/** * Performs the user authorization: * fills session parameters; * remembers auth; * spreads auth through sites */ function Authorize($id, $bSave = false, $bUpdate = true, $applicationId = null) { /** @global CMain $APPLICATION */ global $DB, $APPLICATION; unset($_SESSION["SESS_OPERATIONS"]); unset($_SESSION["MODULE_PERMISSIONS"]); $_SESSION["BX_LOGIN_NEED_CAPTCHA"] = false; $strSql = "SELECT U.* " . "FROM b_user U " . "WHERE U.ID='" . intval($id) . "' "; $result = $DB->Query($strSql, false, "FILE: " . __FILE__ . "<br> LINE: " . __LINE__); if ($arUser = $result->Fetch()) { $this->justAuthorized = true; $_SESSION["SESS_AUTH"]["AUTHORIZED"] = "Y"; $_SESSION["SESS_AUTH"]["USER_ID"] = $arUser["ID"]; $_SESSION["SESS_AUTH"]["LOGIN"] = $arUser["LOGIN"]; $_SESSION["SESS_AUTH"]["LOGIN_COOKIES"] = $arUser["LOGIN"]; $_SESSION["SESS_AUTH"]["EMAIL"] = $arUser["EMAIL"]; $_SESSION["SESS_AUTH"]["PASSWORD_HASH"] = $arUser["PASSWORD"]; $_SESSION["SESS_AUTH"]["TITLE"] = $arUser["TITLE"]; $_SESSION["SESS_AUTH"]["NAME"] = $arUser["NAME"] . ($arUser["NAME"] == '' || $arUser["LAST_NAME"] == '' ? "" : " ") . $arUser["LAST_NAME"]; $_SESSION["SESS_AUTH"]["FIRST_NAME"] = $arUser["NAME"]; $_SESSION["SESS_AUTH"]["SECOND_NAME"] = $arUser["SECOND_NAME"]; $_SESSION["SESS_AUTH"]["LAST_NAME"] = $arUser["LAST_NAME"]; $_SESSION["SESS_AUTH"]["PERSONAL_PHOTO"] = $arUser["PERSONAL_PHOTO"]; $_SESSION["SESS_AUTH"]["PERSONAL_GENDER"] = $arUser["PERSONAL_GENDER"]; $_SESSION["SESS_AUTH"]["ADMIN"] = false; $_SESSION["SESS_AUTH"]["CONTROLLER_ADMIN"] = false; $_SESSION["SESS_AUTH"]["POLICY"] = CUser::GetGroupPolicy($arUser["ID"]); $_SESSION["SESS_AUTH"]["AUTO_TIME_ZONE"] = trim($arUser["AUTO_TIME_ZONE"]); $_SESSION["SESS_AUTH"]["TIME_ZONE"] = $arUser["TIME_ZONE"]; $_SESSION["SESS_AUTH"]["APPLICATION_ID"] = $applicationId; $_SESSION["SESS_AUTH"]["BX_USER_ID"] = $arUser["BX_USER_ID"]; // groups $_SESSION["SESS_AUTH"]["GROUPS"] = Main\UserTable::getUserGroupIds($arUser["ID"]); foreach ($_SESSION["SESS_AUTH"]["GROUPS"] as $groupId) { if ($groupId == 1) { $_SESSION["SESS_AUTH"]["ADMIN"] = true; break; } } //sometimes we don't need to update db (REST) if ($bUpdate) { $tz = ''; if (CTimeZone::Enabled()) { if (!CTimeZone::IsAutoTimeZone(trim($arUser["AUTO_TIME_ZONE"])) || CTimeZone::GetCookieValue() !== null) { $tz = ', TIME_ZONE_OFFSET = ' . CTimeZone::GetOffset(); } } $bxUid = ''; if (!empty($_COOKIE['BX_USER_ID']) && preg_match('/^[0-9a-f]{32}$/', $_COOKIE['BX_USER_ID'])) { if ($_COOKIE['BX_USER_ID'] != $arUser['BX_USER_ID']) { // save new bxuid value $bxUid = ", BX_USER_ID = '" . $_COOKIE['BX_USER_ID'] . "'"; $arUser['BX_USER_ID'] = $_COOKIE['BX_USER_ID']; $_SESSION["SESS_AUTH"]["BX_USER_ID"] = $_COOKIE['BX_USER_ID']; } } $DB->Query("\n\t\t\t\t\tUPDATE b_user SET\n\t\t\t\t\t\tSTORED_HASH = NULL,\n\t\t\t\t\t\tLAST_LOGIN = "******",\n\t\t\t\t\t\tTIMESTAMP_X = TIMESTAMP_X,\n\t\t\t\t\t\tLOGIN_ATTEMPTS = 0\n\t\t\t\t\t\t" . $tz . "\n\t\t\t\t\t\t" . $bxUid . "\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tID=" . $arUser["ID"]); if ($applicationId === null && ($bSave || COption::GetOptionString("main", "auth_multisite", "N") == "Y")) { $hash = $this->GetSessionHash(); $secure = COption::GetOptionString("main", "use_secure_password_cookies", "N") == "Y" && CMain::IsHTTPS(); if ($bSave) { $period = time() + 60 * 60 * 24 * 30 * 60; $spread = BX_SPREAD_SITES | BX_SPREAD_DOMAIN; } else { $period = 0; $spread = BX_SPREAD_SITES; } $APPLICATION->set_cookie("UIDH", $hash, $period, '/', false, $secure, $spread, false, true); $APPLICATION->set_cookie("UIDL", $arUser["LOGIN"], $period, '/', false, $secure, $spread, false, true); $stored_id = CUser::CheckStoredHash($arUser["ID"], $hash); if ($stored_id) { $DB->Query("UPDATE