// FIXME: should be moved to another place if (!empty($_REQUEST['ekey'])) { $u_id = db_get_field("SELECT object_id FROM ?:ekeys WHERE ekey = ?s AND object_type = 'U' AND ttl > ?i", $_REQUEST['ekey'], TIME); if (!empty($u_id)) { $udata = db_get_row("SELECT user_id, user_type, tax_exempt, last_login, password_change_timestamp FROM ?:users WHERE user_id = ?i AND status = 'A'", $u_id); // Delete this key db_query("DELETE FROM ?:ekeys WHERE ekey = ?s", $_REQUEST['ekey']); if (!empty($udata)) { $auth = fn_fill_auth($udata, isset($auth['order_ids']) ? $auth['order_ids'] : array()); if (AREA == 'C') { if ($cu_id = fn_get_cookie('cu_id')) { fn_clear_cart($cart); fn_save_cart_content($cart, $cu_id, 'C', 'U'); fn_delete_cookies('cu_id'); } fn_init_user_session_data($_SESSION, $udata['user_id']); } fn_set_notification('N', fn_get_lang_var('notice'), fn_get_lang_var('text_change_password')); return array(CONTROLLER_STATUS_OK, "profiles.update"); } else { fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_account_disabled')); return array(CONTROLLER_STATUS_OK, $index_script); } } else { fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('text_ekey_not_valid')); return array(CONTROLLER_STATUS_OK, "auth.recover_password"); } } fn_add_breadcrumb(fn_get_lang_var('recover_password')); } //
function fn_twg_api_customer_login($user_login, $password) { $auth_params = array('user_login' => $user_login, 'password' => $password); list($status, $user_data, $user_login, $password, $salt) = fn_auth_routines($auth_params, array()); if ($status === false) { return false; } if (empty($user_data) || fn_generate_salted_password($password, $salt) != $user_data['password'] || empty($password)) { fn_log_event('users', 'failed_login', array('user' => $user_login)); return false; } $_SESSION['auth'] = fn_fill_auth($user_data); // Set last login time db_query("UPDATE ?:users SET ?u WHERE user_id = ?i", array('last_login' => TIME), $user_data['user_id']); $_SESSION['auth']['this_login'] = TIME; $_SESSION['auth']['ip'] = $_SERVER['REMOTE_ADDR']; // Log user successful login fn_log_event('users', 'session', array('user_id' => $user_data['user_id'])); if ($cu_id = fn_get_session_data('cu_id')) { $cart = array(); fn_clear_cart($cart); fn_save_cart_content($cart, $cu_id, 'C', 'U'); fn_delete_session_data('cu_id'); } fn_init_user_session_data($_SESSION, $user_data['user_id']); return $user_data; }
if (!empty($_REQUEST['area'])) { $area = $_REQUEST['area']; } else { $area = fn_check_user_type_admin_area($user_data) ? 'A' : 'C'; } if (fn_allowed_for('MULTIVENDOR')) { if ($user_data['user_type'] == 'V') { $area = $area == 'A' ? 'V' : $area; } } $sess_data = array('auth' => fn_fill_auth($user_data, array(), true, $area), 'last_status' => empty($_SESSION['last_status']) ? '' : $_SESSION['last_status']); if (Registry::get('settings.General.store_mode') == 'Y') { $sess_data['store_access_key'] = Registry::get('settings.General.store_access_key'); } $areas = array('A' => 'admin', 'V' => 'vendor', 'C' => 'customer'); fn_init_user_session_data($sess_data, $_REQUEST['user_id'], true); $old_sess_id = Session::getId(); $redirect_url = !empty($_REQUEST['redirect_url']) ? $_REQUEST['redirect_url'] : ''; if ($area != 'C') { Session::setName($areas[$area]); $sess_id = Session::regenerateId(); Session::save($sess_id, $sess_data, $area); Session::setName(ACCOUNT_TYPE); Session::setId($old_sess_id, false); } else { // Save unique key for session $key = fn_crc32(microtime()) . fn_crc32(microtime() + 1); fn_set_storage_data('session_' . $key . '_data', serialize($sess_data)); if (fn_allowed_for('ULTIMATE')) { $company_id_in_url = fn_get_company_id_from_uri($redirect_url); if (Registry::get('runtime.company_id') || !empty($user_data['company_id']) || Registry::get('runtime.simple_ultimate') || !empty($company_id_in_url)) {
