
46	+ if ($collection->getSize() > 0) {
47	+ foreach ($collection as $item) {
48	+ $user = Mage::getModel('admin/user')->load($item->getId());
49	+ if ($user->getId()) {
50	+
51	+ $translate = Mage::getSingleton('core/translate');
52	+ /* @var $translate Mage_Core_Model_Translate */
53	+ $translate->setTranslateInline(false);
54	+
55	+ /*
56	+ * Loads the html file named 'custom_email_template1.html' from
57	+ * app/locale/en_US/template/email/forgotpassword_confirmation_email.html
58	+ */
59	+ $emailTemplate = Mage::getModel('core/email_template')
60	+ ->loadDefault('activecodeline_forgotpassword_confirmation_email');
61	+
62	+ while(true) {
63	+ $pcck = $this->_genRandomString(32);
64	+
65	+ if(!($pcckEntry = Mage::getModel('activecodeline_admin2/pcck')->load($pcck, 'pcck')->getId())) {
66	+ $_pcck = Mage::getModel('activecodeline_admin2/pcck');
67	+ $_pcck->setPcck($pcck);
68	+ $_pcck->setIssuedTo($user->getId());
69	+ $_pcck->setIsUsed(false);
70	+
71	+ $_pcck->save();
72	+
73	+ break;
74	+ }
75	+ }
76	+
77	+ //After we generate pcck, we need to save it to database...
78	+
79	+ //Create an array of variables to assign to template
80	+ $emailTemplateVariables = array();
81	+ $emailTemplateVariables['email'] = $user->getEmail();
82	+ $emailTemplateVariables['name'] = $user->getName();
83	+ $emailTemplateVariables['pcck'] = $_pcck->getPcck();
84	+ $emailTemplateVariables['pcck_url'] = Mage::helper("adminhtml")->getUrl("adminhtml/index/forgotpassword", array('pcck'=>$_pcck->getPcck()));
85	+
86	+ /**
87	+ * The best part <img src="http://inchoo.net/wp-includes/images/smilies/icon_smile.gif" alt=":)" class="wp-smiley">
88	+ * Opens the forgotpassword_confirmation_email.html, throws in the variable array
89	+ * and returns the 'parsed' content that you can use as body of email
90	+ */
91	+ $processedTemplate = $emailTemplate->getProcessedTemplate($emailTemplateVariables);
92	+
93	+ /*
94	+ * Or you can send the email directly,
95	+ * note getProcessedTemplate is called inside send()
96	+ */
97	+ $emailTemplate->setSenderName(Mage::getStoreConfig('trans_email/ident_support/name'));
98	+ $emailTemplate->setSenderEmail(Mage::getStoreConfig('trans_email/ident_support/email'));
99	+ $emailTemplate->setTemplateSubject(Mage::helper('activecodeline_admin2')->__('Forgotten password confirmation email'));
100	+ $emailTemplate->send($user->getEmail(), $user->getFirstname().' '.$user->getLastname(), $emailTemplateVariables);
101	+
102	+ $translate->setTranslateInline(true);
103	+
104	+ Mage::getSingleton('adminhtml/session')->addSuccess(Mage::helper('activecodeline_admin2')->__('Password reset instructions have been sent to you in the email. Please follow them in order to reset your password and gain access to admin area. Thank you.'));
105	+ }
106	+ break;
107	+ }
108	+ }
109	+ else {
110	+ Mage::getSingleton('adminhtml/session')->addError(Mage::helper('activecodeline_admin2')->__('Cannot find the email address.'));
111	+ }
112	+ }
113	+ elseif(!empty($changeConfirmationKey)) {
114	+ //Handle the pass change based on the valid confirmation key.
115	+
116	+ $pcck = Mage::getModel('activecodeline_admin2/pcck')->load($changeConfirmationKey, 'pcck');
117	+
118	+ if($pcck->getIsUsed() == true) {
119	+ Mage::getSingleton('adminhtml/session')->addSuccess(Mage::helper('activecodeline_admin2')->__('Sorry this token has already been used to reset password. Please request another password change.'));
120	+ }
121	+
122	+ if($pcck->getId() && ($pcck->getIsUsed() == false)) {
123	+
124	+ $user = Mage::getModel('admin/user')->load($pcck->getIssuedTo());
125	+
126	+ if($user->getId()) {
127	+
128	+ if($user->getIsActive()) {
129	+
130	+ $pcck->setIsUsed(true);
131	+ $pcck->save();
132	+
133	+ $pass = $this->_genRandomString(7);
134	+
135	+ $user->setPassword($pass);
136	+ $user->setPlainPassword($pass);
137	+ $user->save();
138	+ $user->sendNewPasswordEmail();
139	+
140	+ Mage::getSingleton('adminhtml/session')->addSuccess(Mage::helper('activecodeline_admin2')->__('Password was sent to your email address. Please check your email and click Back to Login.'));
141	+ }
142	+
143	+ else {
144	+ Mage::getSingleton('adminhtml/session')->addSuccess(Mage::helper('activecodeline_admin2')->__('User %s has been deactivated. Please contact admin to check your user account.', $user->getUsername()));
145	+ }
146	+
147	+ $email = '';
148	+ }
149	+ }
150	+ }
151	+ elseif(!empty($params)) {
152	+ Mage::getSingleton('adminhtml/session')->addError(Mage::helper('activecodeline_admin2')->__('The email address is empty.'));
153	+ }
154	+
155	+ if ($storage = Mage::getSingleton('adminhtml/session')) {
156	+ Mage::app()->getLayout()->getMessagesBlock()->addMessages($storage->getMessages(true));
157	+ Mage::app()->getLayout()->getMessagesBlock()->setEscapeMessageFlag(
158	+ $storage->getEscapeMessages(true)
159	+ );
160	+ }
161	+
162	+ $data = array(
163	+ 'email' => $email,
164	+ 'pcck' => Mage::getUrl('admin/index/forgotpassword', array('pcck'=>md5(time()))),
165	+ );
166	+
167	+ $block = Mage::app()->getLayout()->createBlock('adminhtml/template')->setTemplate("forgotpassword.phtml");
168	+
169	+ foreach($data as $index=>$value) {
170	+ $block->assign($index, $value);
171	+ }
172	+
173	+ //Use echo in place of the return...
174	+ echo Mage::app()->getResponse()->setBody($block->toHtml());
175	+ exit;
176	+ }
177	+
178	+ return $this;
179	+ }
180	+ }

