public function authProccessQuick($login, $password, $autologin)
{
$objResponse = new xajaxResponse();
$login = App::getModel('formprotection')->cropDangerousCode($login);
$password = App::getModel('formprotection')->cropDangerousCode($password);
$hash = new \PasswordHash\PasswordHash();
$sql = 'SELECT idclient,disable,password FROM client WHERE login = :login AND viewid=:viewid';
$stmt = Db::getInstance()->prepare($sql);
$stmt->bindValue('login', $hash->HashLogin($login));
$stmt->bindValue('viewid', Helper::getViewId());
$stmt->execute();
$rs = $stmt->fetch();
if ($rs) {
if ($rs['disable'] == 0) {
if ($hash->CheckPassword($password, $rs['password'])) {
$result = $rs['idclient'];
} else {
$result = 0;
}
} else {
$result = -1;
}
} else {
$result = 0;
}
if ($result > 0) {
if (isset($result)) {
App::getModel('clientlogin')->setAutologinKey($result);
}
Session::setActiveClientid($result);
$this->checkClientGroup();
$this->setLoginTime();
App::getModel('client')->saveClientData();
$misingCart = App::getModel('missingcart')->checkMissingCartForClient(Session::getActiveClientid());
if (is_array($misingCart) && $misingCart != 0) {
App::getModel('cart')->addProductsToCartFromMissingCart($misingCart);
App::getModel('missingcart')->cleanMissingCart(Session::getActiveClientid());
}
$objResponse->script("window.location.reload(false);");
} elseif ($result < 0) {
$message = _('TXT_BLOKED_USER');
$objResponse->assign("login-error", "innerHTML", $message);
$objResponse->script("\$('#login-error').show();");
} else {
$message = _('ERR_BAD_LOGIN_OR_PASSWORD');
$objResponse->assign("login-error", "innerHTML", $message);
$objResponse->script("\$('#login-error').show();");
}
return $objResponse;
}
public function checkUsers($login)
{
$hash = new \PasswordHash\PasswordHash();
$sql = 'SELECT iduser FROM user U
WHERE login = :login AND active = 1';
$stmt = Db::getInstance()->prepare($sql);
$stmt->bindValue('login', $hash->HashLogin($login));
$stmt->execute();
$rs = $stmt->fetch();
$id = 0;
if ($rs) {
$id = $rs['iduser'];
}
return $id;
}
public function authProccess($login)
{
$hash = new \PasswordHash\PasswordHash();
$sql = 'SELECT idclient, disable FROM client WHERE login = :login AND viewid = :viewid';
$stmt = Db::getInstance()->prepare($sql);
$stmt->bindValue('login', $hash->HashLogin($login));
$stmt->bindValue('viewid', Helper::getViewId());
$stmt->execute();
$rs = $stmt->fetch();
if ($rs) {
if ($rs['disable'] == 0) {
return $rs['idclient'];
} else {
return -1;
}
} else {
return 0;
}
}
protected function addOrder($Data)
{
Db::getInstance()->beginTransaction();
$email = $Data['email'];
$password = Core::passwordGenerate();
$hash = new \PasswordHash\PasswordHash();
$sql = 'SELECT idclient FROM client WHERE login = :login';
$stmt = Db::getInstance()->prepare($sql);
$stmt->bindValue('login', $hash->HashLogin($email));
$stmt->execute();
$rs = $stmt->fetch();
if ($rs) {
// Update
} else {
$sql = 'INSERT INTO client (login, password, disable, viewid)
VALUES (:login, :password, :disable, :viewid)';
$stmt = Db::getInstance()->prepare($sql);
$stmt->bindValue('login', $hash->HashLogin($email));
$stmt->bindValue('password', $hash->HashPassword($password));
$stmt->bindValue('disable', isset($Data['disable']) ? $Data['disable'] : 0);
$stmt->bindValue('viewid', Helper::getViewId());
try {
$stmt->execute();
} catch (Exception $e) {
throw new FrontendException($e->getMessage());
}
$idClient = Db::getInstance()->lastInsertId();
$sql = 'INSERT INTO clientdata SET
firstname = AES_ENCRYPT(:firstname, :encryptionKey),
