if (!defined('AREA')) { die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { // // Login mode // if ($mode == 'login') { $redirect_url = !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : $index_script; if (AREA != 'A') { if (Registry::get('settings.Image_verification.use_for_login') == 'Y' && fn_image_verification('login_' . $_REQUEST['form_name'], empty($_REQUEST['verification_answer']) ? '' : $_REQUEST['verification_answer']) == false) { $suffix = (strpos($_SERVER['HTTP_REFERER'], '?') !== false ? '&' : '?') . 'login_type=login' . (!empty($_REQUEST['return_url']) ? '&return_url=' . urlencode($_REQUEST['return_url']) : ''); return array(CONTROLLER_STATUS_REDIRECT, "{$_SERVER['HTTP_REFERER']}{$suffix}"); } } list($status, $user_data, $user_login, $password) = fn_auth_routines($_REQUEST); if ($status === false) { fn_save_post_data(); $suffix = (strpos($_SERVER['HTTP_REFERER'], '?') !== false ? '&' : '?') . 'login_type=login' . (!empty($_REQUEST['return_url']) ? '&return_url=' . urlencode($_REQUEST['return_url']) : ''); return array(CONTROLLER_STATUS_REDIRECT, "{$_SERVER['HTTP_REFERER']}{$suffix}"); } // // Success login // if (!empty($user_data) && md5($password) == $user_data['password'] && !empty($password)) { // // If customer placed orders before login, assign these orders to this account // if (!empty($auth['order_ids'])) { foreach ($auth['order_ids'] as $k => $v) { db_query("UPDATE ?:orders SET ?u WHERE order_id = ?i", array('user_id' => $user_data['user_id']), $v);
function fn_twg_api_customer_login($user_login, $password) { $auth_params = array('user_login' => $user_login, 'password' => $password); list($status, $user_data, $user_login, $password, $salt) = fn_auth_routines($auth_params, array()); if ($status === false) { return false; } if (empty($user_data) || fn_generate_salted_password($password, $salt) != $user_data['password'] || empty($password)) { fn_log_event('users', 'failed_login', array('user' => $user_login)); return false; } $_SESSION['auth'] = fn_fill_auth($user_data); // Set last login time db_query("UPDATE ?:users SET ?u WHERE user_id = ?i", array('last_login' => TIME), $user_data['user_id']); $_SESSION['auth']['this_login'] = TIME; $_SESSION['auth']['ip'] = $_SERVER['REMOTE_ADDR']; // Log user successful login fn_log_event('users', 'session', array('user_id' => $user_data['user_id'])); if ($cu_id = fn_get_session_data('cu_id')) { $cart = array(); fn_clear_cart($cart); fn_save_cart_content($cart, $cu_id, 'C', 'U'); fn_delete_session_data('cu_id'); } fn_init_user_session_data($_SESSION, $user_data['user_id']); return $user_data; }
die('Access denied'); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { // // Login mode // if ($mode == 'login') { $redirect_url = ''; if (AREA != 'A') { if (fn_image_verification('login', $_REQUEST) == false) { fn_save_post_data('user_login'); return array(CONTROLLER_STATUS_REDIRECT); } } fn_restore_processed_user_password($_REQUEST, $_POST); list($status, $user_data, $user_login, $password, $salt) = fn_auth_routines($_REQUEST, $auth); if (!empty($_REQUEST['redirect_url'])) { $redirect_url = $_REQUEST['redirect_url']; } else { $redirect_url = fn_url('auth.login' . !empty($_REQUEST['return_url']) ? '?return_url=' . $_REQUEST['return_url'] : ''); } if ($status === false) { fn_save_post_data('user_login'); return array(CONTROLLER_STATUS_REDIRECT, $redirect_url); } // // Success login // if (!empty($user_data) && !empty($password) && fn_generate_salted_password($password, $salt) == $user_data['password']) { // Regenerate session_id for security reasons Session::regenerateId();
if (!defined('BOOTSTRAP')) { die('Access denied'); } $log = new Logs(); list($cml, $s_commerceml) = RusEximCommerceml::getParamsCommerceml(); if ($s_commerceml['status'] != 'A') { RusEximCommerceml::showMessageError("Addon Commerceml disabled"); exit; } if (!empty($_SERVER['PHP_AUTH_USER'])) { $_data['user_login'] = $_SERVER['PHP_AUTH_USER']; } else { RusEximCommerceml::showMessageError("Enter login and password user"); exit; } list($status, $user_data, $user_login, $password, $salt) = fn_auth_routines($_data, array()); if ($user_login != $_SERVER['PHP_AUTH_USER'] || empty($user_data['password']) || $user_data['password'] != fn_generate_salted_password($_SERVER['PHP_AUTH_PW'], $salt)) { RusEximCommerceml::showMessageError("Error in login or password user"); exit; } if (!RusEximCommerceml::checkAllwedAccess($user_data)) { RusEximCommerceml::showMessageError("Privileges for user not setted"); exit; } RusEximCommerceml::getCompanyStore($user_data); $type = $mode = ''; $service_exchange = ''; if (isset($_REQUEST['type'])) { $type = $_REQUEST['type']; } if (isset($_REQUEST['mode'])) {
function fn_yandex_auth() { if (!empty($_SERVER['PHP_AUTH_USER'])) { $_data = array('user_login' => $_SERVER['PHP_AUTH_USER'], 'password' => $_SERVER['PHP_AUTH_PW']); $_auth = array(); list($status, $user_data, $user_login, $password, $salt) = fn_auth_routines($_data, $_auth); if (!empty($user_data) && $user_data['status'] == 'A' && in_array($user_data['user_type'], array('A', 'V')) && $user_data['password'] == fn_generate_salted_password($_SERVER['PHP_AUTH_PW'], $salt)) { return $user_data; } } fn_yandex_auth_error(__("error")); }