function execute() { global $login_customer_id, $messageStack, $oscTemplate; $OSCOM_Db = Registry::get('Db'); $error = false; if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) { $email_address = HTML::sanitize($_POST['email_address']); $password = HTML::sanitize($_POST['password']); // Check if email exists $Qcustomer = $OSCOM_Db->get('customers', ['customers_id', 'customers_password'], ['customers_email_address' => $email_address], null, 1); if ($Qcustomer->fetch() === false) { $error = true; } else { // Check that password is good if (!Hash::verify($password, $Qcustomer->value('customers_password'))) { $error = true; } else { // set $login_customer_id globally and perform post login code in catalog/login.php $login_customer_id = $Qcustomer->valueInt('customers_id'); // migrate old hashed password to new php password_hash if (Hash::needsRehash($Qcustomer->value('customers_password'))) { $OSCOM_Db->save('customers', ['customers_password' => Hash::encrypt($password)], ['customers_id' => $login_customer_id]); } } } } if ($error == true) { $messageStack->add('login', OSCOM::getDef('module_content_login_text_login_error')); } ob_start(); include 'includes/modules/content/' . $this->group . '/templates/login_form.php'; $template = ob_get_clean(); $oscTemplate->addContent($template, $this->group); }
switch ($action) { case 'process': if (isset($_SESSION['redirect_origin']) && isset($_SESSION['redirect_origin']['auth_user']) && !isset($_POST['username'])) { $username = HTML::sanitize($_SESSION['redirect_origin']['auth_user']); $password = HTML::sanitize($_SESSION['redirect_origin']['auth_pw']); } else { $username = HTML::sanitize($_POST['username']); $password = HTML::sanitize($_POST['password']); } $actionRecorder = new actionRecorderAdmin('ar_admin_login', null, $username); if ($actionRecorder->canPerform()) { $Qadmin = $OSCOM_Db->get('administrators', ['id', 'user_name', 'user_password'], ['user_name' => $username]); if ($Qadmin->fetch() !== false) { if (Hash::verify($password, $Qadmin->value('user_password'))) { // migrate old hashed password to new php password_hash if (Hash::needsRehash($Qadmin->value('user_password'))) { $OSCOM_Db->save('administrators', ['user_password' => Hash::encrypt($password)], ['id' => $Qadmin->valueInt('id')]); } $_SESSION['admin'] = ['id' => $Qadmin->valueInt('id'), 'username' => $Qadmin->value('user_name')]; $actionRecorder->_user_id = $_SESSION['admin']['id']; $actionRecorder->record(); if (isset($_SESSION['redirect_origin'])) { $page = $_SESSION['redirect_origin']['page']; $get_string = http_build_query($_SESSION['redirect_origin']['get']); unset($_SESSION['redirect_origin']); OSCOM::redirect($page, $get_string); } else { OSCOM::redirect(FILENAME_DEFAULT); } } }