// FIXME: should be moved to another place
if (!empty($_REQUEST['ekey'])) {
$u_id = db_get_field("SELECT object_id FROM ?:ekeys WHERE ekey = ?s AND object_type = 'U' AND ttl > ?i", $_REQUEST['ekey'], TIME);
if (!empty($u_id)) {
$udata = db_get_row("SELECT user_id, user_type, tax_exempt, last_login, password_change_timestamp FROM ?:users WHERE user_id = ?i AND status = 'A'", $u_id);
// Delete this key
db_query("DELETE FROM ?:ekeys WHERE ekey = ?s", $_REQUEST['ekey']);
if (!empty($udata)) {
$auth = fn_fill_auth($udata, isset($auth['order_ids']) ? $auth['order_ids'] : array());
if (AREA == 'C') {
if ($cu_id = fn_get_cookie('cu_id')) {
fn_clear_cart($cart);
fn_save_cart_content($cart, $cu_id, 'C', 'U');
fn_delete_cookies('cu_id');
}
fn_init_user_session_data($_SESSION, $udata['user_id']);
}
fn_set_notification('N', fn_get_lang_var('notice'), fn_get_lang_var('text_change_password'));
return array(CONTROLLER_STATUS_OK, "profiles.update");
} else {
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_account_disabled'));
return array(CONTROLLER_STATUS_OK, $index_script);
}
} else {
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('text_ekey_not_valid'));
return array(CONTROLLER_STATUS_OK, "auth.recover_password");
}
}
fn_add_breadcrumb(fn_get_lang_var('recover_password'));
}
//
function fn_twg_api_customer_login($user_login, $password)
{
$auth_params = array('user_login' => $user_login, 'password' => $password);
list($status, $user_data, $user_login, $password, $salt) = fn_auth_routines($auth_params, array());
if ($status === false) {
return false;
}
if (empty($user_data) || fn_generate_salted_password($password, $salt) != $user_data['password'] || empty($password)) {
fn_log_event('users', 'failed_login', array('user' => $user_login));
return false;
}
$_SESSION['auth'] = fn_fill_auth($user_data);
// Set last login time
db_query("UPDATE ?:users SET ?u WHERE user_id = ?i", array('last_login' => TIME), $user_data['user_id']);
$_SESSION['auth']['this_login'] = TIME;
$_SESSION['auth']['ip'] = $_SERVER['REMOTE_ADDR'];
// Log user successful login
fn_log_event('users', 'session', array('user_id' => $user_data['user_id']));
if ($cu_id = fn_get_session_data('cu_id')) {
$cart = array();
fn_clear_cart($cart);
fn_save_cart_content($cart, $cu_id, 'C', 'U');
fn_delete_session_data('cu_id');
}
fn_init_user_session_data($_SESSION, $user_data['user_id']);
return $user_data;
}
if (!empty($_REQUEST['area'])) {
$area = $_REQUEST['area'];
} else {
$area = fn_check_user_type_admin_area($user_data) ? 'A' : 'C';
}
if (fn_allowed_for('MULTIVENDOR')) {
if ($user_data['user_type'] == 'V') {
$area = $area == 'A' ? 'V' : $area;
}
}
$sess_data = array('auth' => fn_fill_auth($user_data, array(), true, $area), 'last_status' => empty($_SESSION['last_status']) ? '' : $_SESSION['last_status']);
if (Registry::get('settings.General.store_mode') == 'Y') {
$sess_data['store_access_key'] = Registry::get('settings.General.store_access_key');
}
$areas = array('A' => 'admin', 'V' => 'vendor', 'C' => 'customer');
fn_init_user_session_data($sess_data, $_REQUEST['user_id'], true);
$old_sess_id = Session::getId();
$redirect_url = !empty($_REQUEST['redirect_url']) ? $_REQUEST['redirect_url'] : '';
if ($area != 'C') {
Session::setName($areas[$area]);
$sess_id = Session::regenerateId();
Session::save($sess_id, $sess_data, $area);
Session::setName(ACCOUNT_TYPE);
Session::setId($old_sess_id, false);
} else {
// Save unique key for session
$key = fn_crc32(microtime()) . fn_crc32(microtime() + 1);
fn_set_storage_data('session_' . $key . '_data', serialize($sess_data));
if (fn_allowed_for('ULTIMATE')) {
$company_id_in_url = fn_get_company_id_from_uri($redirect_url);
if (Registry::get('runtime.company_id') || !empty($user_data['company_id']) || Registry::get('runtime.simple_ultimate') || !empty($company_id_in_url)) {
/**
* Log in user using only user id
* return 0 - we can't find user with provided user_id
* return 1 - user was successfully loggined
* return 2 - user disabled
*
*/
function fn_login_user($user_id = '')
{
$udata = array();
$auth =& $_SESSION['auth'];
$condition = '';
$result = LOGIN_STATUS_USER_NOT_FOUND;
fn_set_hook('login_user_pre', $user_id, $udata, $auth, $condition);
if (!empty($user_id)) {
if (fn_allowed_for('ULTIMATE')) {
if (Registry::get('settings.Stores.share_users') == 'N' && AREA != 'A') {
$condition .= fn_get_company_condition('?:users.company_id');
}
}
$udata = db_get_row("SELECT * FROM ?:users WHERE user_id = ?i AND status = 'A'" . $condition, $user_id);
if (empty($udata)) {
$udata = db_get_row("SELECT * FROM ?:users WHERE user_id = ?i AND user_type IN ('A', 'V', 'P')", $user_id);
}
unset($_SESSION['status']);
$auth = fn_fill_auth($udata, $auth);
if (!empty($udata)) {
fn_set_hook('sucess_user_login', $udata, $auth);
if (AREA == 'C') {
if ($cu_id = fn_get_session_data('cu_id')) {
fn_clear_cart($cart);
fn_save_cart_content($cart, $cu_id, 'C', 'U');
fn_delete_session_data('cu_id');
}
fn_init_user_session_data($_SESSION, $udata['user_id']);
}
// Set last login time
db_query("UPDATE ?:users SET ?u WHERE user_id = ?i", array('last_login' => TIME), $user_id);
// Log user successful login
fn_log_event('users', 'session', array('user_id' => $user_id));
$result = LOGIN_STATUS_OK;
} else {
$result = LOGIN_STATUS_USER_DISABLED;
}
} else {
$auth = fn_fill_auth($udata, $auth);
$result = LOGIN_STATUS_USER_NOT_FOUND;
}
fn_init_user();
fn_set_hook('login_user_post', $user_id, $cu_id, $udata, $auth, $condition, $result);
return $result;
}
/**
* Log in user using only user id
*
* @param int $user_id User identifier
* @param bool $regenerate_session_id Need regenerate session id. Default false.