app/code/community/ActiveCodeline/Admin2/Model/Pcck.php ADDED Viewed

	@@ -0,0 +1,17 @@


1	+ <?php
2	+ /**
3	+ * ActiveCodeline_Admin2_Model_Pcck
4	+ *
5	+ * @category ActiveCodeline
6	+ * @package ActiveCodeline_Admin2
7	+ * @author Branko Ajzele (http://activecodeline.net)
8	+ * @copyright Copyright (c) Branko Ajzele
9	+ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
10	+ */
11	+ class ActiveCodeline_Admin2_Model_Pcck extends Mage_Core_Model_Abstract
12	+ {
13	+ protected function _construct()
14	+ {
15	+ $this->_init('activecodeline_admin2/pcck');
16	+ }
17	+ }

app/code/community/ActiveCodeline/Admin2/doc/ActiveCodeline_Admin2_screen1.png ADDED Viewed

Binary file

app/code/community/ActiveCodeline/Admin2/doc/README.txt ADDED Viewed

	@@ -0,0 +1,3 @@


1	+ This extension enables more "safer" way of changing the admin password. In standard Magento (at least up to version 1.5.0.1.) admin password is changed as soon as you do "Forgot my password". This can be potentially annoying if you have someone who is messing with you. All it takes if for that someone to know your username, and he can just do "Forgot my password" and the system would generate new password for you. Thus, next time you try to login, even knowing your old password can push you to do "Forgot my password" yourself. Extension sends confirmation email first, then after you click on the generated link sent in email it changes the password for you.
2	+
3	+ Remember to edit the "\app\locale\en_US\template\email\forgotpassword_confirmation_email.html" file to set custom email message.

