public function login($login_name, $password, $override = false) { $type = getLoginType($login_name); //email or telephone or username if (!$type) { return false; } if ($override) { $customer_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE `" . $type . "` = '" . $this->db->escape($login_name) . "' AND status = '1'"); } else { //$customer_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE `" . $type . "` = '" . $this->db->escape($login_name) . "' AND (password = SHA1(CONCAT(salt, SHA1(CONCAT(salt, SHA1('" . $this->db->escape($password) . "'))))) OR password = '******') AND status = '1' AND approved = '1'"); $customer_query = $customer_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE `" . $type . "` = '" . $this->db->escape($login_name) . "' AND `" . $type . "` <>'' AND status = '1'"); if ($customer_query->num_rows > 0) { $data = array(); $data['username'] = $customer_query->row['username']; $data['salt'] = $customer_query->row['salt']; $data['date_added'] = $customer_query->row['date_added']; $data['password'] = $password; $password_md5 = user_password($data); $customer_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE `" . $type . "` = '" . $this->db->escape(utf8_strtolower($login_name)) . "' AND password = '******' AND status = '1' AND approved = '1'"); } } if ($customer_query->num_rows) { $this->session->data['customer_id'] = $customer_query->row['customer_id']; if ($customer_query->row['cart'] && is_string($customer_query->row['cart'])) { $cart = unserialize($customer_query->row['cart']); foreach ($cart as $key => $value) { if (!array_key_exists($key, $this->session->data['cart'])) { $this->session->data['cart'][$key] = $value; } else { $this->session->data['cart'][$key] += $value; } } } if ($customer_query->row['wishlist'] && is_string($customer_query->row['wishlist'])) { if (!isset($this->session->data['wishlist'])) { $this->session->data['wishlist'] = array(); } $wishlist = unserialize($customer_query->row['wishlist']); foreach ($wishlist as $product_id) { if (!in_array($product_id, $this->session->data['wishlist'])) { $this->session->data['wishlist'][] = $product_id; } } } $this->customer_id = $customer_query->row['customer_id']; $this->username = $customer_query->row['username']; $this->fullname = $customer_query->row['fullname']; $this->email = $customer_query->row['email']; $this->telephone = $customer_query->row['telephone']; $this->fax = $customer_query->row['fax']; $this->newsletter = $customer_query->row['newsletter']; $this->customer_group_id = $customer_query->row['customer_group_id']; $this->address_id = $customer_query->row['address_id']; $this->db->query("UPDATE " . DB_PREFIX . "customer SET ip = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "' WHERE customer_id = '" . (int) $this->customer_id . "'"); return true; } else { return false; } }
public function getCustomerByLoginName($login_name) { $type = getLoginType($login_name); //email or telephone or username if (!$type) { return false; } $query = $this->db->query("SELECT * FROM " . DB_PREFIX . "customer WHERE `" . $type . "` = '" . $this->db->escape($login_name) . "'"); return $query->row; }