1: <?php
2: namespace Opencart\Admin\Controller\Startup;
3: /**
4: * Class Authorize
5: *
6: * @package Opencart\Admin\Controller\Startup
7: */
8: class Authorize extends \Opencart\System\Engine\Controller {
9: /**
10: * Index
11: *
12: * @return \Opencart\System\Engine\Action|null
13: */
14: public function index(): ?\Opencart\System\Engine\Action {
15: if (isset($this->request->get['route'])) {
16: $route = (string)$this->request->get['route'];
17: } else {
18: $route = '';
19: }
20:
21: if (isset($this->request->cookie['authorize'])) {
22: $token = (string)$this->request->cookie['authorize'];
23: } else {
24: $token = '';
25: }
26:
27: // Remove any method call for checking ignore pages.
28: $pos = strrpos($route, '.');
29:
30: if ($pos !== false) {
31: $route = substr($route, 0, $pos);
32: }
33:
34: $ignore = [
35: 'common/login',
36: 'common/logout',
37: 'common/forgotten',
38: 'common/authorize'
39: ];
40:
41: if ($this->config->get('config_user_2fa') && !in_array($route, $ignore)) {
42: $this->load->model('user/user');
43:
44: $token_info = $this->model_user_user->getAuthorizeByToken($this->user->getId(), $token);
45:
46: if (!$token_info || !$token_info['status'] && $token_info['attempts'] <= 2) {
47: return new \Opencart\System\Engine\Action('common/authorize');
48: }
49:
50: if ($token_info && !$token_info['status'] && $token_info['attempts'] > 2) {
51: return new \Opencart\System\Engine\Action('common/authorize.unlock');
52: }
53: }
54:
55: return null;
56: }
57: }
58: