if (!defined('AREA')) {
die('Access denied');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
//
// Login mode
//
if ($mode == 'login') {
$redirect_url = !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $index_script;
if (AREA != 'A') {
if (Registry::get('settings.Image_verification.use_for_login') == 'Y' && fn_image_verification('login_' . $_REQUEST['form_name'], empty($_REQUEST['verification_answer']) ? '' : $_REQUEST['verification_answer']) == false) {
$suffix = (strpos($_SERVER['HTTP_REFERER'], '?') !== false ? '&' : '?') . 'login_type=login' . (!empty($_REQUEST['return_url']) ? '&return_url=' . urlencode($_REQUEST['return_url']) : '');
return array(CONTROLLER_STATUS_REDIRECT, "{$_SERVER['HTTP_REFERER']}{$suffix}");
}
}
list($status, $user_data, $user_login, $password) = fn_auth_routines($_REQUEST);
if ($status === false) {
fn_save_post_data();
$suffix = (strpos($_SERVER['HTTP_REFERER'], '?') !== false ? '&' : '?') . 'login_type=login' . (!empty($_REQUEST['return_url']) ? '&return_url=' . urlencode($_REQUEST['return_url']) : '');
return array(CONTROLLER_STATUS_REDIRECT, "{$_SERVER['HTTP_REFERER']}{$suffix}");
}
//
// Success login
//
if (!empty($user_data) && md5($password) == $user_data['password'] && !empty($password)) {
//
// If customer placed orders before login, assign these orders to this account
//
if (!empty($auth['order_ids'])) {
foreach ($auth['order_ids'] as $k => $v) {
db_query("UPDATE ?:orders SET ?u WHERE order_id = ?i", array('user_id' => $user_data['user_id']), $v);
function fn_twg_api_customer_login($user_login, $password)
{
$auth_params = array('user_login' => $user_login, 'password' => $password);
list($status, $user_data, $user_login, $password, $salt) = fn_auth_routines($auth_params, array());
if ($status === false) {
return false;
}
if (empty($user_data) || fn_generate_salted_password($password, $salt) != $user_data['password'] || empty($password)) {
fn_log_event('users', 'failed_login', array('user' => $user_login));
return false;
}
$_SESSION['auth'] = fn_fill_auth($user_data);
// Set last login time
db_query("UPDATE ?:users SET ?u WHERE user_id = ?i", array('last_login' => TIME), $user_data['user_id']);
$_SESSION['auth']['this_login'] = TIME;
$_SESSION['auth']['ip'] = $_SERVER['REMOTE_ADDR'];
// Log user successful login
fn_log_event('users', 'session', array('user_id' => $user_data['user_id']));
if ($cu_id = fn_get_session_data('cu_id')) {
$cart = array();
fn_clear_cart($cart);
fn_save_cart_content($cart, $cu_id, 'C', 'U');
fn_delete_session_data('cu_id');
}
fn_init_user_session_data($_SESSION, $user_data['user_id']);
return $user_data;
}
die('Access denied');
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
//
// Login mode
//
if ($mode == 'login') {
$redirect_url = '';
if (AREA != 'A') {
if (fn_image_verification('login', $_REQUEST) == false) {
fn_save_post_data('user_login');
return array(CONTROLLER_STATUS_REDIRECT);
}
}
fn_restore_processed_user_password($_REQUEST, $_POST);
list($status, $user_data, $user_login, $password, $salt) = fn_auth_routines($_REQUEST, $auth);
if (!empty($_REQUEST['redirect_url'])) {
$redirect_url = $_REQUEST['redirect_url'];
} else {
$redirect_url = fn_url('auth.login' . !empty($_REQUEST['return_url']) ? '?return_url=' . $_REQUEST['return_url'] : '');
}
if ($status === false) {
fn_save_post_data('user_login');
return array(CONTROLLER_STATUS_REDIRECT, $redirect_url);
}
//
// Success login
//
if (!empty($user_data) && !empty($password) && fn_generate_salted_password($password, $salt) == $user_data['password']) {
// Regenerate session_id for security reasons
Session::regenerateId();
if (!defined('BOOTSTRAP')) {
die('Access denied');
}
$log = new Logs();
list($cml, $s_commerceml) = RusEximCommerceml::getParamsCommerceml();
if ($s_commerceml['status'] != 'A') {
RusEximCommerceml::showMessageError("Addon Commerceml disabled");
exit;
}
if (!empty($_SERVER['PHP_AUTH_USER'])) {
$_data['user_login'] = $_SERVER['PHP_AUTH_USER'];
} else {
RusEximCommerceml::showMessageError("Enter login and password user");
exit;
}
list($status, $user_data, $user_login, $password, $salt) = fn_auth_routines($_data, array());
if ($user_login != $_SERVER['PHP_AUTH_USER'] || empty($user_data['password']) || $user_data['password'] != fn_generate_salted_password($_SERVER['PHP_AUTH_PW'], $salt)) {
RusEximCommerceml::showMessageError("Error in login or password user");
exit;
}
if (!RusEximCommerceml::checkAllwedAccess($user_data)) {
RusEximCommerceml::showMessageError("Privileges for user not setted");
exit;
}
RusEximCommerceml::getCompanyStore($user_data);
$type = $mode = '';
$service_exchange = '';
if (isset($_REQUEST['type'])) {
$type = $_REQUEST['type'];
}
if (isset($_REQUEST['mode'])) {
function fn_yandex_auth()
{
if (!empty($_SERVER['PHP_AUTH_USER'])) {
$_data = array('user_login' => $_SERVER['PHP_AUTH_USER'], 'password' => $_SERVER['PHP_AUTH_PW']);
$_auth = array();
list($status, $user_data, $user_login, $password, $salt) = fn_auth_routines($_data, $_auth);
if (!empty($user_data) && $user_data['status'] == 'A' && in_array($user_data['user_type'], array('A', 'V')) && $user_data['password'] == fn_generate_salted_password($_SERVER['PHP_AUTH_PW'], $salt)) {
return $user_data;
}
}
fn_yandex_auth_error(__("error"));
}
