function execute() { global $login_customer_id, $messageStack, $oscTemplate; $OSCOM_Db = Registry::get('Db'); $error = false; if (isset($_GET['action']) && $_GET['action'] == 'process' && isset($_POST['formid']) && $_POST['formid'] == $_SESSION['sessiontoken']) { $email_address = HTML::sanitize($_POST['email_address']); $password = HTML::sanitize($_POST['password']); // Check if email exists $Qcustomer = $OSCOM_Db->get('customers', ['customers_id', 'customers_password'], ['customers_email_address' => $email_address], null, 1); if ($Qcustomer->fetch() === false) { $error = true; } else { // Check that password is good if (!Hash::verify($password, $Qcustomer->value('customers_password'))) { $error = true; } else { // set $login_customer_id globally and perform post login code in catalog/login.php $login_customer_id = $Qcustomer->valueInt('customers_id'); // migrate old hashed password to new php password_hash if (Hash::needsRehash($Qcustomer->value('customers_password'))) { $OSCOM_Db->save('customers', ['customers_password' => Hash::encrypt($password)], ['customers_id' => $login_customer_id]); } } } } if ($error == true) { $messageStack->add('login', OSCOM::getDef('module_content_login_text_login_error')); } ob_start(); include 'includes/modules/content/' . $this->group . '/templates/login_form.php'; $template = ob_get_clean(); $oscTemplate->addContent($template, $this->group); }
$password_current = HTML::sanitize($_POST['password_current']); $password_new = HTML::sanitize($_POST['password_new']); $password_confirmation = HTML::sanitize($_POST['password_confirmation']); $error = false; if (strlen($password_new) < ENTRY_PASSWORD_MIN_LENGTH) { $error = true; $messageStack->add('account_password', OSCOM::getDef('entry_password_new_error', ['min_length' => ENTRY_PASSWORD_MIN_LENGTH])); } elseif ($password_new != $password_confirmation) { $error = true; $messageStack->add('account_password', OSCOM::getDef('entry_password_new_error_not_matching')); } if ($error == false) { $Qcheck = $OSCOM_Db->prepare('select customers_password from :table_customers where customers_id = :customers_id'); $Qcheck->bindInt(':customers_id', $_SESSION['customer_id']); $Qcheck->execute(); if (Hash::verify($password_current, $Qcheck->value('customers_password'))) { $OSCOM_Db->save('customers', ['customers_password' => Hash::encrypt($password_new)], ['customers_id' => (int) $_SESSION['customer_id']]); $OSCOM_Db->save('customers_info', ['customers_info_date_account_last_modified' => 'now()'], ['customers_info_id' => (int) $_SESSION['customer_id']]); $messageStack->add_session('account', OSCOM::getDef('success_password_updated'), 'success'); OSCOM::redirect('account.php'); } else { $error = true; $messageStack->add('account_password', OSCOM::getDef('error_current_password_not_matching')); } } } $breadcrumb->add(OSCOM::getDef('navbar_title_1'), OSCOM::link('account.php')); $breadcrumb->add(OSCOM::getDef('navbar_title_2'), OSCOM::link('account_password.php')); require $oscTemplate->getFile('template_top.php'); ?>
} if (tep_not_null($action)) { switch ($action) { case 'process': if (isset($_SESSION['redirect_origin']) && isset($_SESSION['redirect_origin']['auth_user']) && !isset($_POST['username'])) { $username = HTML::sanitize($_SESSION['redirect_origin']['auth_user']); $password = HTML::sanitize($_SESSION['redirect_origin']['auth_pw']); } else { $username = HTML::sanitize($_POST['username']); $password = HTML::sanitize($_POST['password']); } $actionRecorder = new actionRecorderAdmin('ar_admin_login', null, $username); if ($actionRecorder->canPerform()) { $Qadmin = $OSCOM_Db->get('administrators', ['id', 'user_name', 'user_password'], ['user_name' => $username]); if ($Qadmin->fetch() !== false) { if (Hash::verify($password, $Qadmin->value('user_password'))) { // migrate old hashed password to new php password_hash if (Hash::needsRehash($Qadmin->value('user_password'))) { $OSCOM_Db->save('administrators', ['user_password' => Hash::encrypt($password)], ['id' => $Qadmin->valueInt('id')]); } $_SESSION['admin'] = ['id' => $Qadmin->valueInt('id'), 'username' => $Qadmin->value('user_name')]; $actionRecorder->_user_id = $_SESSION['admin']['id']; $actionRecorder->record(); if (isset($_SESSION['redirect_origin'])) { $page = $_SESSION['redirect_origin']['page']; $get_string = http_build_query($_SESSION['redirect_origin']['get']); unset($_SESSION['redirect_origin']); OSCOM::redirect($page, $get_string); } else { OSCOM::redirect(FILENAME_DEFAULT); }