1: <?php
2: namespace Opencart\catalog\controller\startup;
3: /**
4: * Class Authorize
5: *
6: * @package Opencart\Admin\Controller\Startup
7: */
8: class Authorize extends \Opencart\System\Engine\Controller {
9: /**
10: * @return \Opencart\System\Engine\Action|null
11: */
12: public function index(): ?\Opencart\System\Engine\Action {
13: if (isset($this->request->get['route'])) {
14: $route = (string)$this->request->get['route'];
15: } else {
16: $route = '';
17: }
18:
19: if (isset($this->request->cookie['authorize'])) {
20: $token = (string)$this->request->cookie['authorize'];
21: } else {
22: $token = '';
23: }
24:
25: // Remove any method call for checking ignore pages.
26: $pos = strrpos($route, '.');
27:
28: if ($pos !== false) {
29: $route = substr($route, 0, $pos);
30: }
31:
32: $ignore = [
33: 'account/login',
34: 'account/logout',
35: 'account/forgotten',
36: 'account/authorize'
37: ];
38:
39: if ($this->config->get('config_security') && !in_array($route, $ignore)) {
40: $this->load->model('user/user');
41:
42: $token_info = $this->model_user_user->getAuthorizeByToken($this->user->getId(), $token);
43:
44: if (!$token_info || !$token_info['status'] && $token_info['attempts'] <= 2) {
45: return new \Opencart\System\Engine\Action('common/authorize');
46: }
47:
48: if ($token_info && !$token_info['status'] && $token_info['attempts'] > 2) {
49: return new \Opencart\System\Engine\Action('common/authorize.unlock');
50: }
51: }
52:
53: return null;
54: }
55: }
56: