function xos_validate_password($plain, $encrypted)
{
if (xos_not_null($plain) && xos_not_null($encrypted)) {
if (xos_password_type($encrypted) == 'salt') {
return xos_validate_old_password($plain, $encrypted);
}
if (!class_exists('PasswordHash')) {
include DIR_WS_CLASSES . 'passwordhash.php';
}
$hasher = new PasswordHash(10, true);
return $hasher->CheckPassword($plain, $encrypted);
}
return false;
}
$actionRecorder = new actionRecorderAdmin('ar_admin_login', null, $email_address);
if ($actionRecorder->canPerform() || !$actionRecorder->check()) {
// Check if email exists
$check_admin_query = xos_db_query("select admin_id as login_id, admin_groups_id as login_groups_id, admin_firstname as login_firstname, admin_email_address as login_email_address, admin_password as login_password, admin_modified as login_modified, admin_logdate as login_logdate, admin_lognum as login_lognum from " . TABLE_ADMIN . " where admin_email_address = '" . xos_db_input($email_address) . "'");
if (!xos_db_num_rows($check_admin_query)) {
$login_error = 'incorrect_values';
$actionRecorder->record(false);
} else {
$check_admin = xos_db_fetch_array($check_admin_query);
// Check that password is good
if (!xos_validate_password($password, $check_admin['login_password'])) {
$login_error = 'incorrect_values';
$actionRecorder->record(false);
} else {
// migrate old hashed password to new phpass password
if (xos_password_type($check_admin['login_password']) != 'phpass') {
xos_db_query("update " . TABLE_ADMIN . " set admin_password = '******' where admin_id = '" . (int) $check_admin['login_id'] . "'");
}
if (isset($_SESSION['password_forgotten'])) {
unset($_SESSION['password_forgotten']);
}
$login_email_address = $check_admin['login_email_address'];
$login_logdate = $check_admin['login_logdate'];
$login_lognum = $check_admin['login_lognum'];
$login_modified = $check_admin['login_modified'];
$_SESSION['login_id'] = $check_admin['login_id'];
$_SESSION['login_groups_id'] = $check_admin['login_groups_id'];
$_SESSION['login_firstname'] = $check_admin['login_firstname'];
$actionRecorder->_user_id = $check_admin['login_id'];
$actionRecorder->record();
//$date_now = date('Ymd');
$password = xos_db_prepare_input($_POST['password']);
// Check if email exists
$check_customer_query = xos_db_query("select customers_id, customers_gender, customers_firstname, customers_lastname, customers_group_id, customers_password, customers_email_address, customers_default_address_id from " . TABLE_CUSTOMERS . " where customers_email_address = '" . xos_db_input($email_address) . "'");
if (!xos_db_num_rows($check_customer_query)) {
$error = true;
} else {
$check_customer = xos_db_fetch_array($check_customer_query);
// Check that password is good
if (!xos_validate_password($password, $check_customer['customers_password'])) {
$error = true;
} else {
if (SESSION_RECREATE == 'true') {
xos_session_recreate();
}
// migrate old hashed password to new phpass password
if (xos_password_type($check_customer['customers_password']) != 'phpass') {
xos_db_query("update " . TABLE_CUSTOMERS . " set customers_password = '******' where customers_id = '" . (int) $check_customer['customers_id'] . "'");
}
// note that tax rates depend on your registered address!
if ($_GET['skip'] != 'true' && $_POST['email_address'] == SPPC_TOGGLE_LOGIN_PASSWORD) {
$existing_customers_query = xos_db_query("select customers_group_id, customers_group_name from " . TABLE_CUSTOMERS_GROUPS . " order by customers_group_id ");
while ($existing_customers = xos_db_fetch_array($existing_customers_query)) {
$existing_customers_array[] = array("id" => $existing_customers['customers_group_id'], "text" => " " . $existing_customers['customers_group_name'] . " ");
}
$smarty->assign(array('sppc_toggle_login' => true, 'customers_groups_pull_down_menu' => xos_draw_pull_down_menu('new_customers_group_id', $existing_customers_array, $check_customer['customers_group_id'], 'class="form-control" id="new_customers_group_id"'), 'hidden_field_email_address' => xos_draw_hidden_field('email_address', $_POST['email_address']), 'hidden_field_password' => xos_draw_hidden_field('password', $_POST['password'])));
} else {
$check_country_query = xos_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int) $check_customer['customers_id'] . "' and address_book_id = '" . (int) $check_customer['customers_default_address_id'] . "'");
$check_country = xos_db_fetch_array($check_country_query);
if ($_GET['skip'] == 'true' && $_POST['email_address'] == SPPC_TOGGLE_LOGIN_PASSWORD && isset($_POST['new_customers_group_id'])) {
$sppc_customer_group_id = $_POST['new_customers_group_id'];
$check_customer_group = xos_db_query("select customers_group_discount, customers_group_show_tax, customers_group_tax_exempt from " . TABLE_CUSTOMERS_GROUPS . " where customers_group_id = '" . (int) $_POST['new_customers_group_id'] . "'");
