PrestaCraft on Facebook

Please like our page on Facebook to get notifications about new tutorials :)


PrestaCraft

Tutorials

There are many systems and applications containing common security feature, which asks the user for a new password after X days have passed. It’s usually used to increase security of users and their accounts.

What if we would like to do the same thing in PrestaShop BackOffice login screen? Keep reading.

To make this possible, we are going to add a new column to the database. It’ll contain the date of user last password change. When we have this, we can count how many days have passed since last password update. In this article I am assuming that 30 days have to pass to make password change form visible.

It’s going to look like this:

pwchange

Before any changes, please remember to do a backup of all your files! I don’t take any responsibility for presumable inconveniences or bugs which may occur after those modifications.

Execute SQL command:

Set the value of password_date column for Your account. The date should be 30 days older or more than the current one. You can edit this value directly using phpMyAdmin or by executing below SQL command:

After this database modification, let’s edit the class model file to make it aware of the new field.

Edit: /classes/Employee.php

Find:

 Add after:

Find:

 Add after:

That was easy.
Let’s edit the controller now.

Edit: /controllers/admin/AdminLoginController.php

We’ll start with changes in processLogin() function.
Find:

 Add after:

We’re using Employee model via Context call, so we can fetch any field from ps_employee table. We need the date of password change. We’ll use strtotime PHP function, which helps in counting the days since last password change.

Let’s focus on password change. It should happen after successful login. However, after BackOffice login we’re redirected to the Dashboard. To prevent this, we should ask a following quesion:

Is the date of last password change older than 30 days?
1. Yeah -> Display password change form, but stay on the same page and don’t redirect me.
2. Nope -> Everything is fine. Go to the BackOffice Dashboard (default action).

Here’s the code.
Find:

 Replace with:

Edit: /adminXXX/themes/default/template/controllers/login/content.tpl

It’s time to place our form in the template.
Let’s prepare error message first.
Find:

 Add after:

And now the form.

Find:

 Add after:

We have to declare when this form and error messages should be displayed to user. Open login.js file.

Edit: /js/login.js

We’ll add some validation. Below condition checks if BackOffice password has less than 8 characters and differs from a new one. If condition passes the error messages will appear.

Find:

 Add after:

It’s time to display our form.

Find:

 Replace with:

The last thing to do in this file is removing unnecessary displayLogin(); function.

Find:

 Remove:

Let’s go back to the controller.

Edit: /controllers/admin/AdminLoginController.php

Find:

 Add after:

Here we’ve added error messages and assigned them to the smarty variables.

Find:

 Add after:

There we’ve placed processChangePassword() function, which is going to be called after sending password change form.

Find:

 Add after:

Comments placed in this code should help you understand the logic.

Edit: /classes/Employee.php

The last thing we’re going to do is to set last login date while adding new employee..
Find:

 Add after:

Set overrides

Last and very important thing is to move all Your changes to override/ directory.
1. Copy and paste files:


Source Destination
classes/Employee.php override/classes/Employee.php
controllers/admin/AdminLoginController.php override/controllers/admin/AdminLoginController.php

2. Replace in DESTINATION files:
class EmployeeCore extends ObjectModel replace with class Employee extends EmployeeCore
class AdminLoginControllerCore extends AdminController replace with class AdminLoginController extends AdminLoginControllerCore

3. Purge cache:
Remove /cache/class_index.php file.

That’s all. Thanks for reading. Any feedback is highly appreciated 🙂

Add a comment

Leave a comment

Your email address will not be published.