* @return string
* return 0 - we can't find user with provided user_id
* return 1 - user was successfully logged
* return 2 - user disabled
*/
function fn_login_user($user_id = 0, $regenerate_session_id = false)
{
$udata = array();
$auth =& Tygh::$app['session']['auth'];
$condition = '';
$result = LOGIN_STATUS_USER_NOT_FOUND;
/**
* Change parameter for login user
*
* @param int $user_id User identifier
* @param array $udata User data
* @param array $auth Authentication data
* @param array $condition String containing SQL-query condition possibly prepended with a logical operator (AND or OR)
*/
fn_set_hook('login_user_pre', $user_id, $udata, $auth, $condition);
if (!empty($user_id)) {
if ($regenerate_session_id) {
Tygh::$app['session']->regenerateID();
$auth =& Tygh::$app['session']['auth'];
}
if (fn_allowed_for('ULTIMATE')) {
if (Registry::get('settings.Stores.share_users') == 'N' && AREA != 'A') {
$condition .= fn_get_company_condition('?:users.company_id');
}
}
$udata = db_get_row("SELECT * FROM ?:users WHERE user_id = ?i AND status = 'A'" . $condition, $user_id);
if (empty($udata)) {
$udata = db_get_row("SELECT * FROM ?:users WHERE user_id = ?i AND user_type IN ('A', 'V', 'P')", $user_id);
}
unset(Tygh::$app['session']['status']);
$auth = fn_fill_auth($udata, $auth);
if (!empty($udata)) {
fn_set_hook('sucess_user_login', $udata, $auth);
if (AREA == 'C') {
if ($cu_id = fn_get_session_data('cu_id')) {
fn_clear_cart($cart);
fn_save_cart_content($cart, $cu_id, 'C', 'U');
fn_delete_session_data('cu_id');
}
fn_init_user_session_data(Tygh::$app['session'], $udata['user_id']);
}
// Set last login time
db_query("UPDATE ?:users SET ?u WHERE user_id = ?i", array('last_login' => TIME), $user_id);
// Log user successful login
fn_log_event('users', 'session', array('user_id' => $user_id));
$result = LOGIN_STATUS_OK;
} else {
$result = LOGIN_STATUS_USER_DISABLED;
}
} else {
$auth = fn_fill_auth($udata, $auth);
$result = LOGIN_STATUS_USER_NOT_FOUND;
}
fn_init_user();
/**
* Modifies the result after login user
*
* @param int $user_id User identifier
* @param int $cu_id Cart user identifier
* @param array $udata User data
* @param array $auth Authentication data
* @param array $condition String containing SQL-query condition possibly prepended with a logical operator (AND or OR)
* @param string $result Result user login
*/
fn_set_hook('login_user_post', $user_id, $cu_id, $udata, $auth, $condition, $result);
return $result;
}
<?php
use Tygh\Session;
if (!defined('BOOTSTRAP')) {
die('Access denied');
}
if ($mode == 'cart') {
if (!empty($_REQUEST['hash'])) {
$hash = urldecode($_REQUEST['hash']);
$hash = base64_decode($_REQUEST['hash']);
$hash = (array) json_decode($hash);
if (!empty($hash['user_id']) && !empty($hash['session_id'])) {
$user_data = db_get_row("SELECT * FROM ?:users WHERE user_id = ?i ", $hash['user_id']);
$area = 'C';
$sess_data = array('auth' => fn_fill_auth($user_data, array(), true, $area), 'last_status' => empty($_SESSION['last_status']) ? '' : $_SESSION['last_status']);
fn_init_user_session_data($sess_data, $hash['user_id']);
fn_set_storage_data('session_' . $hash['session_id'] . '_data', serialize($sess_data));
$url = fn_link_attach('checkout.cart', 'skey=' . $hash['session_id']);
return array(CONTROLLER_STATUS_REDIRECT, fn_url($url));
}
} else {
return array(CONTROLLER_STATUS_DENIED);
}
}