app/code/community/ActiveCodeline/Admin2/etc/config.xml ADDED Viewed

	@@ -0,0 +1,72 @@


1	+ <?xml version="1.0"?>
2	+ <!--
3	+ /**
4	+ * @category ActiveCodeline
5	+ * @package ActiveCodeline_Admin2
6	+ * @author Branko Ajzele (http://activecodeline.net)
7	+ * @copyright Copyright (c) Branko Ajzele
8	+ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
9	+ */
10	+ -->
11	+ <config>
12	+ <modules>
13	+ <ActiveCodeline_Admin2>
14	+ <version>1.0.0</version>
15	+ </ActiveCodeline_Admin2>
16	+ </modules>
17	+
18	+ <global>
19	+ <models>
20	+ <activecodeline_admin2>
21	+ <class>ActiveCodeline_Admin2_Model</class>
22	+ <resourceModel>activecodeline_admin2_mysql4</resourceModel>
23	+ </activecodeline_admin2>
24	+
25	+ <activecodeline_admin2_mysql4>
26	+ <class>ActiveCodeline_Admin2_Model_Mysql4</class>
27	+ <entities>
28	+ <pcck>
29	+ <table>activecodeline_admin2_pcck</table>
30	+ </pcck>
31	+ </entities>
32	+ </activecodeline_admin2_mysql4>
33	+ </models>
34	+ <resources>
35	+ <activecodeline_admin2_setup>
36	+ <setup>
37	+ <module>ActiveCodeline_Admin2</module>
38	+ </setup>
39	+ </activecodeline_admin2_setup>
40	+ </resources>
41	+ <blocks>
42	+ <find_feed><class>ActiveCodeline_Admin2_Block</class></find_feed>
43	+ </blocks>
44	+ <helpers>
45	+ <activecodeline_admin2>
46	+ <class>ActiveCodeline_Admin2_Helper</class>
47	+ </activecodeline_admin2>
48	+ </helpers>
49	+ <template>
50	+ <email>
51	+ <activecodeline_forgotpassword_confirmation_email module="activecodeline_admin2">
52	+ <label>Forgotten password confirmation email</label>
53	+ <file>forgotpassword_confirmation_email.html</file>
54	+ <type>html</type>
55	+ </activecodeline_forgotpassword_confirmation_email>
56	+ </email>
57	+ </template>
58	+ </global>
59	+
60	+ <adminhtml>
61	+ <events>
62	+ <controller_action_predispatch>
63	+ <observers>
64	+ <activecodeline_admin2_adminhtml_controller_action_predispatch_start>
65	+ <class>activecodeline_admin2/observer</class>
66	+ <method>hookToAdminhtmlControllerActionPredispatchStart</method>
67	+ </activecodeline_admin2_adminhtml_controller_action_predispatch_start>
68	+ </observers>
69	+ </controller_action_predispatch>
70	+ </events>
71	+ </adminhtml>
72	+ </config>

app/code/community/ActiveCodeline/Admin2/sql/activecodeline_admin2_setup/mysql4-install-1.0.0.php ADDED Viewed

	@@ -0,0 +1,25 @@


1	+ <?php
2	+ /**
3	+ * mysql4-install-1.0.0
4	+ *
5	+ * @category ActiveCodeline
6	+ * @package ActiveCodeline_Admin2
7	+ * @author Branko Ajzele (http://activecodeline.net)
8	+ * @copyright Copyright (c) Branko Ajzele
9	+ * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0)
10	+ */
11	+
12	+ $this->startSetup();
13	+
14	+ $this->run("
15	+ CREATE TABLE {$this->getTable('activecodeline_admin2_pcck')} (
16	+ `pcck_id` INT( 11 ) NOT NULL AUTO_INCREMENT ,
17	+ `pcck` VARCHAR( 32 ) NOT NULL ,
18	+ `issued_on` TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ,
19	+ `issued_to` INT( 11 ) NOT NULL ,
20	+ `is_used` INT( 1 ) NOT NULL ,
21	+ PRIMARY KEY ( `pcck_id` )
22	+ ) ENGINE = MYISAM ;
23	+ ");
24	+
25	+ $this->endSetup();

app/locale/en_US/template/email/forgotpassword_confirmation_email.html ADDED Viewed