surname = AES_ENCRYPT(:surname, :encryptionKey),
email = AES_ENCRYPT(:email, :encryptionKey),
phone = AES_ENCRYPT(:phone, :encryptionKey),
phone2 = AES_ENCRYPT(:phone2, :encryptionKey),
description = AES_ENCRYPT(:description, :encryptionKey),
clientgroupid = 10,
clientid = :clientid
';
$stmt = Db::getInstance()->prepare($sql);
$stmt->bindValue('clientid', $idClient);
$stmt->bindValue('firstname', $Data['firstname']);
$stmt->bindValue('surname', $Data['surname']);
$stmt->bindValue('email', $Data['email']);
$stmt->bindValue('phone', $Data['phone']);
$stmt->bindValue('phone2', !empty($Data['phone2']) ? $Data['phone2'] : '');
$stmt->bindValue('description', !empty($Data['description']) ? $Data['description'] : '');
$stmt->bindValue('encryptionKey', Session::getActiveEncryptionKeyValue());
try {
$stmt->execute();
} catch (Exception $e) {
throw new FrontendException($e->getMessage());
}
$sql = 'INSERT INTO clientaddress SET
clientid = :clientid,
main = :main,
firstname = AES_ENCRYPT(:firstname, :encryptionKey),
surname = AES_ENCRYPT(:surname, :encryptionKey),
companyname = AES_ENCRYPT(:companyname, :encryptionKey),
street = AES_ENCRYPT(:street, :encryptionKey),
streetno = AES_ENCRYPT(:streetno, :encryptionKey),
placeno = AES_ENCRYPT(:placeno, :encryptionKey),
postcode = AES_ENCRYPT(:postcode, :encryptionKey),
nip = AES_ENCRYPT(:nip, :encryptionKey),
placename = AES_ENCRYPT(:placename, :encryptionKey),
countryid = :countryid
ON DUPLICATE KEY UPDATE
firstname = AES_ENCRYPT(:firstname, :encryptionKey),
surname = AES_ENCRYPT(:surname, :encryptionKey),
companyname = AES_ENCRYPT(:companyname, :encryptionKey),
street = AES_ENCRYPT(:street, :encryptionKey),
streetno = AES_ENCRYPT(:streetno, :encryptionKey),
placeno = AES_ENCRYPT(:placeno, :encryptionKey),
postcode = AES_ENCRYPT(:postcode, :encryptionKey),
nip = AES_ENCRYPT(:nip, :encryptionKey),
placename = AES_ENCRYPT(:placename, :encryptionKey),
countryid = :countryid';
$stmt = Db::getInstance()->prepare($sql);
$stmt->bindValue('encryptionKey', Session::getActiveEncryptionKeyValue());
$stmt->bindValue('clientid', $idClient);
$stmt->bindValue('main', 1);
$stmt->bindValue('firstname', $Data['firstname']);
$stmt->bindValue('surname', $Data['surname']);
$stmt->bindValue('companyname', $Data['companyname']);
$stmt->bindValue('street', $Data['street']);
$stmt->bindValue('streetno', $Data['streetno']);
$stmt->bindValue('postcode', $Data['postcode']);
$stmt->bindValue('placeno', $Data['placeno']);
$stmt->bindValue('nip', $Data['nip']);
$stmt->bindValue('placename', $Data['placename']);
$stmt->bindValue('countryid', $this->getCountryByName($Data['country']));
try {
$stmt->execute();
} catch (Exception $e) {
throw new FrontendException($e->getMessage());
}
$sql = 'INSERT INTO clientaddress SET
clientid = :clientid,
main = :main,
firstname = AES_ENCRYPT(:firstname, :encryptionKey),
surname = AES_ENCRYPT(:surname, :encryptionKey),
companyname = AES_ENCRYPT(:companyname, :encryptionKey),
street = AES_ENCRYPT(:street, :encryptionKey),
streetno = AES_ENCRYPT(:streetno, :encryptionKey),
placeno = AES_ENCRYPT(:placeno, :encryptionKey),
postcode = AES_ENCRYPT(:postcode, :encryptionKey),
nip = AES_ENCRYPT(:nip, :encryptionKey),
placename = AES_ENCRYPT(:placename, :encryptionKey),
countryid = :countryid
ON DUPLICATE KEY UPDATE
firstname = AES_ENCRYPT(:firstname, :encryptionKey),
surname = AES_ENCRYPT(:surname, :encryptionKey),
companyname = AES_ENCRYPT(:companyname, :encryptionKey),
street = AES_ENCRYPT(:street, :encryptionKey),
