/**
* Public function that creates a single instance
*/
public static function getInstance()
{
if (!isset(self::$_instance)) {
self::$_instance = new self();
}
return self::$_instance;
}
/**
* Get existing or create a new user account.
*
* @return object
*/
private function getUserAccount()
{
$result = null;
$existing_user = isset($_POST['existing_user']) ? fix_id($_POST['existing_user']) : null;
// set proper account data based on users choice
if (!is_null($existing_user)) {
switch ($existing_user) {
case User::EXISTING:
$manager = ShopBuyersManager::getInstance();
$retry_manager = LoginRetryManager::getInstance();
$email = fix_chars($_REQUEST['sign_in_email']);
$password = hash_hmac('sha256', $_REQUEST['sign_in_password'], shop::BUYER_SECRET);
// get account from database
$account = $manager->getSingleItem($manager->getFieldNames(), array('email' => $email, 'password' => $password, 'guest' => 0));
// if account exists pass it as result
if (is_object($account)) {
$result = $account;
}
break;
case User::CREATE:
$data = array('first_name' => fix_chars($_REQUEST['first_name']), 'last_name' => fix_chars($_REQUEST['last_name']), 'email' => fix_chars($_REQUEST['new_email']), 'uid' => isset($_REQUEST['uid']) ? fix_chars($_REQUEST['uid']) : '', 'validated' => 0, 'guest' => 0);
if ($_REQUEST['new_password'] == $_REQUEST['new_password_confirm'] || empty($_REQUEST['new_password'])) {
// password fields match, salt and hash password
$data['password'] = hash_hmac('sha256', $_REQUEST['new_password'], shop::BUYER_SECRET);
// create new account
$manager->insertData($account_information);
// get account object
$id = $manager->getInsertedID();
$result = $manager->getSingleItem($manager->getFieldNames(), array('id' => $id));
}
break;
case User::GUEST:
// collect data
if (isset($_REQUEST['name'])) {
$name = explode(' ', fix_chars($_REQUEST['name']), 1);
$first_name = $name[0];
$last_name = $name[1];
} else {
$first_name = fix_chars($_REQUEST['first_name']);
$last_name = fix_chars($_REQUEST['last_name']);
}
$uid = isset($_REQUEST['uid']) ? fix_chars($_REQUEST['uid']) : null;
$email = isset($_REQUEST['email']) ? fix_chars($_REQUEST['email']) : null;
$conditions = array();
$data = array('first_name' => $first_name, 'last_name' => $last_name, 'password' => '', 'validated' => 0, 'guest' => 1);
// include uid if specified
if (!is_null($uid)) {
$conditions['uid'] = $uid;
$data['uid'] = $uid;
}
// include email if specified
if (!is_null($email)) {
$conditions['email'] = $email;
$data['email'] = $email;
}
// try finding existing account
if (count($conditions) > 0) {
$account = $manager->getSingleItem($manager->getFieldNames(), $conditions);
if (is_object($account)) {
$result = $account;
}
}
// create new account
if (is_null($result)) {
// create new account
$manager->insertData($account_information);
// get account object
$id = $manager->getInsertedID();
$result = $manager->getSingleItem($manager->getFieldNames(), array('id' => $id));
}
break;
}
}
return $result;
}
/**
* Perform AJAX login
*/
private function json_Login()
{
$captcha_ok = false;
$username = fix_chars($_REQUEST['username']);
$password = fix_chars($_REQUEST['password']);
$captcha = isset($_REQUEST['captcha']) ? fix_chars($_REQUEST['captcha']) : '';
$lasting_session = isset($_REQUEST['lasting']) && ($_REQUEST['lasting'] == 'on' || $_REQUEST['lasting'] == '1') ? true : false;
$result = array('logged_in' => false, 'show_captcha' => false, 'message' => '');
$manager = UserManager::getInstance();
$retry_manager = LoginRetryManager::getInstance();
// prepare hashed password
$test_user = $manager->getSingleItem(array('salt'), array('username' => $username));
if (is_object($test_user) && !empty($test_user->salt)) {
// hash password using stored salt
$hashed_password = hash_hmac('sha256', $password, $test_user->salt);
} else {
// old salting method
$hashed_password = hash_hmac('sha256', $password, UserManager::SALT);
}
// get user based with password
$user = $manager->getSingleItem($manager->getFieldNames(), array('username' => $username, 'password' => array($password, $hashed_password)));
$retry_count = $retry_manager->getRetryCount();
// check captcha
if ($retry_count > 3) {
// on purpose we make a separate condition, if captcha
// module is not loaded, block IP address for one day
if (class_exists('captcha')) {
$captcha_module = captcha::getInstance();
$captcha_ok = $captcha_module->isCaptchaValid($captcha);
$captcha_module->resetCaptcha();
}
} else {
$captcha_ok = true;
}
// check user data
if (is_object($user) && $captcha_ok && $user->verified) {
// remove login retries
$retry_manager->clearAddress();
// change session type
if ($lasting_session) {
Session::change_type(Session::TYPE_EXTENDED);
}
// set session variables
$_SESSION['uid'] = $user->id;
$_SESSION['logged'] = true;
$_SESSION['level'] = $user->level;
$_SESSION['username'] = $user->username;
$_SESSION['fullname'] = $user->fullname;
$result['logged_in'] = true;
} elseif (is_object($user) && $captcha_ok && !$user->verified) {
// user is logged but account is not verified
$result['message'] = $this->parent->getLanguageConstant('message_users_account_not_verified');
} else {
// user is not logged in properly, increase fail
// counter and present login window with message
$count = $retry_manager->increaseCount();
$result['message'] = $this->parent->getLanguageConstant('message_login_error');
$result['show_captcha'] = $count > 3;
}
print json_encode($result);
}
