function xos_validate_password($plain, $encrypted) { if (xos_not_null($plain) && xos_not_null($encrypted)) { if (xos_password_type($encrypted) == 'salt') { return xos_validate_old_password($plain, $encrypted); } if (!class_exists('PasswordHash')) { include DIR_WS_CLASSES . 'passwordhash.php'; } $hasher = new PasswordHash(10, true); return $hasher->CheckPassword($plain, $encrypted); } return false; }
$actionRecorder = new actionRecorderAdmin('ar_admin_login', null, $email_address); if ($actionRecorder->canPerform() || !$actionRecorder->check()) { // Check if email exists $check_admin_query = xos_db_query("select admin_id as login_id, admin_groups_id as login_groups_id, admin_firstname as login_firstname, admin_email_address as login_email_address, admin_password as login_password, admin_modified as login_modified, admin_logdate as login_logdate, admin_lognum as login_lognum from " . TABLE_ADMIN . " where admin_email_address = '" . xos_db_input($email_address) . "'"); if (!xos_db_num_rows($check_admin_query)) { $login_error = 'incorrect_values'; $actionRecorder->record(false); } else { $check_admin = xos_db_fetch_array($check_admin_query); // Check that password is good if (!xos_validate_password($password, $check_admin['login_password'])) { $login_error = 'incorrect_values'; $actionRecorder->record(false); } else { // migrate old hashed password to new phpass password if (xos_password_type($check_admin['login_password']) != 'phpass') { xos_db_query("update " . TABLE_ADMIN . " set admin_password = '******' where admin_id = '" . (int) $check_admin['login_id'] . "'"); } if (isset($_SESSION['password_forgotten'])) { unset($_SESSION['password_forgotten']); } $login_email_address = $check_admin['login_email_address']; $login_logdate = $check_admin['login_logdate']; $login_lognum = $check_admin['login_lognum']; $login_modified = $check_admin['login_modified']; $_SESSION['login_id'] = $check_admin['login_id']; $_SESSION['login_groups_id'] = $check_admin['login_groups_id']; $_SESSION['login_firstname'] = $check_admin['login_firstname']; $actionRecorder->_user_id = $check_admin['login_id']; $actionRecorder->record(); //$date_now = date('Ymd');
$password = xos_db_prepare_input($_POST['password']); // Check if email exists $check_customer_query = xos_db_query("select customers_id, customers_gender, customers_firstname, customers_lastname, customers_group_id, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . xos_db_input($email_address) . "'"); if (!xos_db_num_rows($check_customer_query)) { $error = true; } else { $check_customer = xos_db_fetch_array($check_customer_query); // Check that password is good if (!xos_validate_password($password, $check_customer['customers_password'])) { $error = true; } else { if (SESSION_RECREATE == 'true') { xos_session_recreate(); } // migrate old hashed password to new phpass password if (xos_password_type($check_customer['customers_password']) != 'phpass') { xos_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $check_customer['customers_id'] . "'"); } // note that tax rates depend on your registered address! if ($_GET['skip'] != 'true' && $_POST['email_address'] == SPPC_TOGGLE_LOGIN_PASSWORD) { $existing_customers_query = xos_db_query("select customers_group_id, customers_group_name from " . TABLE_CUSTOMERS_GROUPS . " order by customers_group_id "); while ($existing_customers = xos_db_fetch_array($existing_customers_query)) { $existing_customers_array[] = array("id" => $existing_customers['customers_group_id'], "text" => " " . $existing_customers['customers_group_name'] . " "); } $smarty->assign(array('sppc_toggle_login' => true, 'customers_groups_pull_down_menu' => xos_draw_pull_down_menu('new_customers_group_id', $existing_customers_array, $check_customer['customers_group_id'], 'class="form-control" id="new_customers_group_id"'), 'hidden_field_email_address' => xos_draw_hidden_field('email_address', $_POST['email_address']), 'hidden_field_password' => xos_draw_hidden_field('password', $_POST['password']))); } else { $check_country_query = xos_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "'"); $check_country = xos_db_fetch_array($check_country_query); if ($_GET['skip'] == 'true' && $_POST['email_address'] == SPPC_TOGGLE_LOGIN_PASSWORD && isset($_POST['new_customers_group_id'])) { $sppc_customer_group_id = $_POST['new_customers_group_id']; $check_customer_group = xos_db_query("select customers_group_discount, customers_group_show_tax, customers_group_tax_exempt from " . TABLE_CUSTOMERS_GROUPS . " where customers_group_id = '" . (int) $_POST['new_customers_group_id'] . "'");