streetno = AES_ENCRYPT(:streetno, :encryptionKey),
placeno = AES_ENCRYPT(:placeno, :encryptionKey),
postcode = AES_ENCRYPT(:postcode, :encryptionKey),
nip = AES_ENCRYPT(:nip, :encryptionKey),
placename = AES_ENCRYPT(:placename, :encryptionKey),
countryid = :countryid';
$stmt = Db::getInstance()->prepare($sql);
$stmt->bindValue('encryptionKey', Session::getActiveEncryptionKeyValue());
$stmt->bindValue('clientid', $idClient);
$stmt->bindValue('main', 0);
$stmt->bindValue('firstname', $Data['firstname']);
$stmt->bindValue('surname', $Data['surname']);
$stmt->bindValue('companyname', $Data['companyname']);
$stmt->bindValue('street', !empty($Data['street2']) ? $Data['street2'] : $Data['street']);
$stmt->bindValue('streetno', !empty($Data['streetno2']) ? $Data['streetno2'] : $Data['streetno']);
$stmt->bindValue('postcode', !empty($Data['postcode2']) ? $Data['postcode2'] : $Data['postcode']);
$stmt->bindValue('placeno', !empty($Data['placeno2']) ? $Data['placeno2'] : $Data['placeno']);
$stmt->bindValue('nip', $Data['nip']);
$stmt->bindValue('placename', !empty($Data['placename2']) ? $Data['placename2'] : $Data['placename']);
$stmt->bindValue('countryid', $this->getCountryByName(!empty($Data['country2']) ? $Data['country2'] : $Data['country']));
try {
$stmt->execute();
} catch (Exception $e) {
throw new FrontendException($e->getMessage());
}
}
Db::getInstance()->commit();
}
public function editClientActive($active, $id, $viewid, $login, $autoassign)
{
$hash = new \PasswordHash\PasswordHash();
$sql = 'UPDATE client SET
disable = :disable,
viewid = :viewid,
login = :login,
autoassign = :autoassign
WHERE idclient=:id';
$stmt = Db::getInstance()->prepare($sql);
$stmt->bindValue('disable', (int) $active);
$stmt->bindValue('viewid', $viewid);
$stmt->bindValue('autoassign', $autoassign);
$stmt->bindValue('id', $id);
$stmt->bindValue('login', $hash->HashLogin($login));
try {
$stmt->execute();
} catch (Exception $e) {
throw new CoreException(_('ERR_CLIENT_ACTIVE_UPDATE'), 1, $e->getMessage());
}
if ((int) $active == 1) {
$sql = 'DELETE FROM sessionhandler WHERE clientid = :id';
$stmt = Db::getInstance()->prepare($sql);
$stmt->bindValue('id', $id);
try {
$stmt->execute();
} catch (Exception $e) {
throw new CoreException(_('ERR_CLIENT_ACTIVE_UPDATE'), 1, $e->getMessage());
}
}
return true;
}
protected function addUser($email, $password, $active = 1)
{
if ($email == '') {
throw new CoreException(_('TXT_WRONG_EMAIL'), 1001, 'Email is blank -> mysql fix');
}
if ($password == NULL) {
$password = '******';
}
$hash = new \PasswordHash\PasswordHash();
$sql = 'INSERT INTO user SET
login = :login,
password = :password,
active = :active';
$stmt = Db::getInstance()->prepare($sql);
$stmt->bindValue('login', $hash->HashLogin($email));
$stmt->bindValue('password', $hash->HashPassword($password));
$stmt->bindValue('active', $active);
try {
$stmt->execute();
} catch (Exception $e) {
throw new CoreException(_('ERR_USER_ADD'), 20, $e->getMessage());
}
return Db::getInstance()->lastInsertId();
}
public function updateClientLogin($login)
{
if (isset($login) && !empty($login)) {
$hash = new \PasswordHash\PasswordHash();
$sql = 'UPDATE client SET login = :login WHERE idclient = :idclient';
$stmt = Db::getInstance()->prepare($sql);
$stmt->bindValue('login', $hash->HashLogin($login));
$stmt->bindValue('idclient', Session::getActiveClientid());
try {
$stmt->execute();
} catch (Exception $e) {
throw new FrontendException(_('ERR_LOGIN_CLIENT_UPDATE'), 18, $e->getMessage());
}
}
}
