function execute()
{
global $login_customer_id, $messageStack, $oscTemplate;
$OSCOM_Db = Registry::get('Db');
$error = false;
if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) {
$email_address = HTML::sanitize($_POST['email_address']);
$password = HTML::sanitize($_POST['password']);
// Check if email exists
$Qcustomer = $OSCOM_Db->get('customers', ['customers_id', 'customers_password'], ['customers_email_address' => $email_address], null, 1);
if ($Qcustomer->fetch() === false) {
$error = true;
} else {
// Check that password is good
if (!Hash::verify($password, $Qcustomer->value('customers_password'))) {
$error = true;
} else {
// set $login_customer_id globally and perform post login code in catalog/login.php
$login_customer_id = $Qcustomer->valueInt('customers_id');
// migrate old hashed password to new php password_hash
if (Hash::needsRehash($Qcustomer->value('customers_password'))) {
$OSCOM_Db->save('customers', ['customers_password' => Hash::encrypt($password)], ['customers_id' => $login_customer_id]);
}
}
}
}
if ($error == true) {
$messageStack->add('login', OSCOM::getDef('module_content_login_text_login_error'));
}
ob_start();
include 'includes/modules/content/' . $this->group . '/templates/login_form.php';
$template = ob_get_clean();
$oscTemplate->addContent($template, $this->group);
}
switch ($action) {
case 'process':
if (isset($_SESSION['redirect_origin']) && isset($_SESSION['redirect_origin']['auth_user']) && !isset($_POST['username'])) {
$username = HTML::sanitize($_SESSION['redirect_origin']['auth_user']);
$password = HTML::sanitize($_SESSION['redirect_origin']['auth_pw']);
} else {
$username = HTML::sanitize($_POST['username']);
$password = HTML::sanitize($_POST['password']);
}
$actionRecorder = new actionRecorderAdmin('ar_admin_login', null, $username);
if ($actionRecorder->canPerform()) {
$Qadmin = $OSCOM_Db->get('administrators', ['id', 'user_name', 'user_password'], ['user_name' => $username]);
if ($Qadmin->fetch() !== false) {
if (Hash::verify($password, $Qadmin->value('user_password'))) {
// migrate old hashed password to new php password_hash
if (Hash::needsRehash($Qadmin->value('user_password'))) {
$OSCOM_Db->save('administrators', ['user_password' => Hash::encrypt($password)], ['id' => $Qadmin->valueInt('id')]);
}
$_SESSION['admin'] = ['id' => $Qadmin->valueInt('id'), 'username' => $Qadmin->value('user_name')];
$actionRecorder->_user_id = $_SESSION['admin']['id'];
$actionRecorder->record();
if (isset($_SESSION['redirect_origin'])) {
$page = $_SESSION['redirect_origin']['page'];
$get_string = http_build_query($_SESSION['redirect_origin']['get']);
unset($_SESSION['redirect_origin']);
OSCOM::redirect($page, $get_string);
} else {
OSCOM::redirect(FILENAME_DEFAULT);
}
}
}