/** * Log in user using only user id * return 0 - we can't find user with provided user_id * return 1 - user was successfully loggined * return 2 - user disabled * */ function fn_login_user($user_id = '') { $udata = array(); $auth =& $_SESSION['auth']; $condition = ''; $result = LOGIN_STATUS_USER_NOT_FOUND; fn_set_hook('login_user_pre', $user_id, $udata, $auth, $condition); if (!empty($user_id)) { if (fn_allowed_for('ULTIMATE')) { if (Registry::get('settings.Stores.share_users') == 'N' && AREA != 'A') { $condition .= fn_get_company_condition('?:users.company_id'); } } $udata = db_get_row("SELECT * FROM ?:users WHERE user_id = ?i AND status = 'A'" . $condition, $user_id); if (empty($udata)) { $udata = db_get_row("SELECT * FROM ?:users WHERE user_id = ?i AND user_type IN ('A', 'V', 'P')", $user_id); } unset($_SESSION['status']); $auth = fn_fill_auth($udata, $auth); if (!empty($udata)) { fn_set_hook('sucess_user_login', $udata, $auth); if (AREA == 'C') { if ($cu_id = fn_get_session_data('cu_id')) { fn_clear_cart($cart); fn_save_cart_content($cart, $cu_id, 'C', 'U'); fn_delete_session_data('cu_id'); } fn_init_user_session_data($_SESSION, $udata['user_id']); } // Set last login time db_query("UPDATE ?:users SET ?u WHERE user_id = ?i", array('last_login' => TIME), $user_id); // Log user successful login fn_log_event('users', 'session', array('user_id' => $user_id)); $result = LOGIN_STATUS_OK; } else { $result = LOGIN_STATUS_USER_DISABLED; } } else { $auth = fn_fill_auth($udata, $auth); $result = LOGIN_STATUS_USER_NOT_FOUND; } fn_init_user(); fn_set_hook('login_user_post', $user_id, $cu_id, $udata, $auth, $condition, $result); return $result; }
/** * Log in user using only user id * * @param int $user_id User identifier * @param bool $regenerate_session_id Need regenerate session id. Default false. * @return string * return 0 - we can't find user with provided user_id * return 1 - user was successfully logged * return 2 - user disabled */ function fn_login_user($user_id = 0, $regenerate_session_id = false) { $udata = array(); $auth =& Tygh::$app['session']['auth']; $condition = ''; $result = LOGIN_STATUS_USER_NOT_FOUND; /** * Change parameter for login user * * @param int $user_id User identifier * @param array $udata User data * @param array $auth Authentication data * @param array $condition String containing SQL-query condition possibly prepended with a logical operator (AND or OR) */ fn_set_hook('login_user_pre', $user_id, $udata, $auth, $condition); if (!empty($user_id)) { if ($regenerate_session_id) { Tygh::$app['session']->regenerateID(); $auth =& Tygh::$app['session']['auth']; } if (fn_allowed_for('ULTIMATE')) { if (Registry::get('settings.Stores.share_users') == 'N' && AREA != 'A') { $condition .= fn_get_company_condition('?:users.company_id'); } } $udata = db_get_row("SELECT * FROM ?:users WHERE user_id = ?i AND status = 'A'" . $condition, $user_id); if (empty($udata)) { $udata = db_get_row("SELECT * FROM ?:users WHERE user_id = ?i AND user_type IN ('A', 'V', 'P')", $user_id); } unset(Tygh::$app['session']['status']); $auth = fn_fill_auth($udata, $auth); if (!empty($udata)) { fn_set_hook('sucess_user_login', $udata, $auth); if (AREA == 'C') { if ($cu_id = fn_get_session_data('cu_id')) { fn_clear_cart($cart); fn_save_cart_content($cart, $cu_id, 'C', 'U'); fn_delete_session_data('cu_id'); } fn_init_user_session_data(Tygh::$app['session'], $udata['user_id']); } // Set last login time db_query("UPDATE ?:users SET ?u WHERE user_id = ?i", array('last_login' => TIME), $user_id); // Log user successful login fn_log_event('users', 'session', array('user_id' => $user_id)); $result = LOGIN_STATUS_OK; } else { $result = LOGIN_STATUS_USER_DISABLED; } } else { $auth = fn_fill_auth($udata, $auth); $result = LOGIN_STATUS_USER_NOT_FOUND; } fn_init_user(); /** * Modifies the result after login user * * @param int $user_id User identifier * @param int $cu_id Cart user identifier * @param array $udata User data * @param array $auth Authentication data * @param array $condition String containing SQL-query condition possibly prepended with a logical operator (AND or OR) * @param string $result Result user login */ fn_set_hook('login_user_post', $user_id, $cu_id, $udata, $auth, $condition, $result); return $result; }
<?php use Tygh\Session; if (!defined('BOOTSTRAP')) { die('Access denied'); } if ($mode == 'cart') { if (!empty($_REQUEST['hash'])) { $hash = urldecode($_REQUEST['hash']); $hash = base64_decode($_REQUEST['hash']); $hash = (array) json_decode($hash); if (!empty($hash['user_id']) && !empty($hash['session_id'])) { $user_data = db_get_row("SELECT * FROM ?:users WHERE user_id = ?i ", $hash['user_id']); $area = 'C'; $sess_data = array('auth' => fn_fill_auth($user_data, array(), true, $area), 'last_status' => empty($_SESSION['last_status']) ? '' : $_SESSION['last_status']); fn_init_user_session_data($sess_data, $hash['user_id']); fn_set_storage_data('session_' . $hash['session_id'] . '_data', serialize($sess_data)); $url = fn_link_attach('checkout.cart', 'skey=' . $hash['session_id']); return array(CONTROLLER_STATUS_REDIRECT, fn_url($url)); } } else { return array(CONTROLLER_STATUS_DENIED); } }