function fn_auth_routines($request, $auth)
{
$status = true;
$user_login = !empty($request['user_login']) ? trim($request['user_login']) : '';
$password = !empty($request['password']) ? $request['password'] : '';
$field = 'email';
$condition = '';
if (fn_allowed_for('ULTIMATE')) {
if (Registry::get('settings.Stores.share_users') == 'N' && AREA != 'A') {
$condition = fn_get_company_condition('?:users.company_id');
}
}
$user_data = db_get_row("SELECT * FROM ?:users WHERE {$field} = ?s" . $condition, $user_login);
if (empty($user_data)) {
$user_data = db_get_row("SELECT * FROM ?:users WHERE {$field} = ?s AND user_type IN ('A', 'V', 'P')", $user_login);
}
if (!empty($user_data)) {
$user_data['usergroups'] = fn_get_user_usergroups($user_data['user_id']);
}
if (!empty($user_data) && (!fn_check_user_type_admin_area($user_data) && AREA == 'A' || !fn_check_user_type_access_rules($user_data))) {
fn_set_notification('E', __('error'), __('error_area_access_denied'));
$status = false;
}
if (!empty($user_data['status']) && $user_data['status'] == 'D') {
fn_set_notification('E', __('error'), __('error_account_disabled'));
$status = false;
}
$salt = isset($user_data['salt']) ? $user_data['salt'] : '';
return array($status, $user_data, $user_login, $password, $salt);
}
}
if (empty($auth['user_id']) && !fn_check_permissions(Registry::get('runtime.controller'), Registry::get('runtime.mode'), 'trusted_controllers')) {
if (Registry::get('runtime.controller') != 'index') {
fn_set_notification('E', __('access_denied'), __('error_not_logged'));
if (defined('AJAX_REQUEST')) {
// We should make redirect to page which triggered AJAX-request instead of the AJAX-requested one.
$login_form_url = 'auth.login_form';
if (isset($_SERVER['HTTP_REFERER']) && ($referer = @parse_url($_SERVER['HTTP_REFERER'])) && isset($referer['host'], $referer['query']) && $referer['host'] == Registry::get('config.current_host')) {
$login_form_url .= '?return_url=' . urlencode(fn_url_remove_service_params(Registry::get('config.admin_index') . '?' . $referer['query']));
}
Tygh::$app['ajax']->assign('force_redirection', fn_url($login_form_url));
exit;
}
}
return array(CONTROLLER_STATUS_REDIRECT, 'auth.login_form?return_url=' . urlencode(Registry::get('config.current_url')));
} elseif (!empty($auth['user_id']) && !fn_check_user_type_access_rules($auth)) {
fn_set_notification('E', __('error'), __('error_area_access_denied'));
return array(CONTROLLER_STATUS_DENIED);
} elseif (!empty($auth['user_id']) && !fn_check_permissions(Registry::get('runtime.controller'), Registry::get('runtime.mode'), 'trusted_controllers') && $_SERVER['REQUEST_METHOD'] != 'POST') {
// PCI DSS Compliance
$auth['password_change_timestamp'] = !empty($auth['password_change_timestamp']) ? $auth['password_change_timestamp'] : 0;
$time_diff = TIME - $auth['password_change_timestamp'];
$expire = Registry::get('settings.Security.admin_password_expiration_period') * SECONDS_IN_DAY;
if (!isset($auth['first_expire_check'])) {
$auth['first_expire_check'] = true;
}
// We do not need to change the timestamp if this is an Ajax requests
if (!defined('AJAX_REQUEST')) {
$_SESSION['auth_timestamp'] = !isset($_SESSION['auth_timestamp']) ? 0 : ++$_SESSION['auth_timestamp'];
}
// Make user change the password if:
/**
* Performs authentication of user
*
* @param array $request Query parameters
* @param array $auth Authentication data
* @return array Authentication status, user data, login, password and salt
*/
function fn_auth_routines($request, $auth)
{
$status = true;
$user_login = !empty($request['user_login']) ? trim($request['user_login']) : '';
$password = !empty($request['password']) ? $request['password'] : '';
$field = 'email';
$condition = '';
if (fn_allowed_for('ULTIMATE')) {
if (Registry::get('settings.Stores.share_users') == 'N' && AREA != 'A') {
$condition = fn_get_company_condition('?:users.company_id');
}
}
/**
* Selects user data
*
* @param array $request Query parameters
* @param array $auth Authentication data
* @param string $field SQL field to select user by
* @param string $condition String containing SQL-query condition possibly prepended with a logical operator (AND or OR)
* @param string $user_login Value to select user by
*/
fn_set_hook('auth_routines', $request, $auth, $field, $condition, $user_login);
$user_data = db_get_row("SELECT * FROM ?:users WHERE {$field} = ?s" . $condition, $user_login);
if (empty($user_data)) {
$user_data = db_get_row("SELECT * FROM ?:users WHERE {$field} = ?s AND user_type IN ('A', 'V', 'P')", $user_login);
}
if (!empty($user_data)) {
$user_data['usergroups'] = fn_get_user_usergroups($user_data['user_id']);
}
if (!empty($user_data) && (!fn_check_user_type_admin_area($user_data) && AREA == 'A' || !fn_check_user_type_access_rules($user_data))) {
fn_set_notification('E', __('error'), __('error_area_access_denied'));
$status = false;
}
if (!empty($user_data['status']) && $user_data['status'] == 'D') {
fn_set_notification('E', __('error'), __('error_account_disabled'));
$status = false;
}
$salt = isset($user_data['salt']) ? $user_data['salt'] : '';
return array($status, $user_data, $user_login, $password, $salt);
}
