function execute()
{
global $sessiontoken, $login_customer_id, $messageStack, $oscTemplate;
$error = false;
if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $sessiontoken) {
$email_address = tep_db_prepare_input($_POST['email_address']);
$password = tep_db_prepare_input($_POST['password']);
// Check if email exists
$customer_query = tep_db_query("select customers_id, customers_password from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "' limit 1");
if (!tep_db_num_rows($customer_query)) {
$error = true;
} else {
$customer = tep_db_fetch_array($customer_query);
// Check that password is good
if (!tep_validate_password($password, $customer['customers_password'])) {
$error = true;
} else {
// set $login_customer_id globally and perform post login code in catalog/login.php
$login_customer_id = (int) $customer['customers_id'];
// migrate old hashed password to new phpass password
if (tep_password_type($customer['customers_password']) != 'phpass') {
tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $login_customer_id . "'");
}
}
}
}
if ($error == true) {
$messageStack->add('login', MODULE_CONTENT_LOGIN_TEXT_LOGIN_ERROR);
}
ob_start();
include 'includes/modules/content/' . $this->group . '/templates/login_form.php';
$template = ob_get_clean();
$oscTemplate->addContent($template, $this->group);
}
function execute()
{
global $login_customer_id, $messageStack, $oscTemplate;
$OSCOM_Db = Registry::get('Db');
$error = false;
if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
$email_address = HTML::sanitize($_POST['email_address']);
$password = HTML::sanitize($_POST['password']);
// Check if email exists
$Qcustomer = $OSCOM_Db->get('customers', ['customers_id', 'customers_password'], ['customers_email_address' => $email_address], null, 1);
if ($Qcustomer->fetch() === false) {
$error = true;
} else {
// Check that password is good
if (!tep_validate_password($password, $Qcustomer->value('customers_password'))) {
$error = true;
} else {
// set $login_customer_id globally and perform post login code in catalog/login.php
$login_customer_id = $Qcustomer->valueInt('customers_id');
// migrate old hashed password to new phpass password
if (tep_password_type($Qcustomer->value('customers_password')) != 'phpass') {
$OSCOM_Db->save('customers', ['customers_password' => tep_encrypt_password($password)], ['customers_id' => $login_customer_id]);
}
}
}
}
if ($error == true) {
$messageStack->add('login', MODULE_CONTENT_LOGIN_TEXT_LOGIN_ERROR);
}
ob_start();
include DIR_WS_MODULES . 'content/' . $this->group . '/templates/login_form.php';
$template = ob_get_clean();
$oscTemplate->addContent($template, $this->group);
}
function tep_validate_password($plain, $encrypted)
{
if (tep_not_null($plain) && tep_not_null($encrypted)) {
if (tep_password_type($encrypted) == 'salt') {
return tep_validate_old_password($plain, $encrypted);
}
if (!class_exists('PasswordHash')) {
include DIR_WS_CLASSES . 'passwordhash.php';
}
$hasher = new PasswordHash(10, true);
return $hasher->CheckPassword($plain, $encrypted);
}
return false;
}
case 'process':
if (tep_session_is_registered('redirect_origin') && isset($redirect_origin['auth_user'])) {
$username = tep_db_prepare_input($redirect_origin['auth_user']);
$password = tep_db_prepare_input($redirect_origin['auth_pw']);
} else {
$username = tep_db_prepare_input($HTTP_POST_VARS['username']);
$password = tep_db_prepare_input($HTTP_POST_VARS['password']);
}
$actionRecorder = new actionRecorderAdmin('ar_admin_login', null, $username);
if ($actionRecorder->canPerform()) {
$check_query = tep_db_query("select id, user_name, user_password from " . TABLE_ADMINISTRATORS . " where user_name = '" . tep_db_input($username) . "'");
if (tep_db_num_rows($check_query) == 1) {
$check = tep_db_fetch_array($check_query);
if (tep_validate_password($password, $check['user_password'])) {
// migrate old hashed password to new phpass password
if (tep_password_type($check['user_password']) != 'phpass') {
tep_db_query("update " . TABLE_ADMINISTRATORS . " set user_password = '******' where id = '" . (int) $check['id'] . "'");
}
tep_session_register('admin');
$admin = array('id' => $check['id'], 'username' => $check['user_name']);
$actionRecorder->_user_id = $admin['id'];
$actionRecorder->record();
if (tep_session_is_registered('redirect_origin')) {
$page = $redirect_origin['page'];
$get_string = '';
if (function_exists('http_build_query')) {
$get_string = http_build_query($redirect_origin['get']);
}
tep_session_unregister('redirect_origin');
tep_redirect(tep_href_link($page, $get_string));
} else {
$password = tep_db_prepare_input($HTTP_POST_VARS['password']);
// Check if email exists
$check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . tep_db_input($email_address) . "'");
if (!tep_db_num_rows($check_customer_query)) {
$error = true;
} else {
$check_customer = tep_db_fetch_array($check_customer_query);
// Check that password is good
if (!tep_validate_password($password, $check_customer['customers_password'])) {
$error = true;
} else {
if (SESSION_RECREATE == 'True') {
tep_session_recreate();
}
// migrate old hashed password to new phpass password
if (tep_password_type($check_customer['customers_password']) != 'phpass') {
tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $check_customer['customers_id'] . "'");
}
$check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "'");
$check_country = tep_db_fetch_array($check_country_query);
$customer_id = $check_customer['customers_id'];
$customer_default_address_id = $check_customer['customers_default_address_id'];
$customer_first_name = $check_customer['customers_firstname'];
$customer_country_id = $check_country['entry_country_id'];
$customer_zone_id = $check_country['entry_zone_id'];
tep_session_register('customer_id');
tep_session_register('customer_default_address_id');
tep_session_register('customer_first_name');
tep_session_register('customer_country_id');
tep_session_register('customer_zone_id');
tep_db_query("update " . TABLE_CUSTOMERS_INFO . " set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1, password_reset_key = null, password_reset_date = null where customers_info_id = '" . (int) $customer_id . "'");
