if (fn_allowed_for('MULTIVENDOR')) { if ($user_data['user_type'] == 'V') { $area = $area == 'A' ? 'V' : $area; } } $sess_data = array('auth' => fn_fill_auth($user_data, array(), true, $area), 'last_status' => empty($_SESSION['last_status']) ? '' : $_SESSION['last_status']); if (Registry::get('settings.General.store_mode') == 'Y') { $sess_data['store_access_key'] = Registry::get('settings.General.store_access_key'); } $areas = array('A' => 'admin', 'V' => 'vendor', 'C' => 'customer'); fn_init_user_session_data($sess_data, $_REQUEST['user_id'], true); $old_sess_id = Session::getId(); $redirect_url = !empty($_REQUEST['redirect_url']) ? $_REQUEST['redirect_url'] : ''; if ($area != 'C') { Session::setName($areas[$area]); $sess_id = Session::regenerateId(); Session::save($sess_id, $sess_data, $area); Session::setName(ACCOUNT_TYPE); Session::setId($old_sess_id, false); } else { // Save unique key for session $key = fn_crc32(microtime()) . fn_crc32(microtime() + 1); fn_set_storage_data('session_' . $key . '_data', serialize($sess_data)); if (fn_allowed_for('ULTIMATE')) { $company_id_in_url = fn_get_company_id_from_uri($redirect_url); if (Registry::get('runtime.company_id') || !empty($user_data['company_id']) || Registry::get('runtime.simple_ultimate') || !empty($company_id_in_url)) { // Redirect to the personal frontend $company_id = !empty($user_data['company_id']) ? $user_data['company_id'] : Registry::get('runtime.company_id'); if (!$company_id && Registry::get('runtime.simple_ultimate')) { $company_id = fn_get_default_company_id(); } elseif (!$company_id) {
list($status, $user_data, $user_login, $password, $salt) = fn_auth_routines($_REQUEST, $auth); if (!empty($_REQUEST['redirect_url'])) { $redirect_url = $_REQUEST['redirect_url']; } else { $redirect_url = fn_url('auth.login' . !empty($_REQUEST['return_url']) ? '?return_url=' . $_REQUEST['return_url'] : ''); } if ($status === false) { fn_save_post_data('user_login'); return array(CONTROLLER_STATUS_REDIRECT, $redirect_url); } // // Success login // if (!empty($user_data) && !empty($password) && fn_generate_salted_password($password, $salt) == $user_data['password']) { // Regenerate session_id for security reasons Session::regenerateId(); // // If customer placed orders before login, assign these orders to this account // if (!empty($auth['order_ids'])) { foreach ($auth['order_ids'] as $k => $v) { db_query("UPDATE ?:orders SET ?u WHERE order_id = ?i", array('user_id' => $user_data['user_id']), $v); } } fn_login_user($user_data['user_id']); Helpdesk::auth(); // Set system notifications if (Registry::get('config.demo_mode') != true && AREA == 'A') { // If username equals to the password if (!fn_is_development() && fn_compare_login_password($user_data, $password)) { $lang_var = 'warning_insecure_password_email';
/** * @param array $auth */ function fn_user_logout($auth) { // Regenerate session_id for security reasons fn_save_cart_content($_SESSION['cart'], $auth['user_id']); Session::regenerateId(); fn_init_user(); $auth = $_SESSION['auth']; if (!empty($auth['user_id'])) { fn_log_user_logout($auth); } unset($_SESSION['auth']); fn_clear_cart($_SESSION['cart'], false, true); fn_delete_session_data(AREA . '_user_id', AREA . '_password'); unset($_SESSION['product_notifications']); fn_login_user(); // need to fill $_SESSION['auth'] array for anonymous user }