function fn_auth_routines($request, $auth) { $status = true; $user_login = !empty($request['user_login']) ? trim($request['user_login']) : ''; $password = !empty($request['password']) ? $request['password'] : ''; $field = 'email'; $condition = ''; if (fn_allowed_for('ULTIMATE')) { if (Registry::get('settings.Stores.share_users') == 'N' && AREA != 'A') { $condition = fn_get_company_condition('?:users.company_id'); } } $user_data = db_get_row("SELECT * FROM ?:users WHERE {$field} = ?s" . $condition, $user_login); if (empty($user_data)) { $user_data = db_get_row("SELECT * FROM ?:users WHERE {$field} = ?s AND user_type IN ('A', 'V', 'P')", $user_login); } if (!empty($user_data)) { $user_data['usergroups'] = fn_get_user_usergroups($user_data['user_id']); } if (!empty($user_data) && (!fn_check_user_type_admin_area($user_data) && AREA == 'A' || !fn_check_user_type_access_rules($user_data))) { fn_set_notification('E', __('error'), __('error_area_access_denied')); $status = false; } if (!empty($user_data['status']) && $user_data['status'] == 'D') { fn_set_notification('E', __('error'), __('error_account_disabled')); $status = false; } $salt = isset($user_data['salt']) ? $user_data['salt'] : ''; return array($status, $user_data, $user_login, $password, $salt); }
} if (empty($auth['user_id']) && !fn_check_permissions(Registry::get('runtime.controller'), Registry::get('runtime.mode'), 'trusted_controllers')) { if (Registry::get('runtime.controller') != 'index') { fn_set_notification('E', __('access_denied'), __('error_not_logged')); if (defined('AJAX_REQUEST')) { // We should make redirect to page which triggered AJAX-request instead of the AJAX-requested one. $login_form_url = 'auth.login_form'; if (isset($_SERVER['HTTP_REFERER']) && ($referer = @parse_url($_SERVER['HTTP_REFERER'])) && isset($referer['host'], $referer['query']) && $referer['host'] == Registry::get('config.current_host')) { $login_form_url .= '?return_url=' . urlencode(fn_url_remove_service_params(Registry::get('config.admin_index') . '?' . $referer['query'])); } Tygh::$app['ajax']->assign('force_redirection', fn_url($login_form_url)); exit; } } return array(CONTROLLER_STATUS_REDIRECT, 'auth.login_form?return_url=' . urlencode(Registry::get('config.current_url'))); } elseif (!empty($auth['user_id']) && !fn_check_user_type_access_rules($auth)) { fn_set_notification('E', __('error'), __('error_area_access_denied')); return array(CONTROLLER_STATUS_DENIED); } elseif (!empty($auth['user_id']) && !fn_check_permissions(Registry::get('runtime.controller'), Registry::get('runtime.mode'), 'trusted_controllers') && $_SERVER['REQUEST_METHOD'] != 'POST') { // PCI DSS Compliance $auth['password_change_timestamp'] = !empty($auth['password_change_timestamp']) ? $auth['password_change_timestamp'] : 0; $time_diff = TIME - $auth['password_change_timestamp']; $expire = Registry::get('settings.Security.admin_password_expiration_period') * SECONDS_IN_DAY; if (!isset($auth['first_expire_check'])) { $auth['first_expire_check'] = true; } // We do not need to change the timestamp if this is an Ajax requests if (!defined('AJAX_REQUEST')) { $_SESSION['auth_timestamp'] = !isset($_SESSION['auth_timestamp']) ? 0 : ++$_SESSION['auth_timestamp']; } // Make user change the password if:
/** * Performs authentication of user * * @param array $request Query parameters * @param array $auth Authentication data * @return array Authentication status, user data, login, password and salt */ function fn_auth_routines($request, $auth) { $status = true; $user_login = !empty($request['user_login']) ? trim($request['user_login']) : ''; $password = !empty($request['password']) ? $request['password'] : ''; $field = 'email'; $condition = ''; if (fn_allowed_for('ULTIMATE')) { if (Registry::get('settings.Stores.share_users') == 'N' && AREA != 'A') { $condition = fn_get_company_condition('?:users.company_id'); } } /** * Selects user data * * @param array $request Query parameters * @param array $auth Authentication data * @param string $field SQL field to select user by * @param string $condition String containing SQL-query condition possibly prepended with a logical operator (AND or OR) * @param string $user_login Value to select user by */ fn_set_hook('auth_routines', $request, $auth, $field, $condition, $user_login); $user_data = db_get_row("SELECT * FROM ?:users WHERE {$field} = ?s" . $condition, $user_login); if (empty($user_data)) { $user_data = db_get_row("SELECT * FROM ?:users WHERE {$field} = ?s AND user_type IN ('A', 'V', 'P')", $user_login); } if (!empty($user_data)) { $user_data['usergroups'] = fn_get_user_usergroups($user_data['user_id']); } if (!empty($user_data) && (!fn_check_user_type_admin_area($user_data) && AREA == 'A' || !fn_check_user_type_access_rules($user_data))) { fn_set_notification('E', __('error'), __('error_area_access_denied')); $status = false; } if (!empty($user_data['status']) && $user_data['status'] == 'D') { fn_set_notification('E', __('error'), __('error_account_disabled')); $status = false; } $salt = isset($user_data['salt']) ? $user_data['salt'] : ''; return array($status, $user_data, $user_login, $password, $salt); }