/**
* Attempt to log the customer in to the store.
*
* @param boolean $silent Set to true to not show any error messages but return true or false depending on if the login was successful or not.
* @return boolean True if the login was successful.
*/
public function CheckLogin($silent=false)
{
if (isset($_POST['login_email']) && isset($_POST['login_pass'])) {
$email = $GLOBALS['ISC_CLASS_DB']->Quote($_POST['login_email']);
$query = sprintf("select customerid, salt, custpassword, customertoken, custimportpassword from [|PREFIX|]customers where custconemail='%s'", $email);
$result = $GLOBALS['ISC_CLASS_DB']->Query($query);
if ($row = $GLOBALS['ISC_CLASS_DB']->Fetch($result)) {
$customerid = $row['customerid'];
$plainText = $_POST['login_pass'];
if (!$this->verifyPassword($row, $plainText)) {
if ($row['custimportpassword'] != '') {
if (ValidImportPassword($plainText, $row['custimportpassword'])) {
// imported customer, convert password to isc version
$entity = new ISC_ENTITY_CUSTOMER();
$entity->updatePassword($customerid, $plainText);
} else {
unset($row['customerid']);
}
} else {
// normal user, password mismatch
unset($row['customerid']);
}
}
// Login was OK, set the token as a cookie
if (isset($row['customerid']) && $row['customerid'] != 0) {
return $this->LoginCustomer($row, $silent);
}
}
// Bad login credentials
if($silent == true) {
return false;
}
else {
$this->ShowLoginPage("BadLoginDetails", 1);
}
}
else {
ob_end_clean();
header(sprintf("Location: %s/login.php", $GLOBALS['ShopPath']));
die();
}
}
/**
* Attempt to log the customer in to the store.
*
* @param boolean Set to true to not show any error messages but return true or false depending on if the login was successful or not.
* @return boolean True if the login was successful.
*/
public function CheckLogin($silent = false)
{
if (isset($_POST['login_email']) && isset($_POST['login_pass'])) {
$email = $GLOBALS['ISC_CLASS_DB']->Quote($_POST['login_email']);
$pass = $GLOBALS['ISC_CLASS_DB']->Quote($_POST['login_pass']);
//zcs= add "status , fails"
$query = sprintf("select customerid, custpassword, customertoken, custimportpassword, status, fails from [|PREFIX|]customers where isguest = 0 AND custconemail='%s'", $GLOBALS['ISC_CLASS_DB']->Quote($email), $GLOBALS['ISC_CLASS_DB']->Quote($pass));
$result = $GLOBALS['ISC_CLASS_DB']->Query($query);
if ($row = $GLOBALS['ISC_CLASS_DB']->Fetch($result)) {
//zcs=>
if (intval($row['status']) == 0) {
//locked user
if (!$silent) {
$this->ShowLoginPage("LockedCustomer", 1);
}
return -1;
//FLAG: locked!
}
//<=zcs
// Was this an imported password?
if ($row['custimportpassword'] != '' && $row['custpassword'] != md5($_POST['login_pass'])) {
if (ValidImportPassword($_POST['login_pass'], $row['custimportpassword'])) {
// Valid login from an import password. We now store the Interspire Shopping Cart version of the password
$updated_customer = array("custpassword" => md5($_POST['login_pass']), "custimportpassword" => "");
$GLOBALS['ISC_CLASS_DB']->UpdateQuery("customers", $updated_customer, "customerid='" . $GLOBALS['ISC_CLASS_DB']->Quote($row['customerid']) . "'");
} else {
$this->doLoginFailed($row['customerid'], $row['fails']);
//zcs=increase fail times
unset($row['customerid']);
}
} else {
if ($row['custpassword'] != md5($_POST['login_pass'])) {
$this->doLoginFailed($row['customerid'], $row['fails']);
//zcs=increase fail times
unset($row['customerid']);
}
}
// Login was OK, set the token as a cookie
if (isset($row['customerid']) && $row['customerid'] != 0) {
//zcs=>clear last fails
if ($row['fails'] > 0) {
$this->clearFails($row['customerid']);
}
//<=zcs
return $this->LoginCustomer($row, $silent);
}
}
// Bad login credentials
if ($silent == true) {
return false;
} else {
$this->ShowLoginPage("BadLoginDetails", 1);
}
} else {
ob_end_clean();
header(sprintf("Location: %s/login.php", $GLOBALS['ShopPath']));
die;
}
}