b_user_stored_auth SET\n\t\t\t\t\t\t\t\tLAST_AUTH=" . $DB->CurrentTimeFunction() . ",\n\t\t\t\t\t\t\t\t" . ($this->bLoginByHash ? "" : "TEMP_HASH='" . ($bSave ? "N" : "Y") . "', ") . "\n\t\t\t\t\t\t\t\tIP_ADDR='" . sprintf("%u", ip2long($_SERVER["REMOTE_ADDR"])) . "'\n\t\t\t\t\t\t\tWHERE ID=" . $stored_id); } else { $arFields = array('USER_ID' => $arUser["ID"], '~DATE_REG' => $DB->CurrentTimeFunction(), '~LAST_AUTH' => $DB->CurrentTimeFunction(), 'TEMP_HASH' => $bSave ? "N" : "Y", '~IP_ADDR' => sprintf("%u", ip2long($_SERVER["REMOTE_ADDR"])), 'STORED_HASH' => $hash); $stored_id = CDatabase::Add("b_user_stored_auth", $arFields); } $_SESSION["SESS_AUTH"]["STORED_AUTH_ID"] = $stored_id; } } $this->admin = null; $arParams = array("user_fields" => $arUser, "save" => $bSave, "update" => $bUpdate, "applicationId" => $applicationId); foreach (GetModuleEvents("main", "OnAfterUserAuthorize", true) as $arEvent) { ExecuteModuleEventEx($arEvent, array($arParams)); } foreach (GetModuleEvents("main", "OnUserLogin", true) as $arEvent) { ExecuteModuleEventEx($arEvent, array($_SESSION["SESS_AUTH"]["USER_ID"])); } if (COption::GetOptionString("main", "event_log_login_success", "N") === "Y") { CEventLog::Log("SECURITY", "USER_AUTHORIZE", "main", $arUser["ID"], $applicationId); } CHTMLPagesCache::OnUserLogin(); return true; } return false; }
/** * Get common data from cache. * @return mixed[] */ protected function getReferences() { $this->arParams['CACHE_GROUPS'] = isset($this->arParams['CACHE_GROUPS']) && $this->arParams['CACHE_GROUPS'] == 'N' ? 'N' : 'Y'; $obCache = new CPHPCache(); if ($this->arParams['CACHE_GROUPS'] == 'Y') { $userGroups = implode(",", Main\UserTable::getUserGroupIds($this->getUserId())); $cacheId = implode("-", array(__CLASS__, $this->getLanguageId(), $this->getSiteId(), $userGroups)); } else { $cacheId = implode("-", array(__CLASS__, $this->getLanguageId(), $this->getSiteId())); } $cached = array(); if ($obCache->StartDataCache($this->arParams["CACHE_TIME"], $cacheId, $this->getSiteId() . '/' . $this->getRelativePath() . '/reference')) { // Catalog Groups $cached['CATALOG_GROUP'] = array(); $catalogGroupIterator = CCatalogGroup::GetList(array("SORT" => "ASC")); while ($catalogGroup = $catalogGroupIterator->fetch()) { $cached['CATALOG_GROUP'][$catalogGroup['NAME']] = $catalogGroup; } // Catalog Prices $cached['CATALOG_PRICE'] = CIBlockPriceTools::GetCatalogPrices(false, array_keys($cached['CATALOG_GROUP'])); // Catalog Currency $cached['CURRENCY'] = array(); if ($this->isCurrency) { $by = "currency"; $order = "asc"; $currencyIterator = CCurrency::getList($by, $order); while ($currency = $currencyIterator->fetch()) { $cached['CURRENCY'][$currency['CURRENCY']] = $currency; } } // Catalogs list $cached['CATALOG'] = array(); $catalogIterator = CCatalog::getList(array("IBLOCK_ID" => "ASC")); while ($catalog = $catalogIterator->fetch()) { $info = CCatalogSku::getInfoByIblock($catalog['IBLOCK_ID']); $catalog['CATALOG_TYPE'] = $info['CATALOG_TYPE']; $cached['CATALOG'][$catalog['IBLOCK_ID']] = $catalog; } // Measure list $cached['MEASURE'] = array(); $measureIterator = CCatalogMeasure::getList(array("CODE" => "ASC")); while ($measure = $measureIterator->fetch()) { $cached['MEASURE'][$measure['ID']] = $measure; } // Default Measure $cached['DEFAULT_MEASURE'] = CCatalogMeasure::getDefaultMeasure(true, true); $additionalCache = $this->getAdditionalRefereneces(); if (!empty($additionalCache) && is_array($additionalCache)) { foreach ($additionalCache as $cacheKey => $cacheData) { $cached[$cacheKey] = $cacheData; } unset($cacheKey, $cacheData); } unset($additionalCache); $obCache->EndDataCache($cached); } else { $cached = $obCache->GetVars(); } return $cached; }