/** * Attempt to log the customer in to the store. * * @param boolean $silent Set to true to not show any error messages but return true or false depending on if the login was successful or not. * @return boolean True if the login was successful. */ public function CheckLogin($silent=false) { if (isset($_POST['login_email']) && isset($_POST['login_pass'])) { $email = $GLOBALS['ISC_CLASS_DB']->Quote($_POST['login_email']); $query = sprintf("select customerid, salt, custpassword, customertoken, custimportpassword from [|PREFIX|]customers where custconemail='%s'", $email); $result = $GLOBALS['ISC_CLASS_DB']->Query($query); if ($row = $GLOBALS['ISC_CLASS_DB']->Fetch($result)) { $customerid = $row['customerid']; $plainText = $_POST['login_pass']; if (!$this->verifyPassword($row, $plainText)) { if ($row['custimportpassword'] != '') { if (ValidImportPassword($plainText, $row['custimportpassword'])) { // imported customer, convert password to isc version $entity = new ISC_ENTITY_CUSTOMER(); $entity->updatePassword($customerid, $plainText); } else { unset($row['customerid']); } } else { // normal user, password mismatch unset($row['customerid']); } } // Login was OK, set the token as a cookie if (isset($row['customerid']) && $row['customerid'] != 0) { return $this->LoginCustomer($row, $silent); } } // Bad login credentials if($silent == true) { return false; } else { $this->ShowLoginPage("BadLoginDetails", 1); } } else { ob_end_clean(); header(sprintf("Location: %s/login.php", $GLOBALS['ShopPath'])); die(); } }
/** * Attempt to log the customer in to the store. * * @param boolean Set to true to not show any error messages but return true or false depending on if the login was successful or not. * @return boolean True if the login was successful. */ public function CheckLogin($silent = false) { if (isset($_POST['login_email']) && isset($_POST['login_pass'])) { $email = $GLOBALS['ISC_CLASS_DB']->Quote($_POST['login_email']); $pass = $GLOBALS['ISC_CLASS_DB']->Quote($_POST['login_pass']); //zcs= add "status , fails" $query = sprintf("select customerid, custpassword, customertoken, custimportpassword, status, fails from [|PREFIX|]customers where isguest = 0 AND custconemail='%s'", $GLOBALS['ISC_CLASS_DB']->Quote($email), $GLOBALS['ISC_CLASS_DB']->Quote($pass)); $result = $GLOBALS['ISC_CLASS_DB']->Query($query); if ($row = $GLOBALS['ISC_CLASS_DB']->Fetch($result)) { //zcs=> if (intval($row['status']) == 0) { //locked user if (!$silent) { $this->ShowLoginPage("LockedCustomer", 1); } return -1; //FLAG: locked! } //<=zcs // Was this an imported password? if ($row['custimportpassword'] != '' && $row['custpassword'] != md5($_POST['login_pass'])) { if (ValidImportPassword($_POST['login_pass'], $row['custimportpassword'])) { // Valid login from an import password. We now store the Interspire Shopping Cart version of the password $updated_customer = array("custpassword" => md5($_POST['login_pass']), "custimportpassword" => ""); $GLOBALS['ISC_CLASS_DB']->UpdateQuery("customers", $updated_customer, "customerid='" . $GLOBALS['ISC_CLASS_DB']->Quote($row['customerid']) . "'"); } else { $this->doLoginFailed($row['customerid'], $row['fails']); //zcs=increase fail times unset($row['customerid']); } } else { if ($row['custpassword'] != md5($_POST['login_pass'])) { $this->doLoginFailed($row['customerid'], $row['fails']); //zcs=increase fail times unset($row['customerid']); } } // Login was OK, set the token as a cookie if (isset($row['customerid']) && $row['customerid'] != 0) { //zcs=>clear last fails if ($row['fails'] > 0) { $this->clearFails($row['customerid']); } //<=zcs return $this->LoginCustomer($row, $silent); } } // Bad login credentials if ($silent == true) { return false; } else { $this->ShowLoginPage("BadLoginDetails", 1); } } else { ob_end_clean(); header(sprintf("Location: %s/login.php", $GLOBALS['ShopPath'])); die; } }