1: <?php
2: namespace Opencart\Catalog\Controller\Account;
3: /**
4: * Class Login
5: *
6: * @package Opencart\Catalog\Controller\Account
7: */
8: class Login extends \Opencart\System\Engine\Controller {
9: /**
10: * @return void
11: */
12: public function index(): void {
13: $this->load->language('account/login');
14:
15: $this->document->setTitle($this->language->get('heading_title'));
16:
17: // If already logged in and has matching token then redirect to account page
18: if ($this->customer->isLogged() && isset($this->request->get['customer_token']) && isset($this->session->data['customer_token']) && ($this->request->get['customer_token'] == $this->session->data['customer_token'])) {
19: $this->response->redirect($this->url->link('account/account', 'language=' . $this->config->get('config_language') . '&customer_token=' . $this->session->data['customer_token'], true));
20: }
21:
22: $data['breadcrumbs'] = [];
23:
24: $data['breadcrumbs'][] = [
25: 'text' => $this->language->get('text_home'),
26: 'href' => $this->url->link('common/home', 'language=' . $this->config->get('config_language'))
27: ];
28:
29: $data['breadcrumbs'][] = [
30: 'text' => $this->language->get('text_account'),
31: 'href' => $this->url->link('account/account', 'language=' . $this->config->get('config_language'))
32: ];
33:
34: $data['breadcrumbs'][] = [
35: 'text' => $this->language->get('text_login'),
36: 'href' => $this->url->link('account/login', 'language=' . $this->config->get('config_language'))
37: ];
38:
39: // Check to see if user is using incorrect token
40: if (isset($this->session->data['customer_token'])) {
41: $data['error_warning'] = $this->language->get('error_token');
42:
43: $this->customer->logout();
44:
45: unset($this->session->data['customer']);
46: unset($this->session->data['shipping_address']);
47: unset($this->session->data['shipping_method']);
48: unset($this->session->data['shipping_methods']);
49: unset($this->session->data['payment_address']);
50: unset($this->session->data['payment_method']);
51: unset($this->session->data['payment_methods']);
52: unset($this->session->data['comment']);
53: unset($this->session->data['order_id']);
54: unset($this->session->data['coupon']);
55: unset($this->session->data['reward']);
56: unset($this->session->data['voucher']);
57: unset($this->session->data['vouchers']);
58: unset($this->session->data['customer_token']);
59: } elseif (isset($this->session->data['error'])) {
60: $data['error_warning'] = $this->session->data['error'];
61:
62: unset($this->session->data['error']);
63: } else {
64: $data['error_warning'] = '';
65: }
66:
67: if (isset($this->session->data['success'])) {
68: $data['success'] = $this->session->data['success'];
69:
70: unset($this->session->data['success']);
71: } else {
72: $data['success'] = '';
73: }
74:
75: if (isset($this->session->data['redirect'])) {
76: $data['redirect'] = $this->session->data['redirect'];
77:
78: unset($this->session->data['redirect']);
79: } elseif (isset($this->request->get['redirect'])) {
80: $data['redirect'] = $this->request->get['redirect'];
81: } else {
82: $data['redirect'] = '';
83: }
84:
85: $this->session->data['login_token'] = oc_token(26);
86:
87: $data['login'] = $this->url->link('account/login.login', 'language=' . $this->config->get('config_language') . '&login_token=' . $this->session->data['login_token']);
88: $data['register'] = $this->url->link('account/register', 'language=' . $this->config->get('config_language'));
89: $data['forgotten'] = $this->url->link('account/forgotten', 'language=' . $this->config->get('config_language'));
90:
91: $data['column_left'] = $this->load->controller('common/column_left');
92: $data['column_right'] = $this->load->controller('common/column_right');
93: $data['content_top'] = $this->load->controller('common/content_top');
94: $data['content_bottom'] = $this->load->controller('common/content_bottom');
95: $data['footer'] = $this->load->controller('common/footer');
96: $data['header'] = $this->load->controller('common/header');
97:
98: $this->response->setOutput($this->load->view('account/login', $data));
99: }
100:
101: /**
102: * Login
103: *
104: * @return void
105: */
106: public function login(): void {
107: $this->load->language('account/login');
108:
109: $json = [];
110:
111: // Stop any undefined index messages.
112: $keys = [
113: 'email',
114: 'password',
115: 'redirect'
116: ];
117:
118: foreach ($keys as $key) {
119: if (!isset($this->request->post[$key])) {
120: $this->request->post[$key] = '';
121: }
122: }
123:
124: $this->customer->logout();
125:
126: if (!isset($this->request->get['login_token']) || !isset($this->session->data['login_token']) || ($this->request->get['login_token'] != $this->session->data['login_token'])) {
127: $json['redirect'] = $this->url->link('account/login', 'language=' . $this->config->get('config_language'), true);
128: }
129:
130: if (!$json) {
131: // Check how many login attempts have been made.
132: $this->load->model('account/customer');
133:
134: $login_info = $this->model_account_customer->getLoginAttempts($this->request->post['email']);
135:
136: if ($login_info && ($login_info['total'] >= $this->config->get('config_login_attempts')) && strtotime('-1 hour') < strtotime($login_info['date_modified'])) {
137: $json['error']['warning'] = $this->language->get('error_attempts');
138: }
139:
140: // Check if customer has been approved.