	@@ -0,0 +1,6 @@


1	+ <body style="background:#F6F6F6; font-family:Verdana, Arial, Helvetica, sans-serif; font-size:12px; margin:0; padding:0;">
2	+ <div>
3	+ <h1>Forgotten password confirmation email</h1>
4	+ <p>{{var name}}, you requested the password reset for your admin account. Please <a href="{{var pcck_url}}">click this link</a> in order to get the new password. Thank you.</p>
5	+ </div>
6	+ </body>

package.xml ADDED Viewed

	@@ -0,0 +1,18 @@


1	+ <?xml version="1.0"?>
2	+ <package>
3	+ <name>Admin2</name>
4	+ <version>1.0.0</version>
5	+ <stability>stable</stability>
6	+ <license uri="http://www.opensource.org/licenses/osl-3.0.php">OSL v3.0</license>
7	+ <channel>community</channel>
8	+ <extends/>
9	+ <summary>This extension enables more "safer" way of changing the admin password.</summary>
10	+ <description>In standard Magento (at least up to version 1.5.0.1.) admin password is changed as soon as you do "Forgot my password". This can be potentially annoying if you have someone who is messing with you. Please note that I said "anoying", not "dangerous". All it takes if for that someone to know your username, and he can just do "Forgot my password" and the system would generate new password for you. Thus, next time you try to login, even knowing your old password can push you to do "Forgot my password" yourself. Extension sends confirmation email first, then after you click on the generated link sent in email it changes the password for you.</description>
11	+ <notes>Extension should be safe for usage. It uses action pre-dispatch hook to hook into specific controller and specific action.</notes>
12	+ <authors><author><name>Branko Ajzele</name><user>brankoa</user><email>ajzele@gmail.com</email></author></authors>
13	+ <date>2011-02-16</date>
14	+ <time>11:43:02</time>
15	+ <contents><target name="magecommunity"><dir name="ActiveCodeline"><dir name="Admin2"><dir name="Helper"><file name="Data.php" hash="840dfc373453aa66812b31faecd1afc2"/></dir><dir name="Model"><dir name="Mysql4"><dir name="Pcck"><file name="Collection.php" hash="df2b29d7c2f257f0a7d07bec52fb6dba"/></dir><file name="Pcck.php" hash="dda443cefb975cd0435ef729147d7c13"/></dir><file name="Observer.php" hash="342905d01a74ea351ac456aa8faca3c6"/><file name="Pcck.php" hash="df4f6ed1fb0a1c16a0956380fbd17264"/></dir><dir name="doc"><file name="ActiveCodeline_Admin2_screen1.png" hash="b804223b0384905ddc7faa5419c64232"/><file name="README.txt" hash="95d99600ec6354ff33e1366d157d78a1"/></dir><dir name="etc"><file name="config.xml" hash="82175a2eb455f57e376d35e2cbf95695"/></dir><dir name="sql"><dir name="activecodeline_admin2_setup"><file name="mysql4-install-1.0.0.php" hash="60b8b7725983f22d82e52ee35c6e36f2"/></dir></dir></dir></dir></target><target name="magelocale"><dir name="en_US"><dir name="template"><dir name="email"><file name="forgotpassword_confirmation_email.html" hash="cabcaf2eb9e56e166b6fb15bbd84c0aa"/></dir></dir></dir></target></contents>
16	+ <compatible/>
17	+ <dependencies><required><php><min>5.2.0</min><max>6.0.0</max></php></required></dependencies>
18	+ </package>