141: $customer_info = $this->model_account_customer->getCustomerByEmail($this->request->post['email']);
142:
143: if ($customer_info && !$customer_info['status']) {
144: $json['error']['warning'] = $this->language->get('error_approved');
145: } elseif (!$this->customer->login($this->request->post['email'], html_entity_decode($this->request->post['password'], ENT_QUOTES, 'UTF-8'))) {
146: $json['error']['warning'] = $this->language->get('error_login');
147:
148: $this->model_account_customer->addLoginAttempt($this->request->post['email']);
149: }
150: }
151:
152: if (!$json) {
153: // Add customer details into session
154: $this->session->data['customer'] = [
155: 'customer_id' => $customer_info['customer_id'],
156: 'customer_group_id' => $customer_info['customer_group_id'],
157: 'firstname' => $customer_info['firstname'],
158: 'lastname' => $customer_info['lastname'],
159: 'email' => $customer_info['email'],
160: 'telephone' => $customer_info['telephone'],
161: 'custom_field' => $customer_info['custom_field']
162: ];
163:
164: unset($this->session->data['order_id']);
165: unset($this->session->data['shipping_method']);
166: unset($this->session->data['shipping_methods']);
167: unset($this->session->data['payment_method']);
168: unset($this->session->data['payment_methods']);
169:
170: // Wishlist
171: if (isset($this->session->data['wishlist']) && is_array($this->session->data['wishlist'])) {
172: $this->load->model('account/wishlist');
173:
174: foreach ($this->session->data['wishlist'] as $key => $product_id) {
175: $this->model_account_wishlist->addWishlist($this->customer->getId(), $product_id);
176:
177: unset($this->session->data['wishlist'][$key]);
178: }
179: }
180:
181: // Log the IP info
182: $this->model_account_customer->addLogin($this->customer->getId(), $this->request->server['REMOTE_ADDR']);
183:
184: // Create customer token
185: $this->session->data['customer_token'] = oc_token(26);
186:
187: $this->model_account_customer->deleteLoginAttempts($this->request->post['email']);
188:
189: if (isset($this->request->post['redirect'])) {
190: $redirect = urldecode(html_entity_decode($this->request->post['redirect'], ENT_QUOTES, 'UTF-8'));
191: } else {
192: $redirect = '';
193: }
194:
195: // Added strpos check to pass McAfee PCI compliance test (http://forum.opencart.com/viewtopic.php?f=10&t=12043&p=151494#p151295)
196: if ($redirect && str_starts_with($redirect, $this->config->get('config_url'))) {
197: $json['redirect'] = $redirect . '&customer_token=' . $this->session->data['customer_token'];
198: } else {
199: $json['redirect'] = $this->url->link('account/account', 'language=' . $this->config->get('config_language') . '&customer_token=' . $this->session->data['customer_token'], true);
200: }
201: }
202:
203: $this->response->addHeader('Content-Type: application/json');
204: $this->response->setOutput(json_encode($json));
205: }
206:
207: /**
208: * Token
209: *
210: * @return void
211: */
212: public function token(): void {
213: $this->load->language('account/login');
214:
215: if (isset($this->request->get['email'])) {
216: $email = $this->request->get['email'];
217: } else {
218: $email = '';
219: }
220:
221: if (isset($this->request->get['login_token'])) {
222: $token = $this->request->get['login_token'];
223: } else {
224: $token = '';
225: }
226:
227: // Login override for admin users
228: $this->customer->logout();
229: $this->cart->clear();
230:
231: unset($this->session->data['order_id']);
232: unset($this->session->data['payment_address']);
233: unset($this->session->data['payment_method']);
234: unset($this->session->data['payment_methods']);
235: unset($this->session->data['shipping_address']);
236: unset($this->session->data['shipping_method']);
237: unset($this->session->data['shipping_methods']);
238: unset($this->session->data['comment']);
239: unset($this->session->data['coupon']);
240: unset($this->session->data['reward']);
241: unset($this->session->data['voucher']);
242: unset($this->session->data['vouchers']);
243: unset($this->session->data['customer_token']);
244:
245: $this->load->model('account/customer');
246:
247: $customer_info = $this->model_account_customer->getCustomerByEmail($email);
248:
249: if ($customer_info && $customer_info['token'] && $customer_info['token'] == $token && $this->customer->login($customer_info['email'], '', true)) {
250: // Add customer details into session
251: $this->session->data['customer'] = [
252: 'customer_id' => $customer_info['customer_id'],
253: 'customer_group_id' => $customer_info['customer_group_id'],
254: 'firstname' => $customer_info['firstname'],
255: 'lastname' => $customer_info['lastname'],
256: 'email' => $customer_info['email'],
257: 'telephone' => $customer_info['telephone'],
258: 'custom_field' => $customer_info['custom_field']
259: ];
260:
261: // Default Addresses
262: $this->load->model('account/address');
263:
264: $address_info = $this->model_account_address->getAddress($this->customer->getId(), $this->customer->getAddressId());
265:
266: if ($address_info) {
267: $this->session->data['shipping_address'] = $address_info;
268: }
269:
270: if ($this->config->get('config_tax_customer') && $address_info) {
271: $this->session->data[$this->config->get('config_tax_customer') . '_address'] = $address_info;
272: }
273:
274: $this->model_account_customer->editToken($email, '');
275:
276: // Create customer token
277: $this->session->data['customer_token'] = oc_token(26);
278:
279: $this->response->redirect($this->url->link('account/account', 'language=' . $this->config->get('config_language') . '&customer_token=' . $this->session->data['customer_token'], true));
280: } else {
281: $this->session->data['error'] = $this->language->get('error_login');
282:
283: $this->model_account_customer->editToken($email, '');
284:
285: $this->response->redirect($this->url->link('account/login', 'language=' . $this->config->get('config_language'), true));
286: }
287: }
288: }
289: