1: <?php
2: namespace Opencart\Admin\Controller\Common;
3: /**
4: * Class Login
5: *
6: * @package Opencart\Admin\Controller\Common
7: */
8: class Login extends \Opencart\System\Engine\Controller {
9: /**
10: * Index
11: *
12: * @return void
13: */
14: public function index(): void {
15: $this->load->language('common/login');
16:
17: $this->document->setTitle($this->language->get('heading_title'));
18:
19: // Check to see if user is already logged
20: if ($this->user->isLogged() && isset($this->request->get['user_token']) && isset($this->session->data['user_token']) && ($this->request->get['user_token'] == $this->session->data['user_token'])) {
21: $this->response->redirect($this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true));
22: }
23:
24: // Check to see if user is using incorrect token
25: if (isset($this->request->get['user_token']) && (!isset($this->session->data['user_token']) || ($this->request->get['user_token'] != $this->session->data['user_token']))) {
26: $data['error_warning'] = $this->language->get('error_token');
27: } elseif (isset($this->session->data['error'])) {
28: $data['error_warning'] = $this->session->data['error'];
29:
30: unset($this->session->data['error']);
31: } else {
32: $data['error_warning'] = '';
33: }
34:
35: if (isset($this->session->data['success'])) {
36: $data['success'] = $this->session->data['success'];
37:
38: unset($this->session->data['success']);
39: } else {
40: $data['success'] = '';
41: }
42:
43: // Create a login token to prevent brute force attacks
44: $this->session->data['login_token'] = oc_token(32);
45:
46: $data['login'] = $this->url->link('common/login.login', 'login_token=' . $this->session->data['login_token'], true);
47:
48: if ($this->config->get('config_mail_engine')) {
49: $data['forgotten'] = $this->url->link('common/forgotten');
50: } else {
51: $data['forgotten'] = '';
52: }
53:
54: if (isset($this->request->get['route']) && $this->request->get['route'] != 'common/login') {
55: $args = $this->request->get;
56:
57: $route = $args['route'];
58:
59: unset($args['route']);
60: unset($args['user_token']);
61:
62: $url = '';
63:
64: $url .= http_build_query($args);
65:
66: $data['redirect'] = $this->url->link($route, $url);
67: } else {
68: $data['redirect'] = '';
69: }
70:
71: $data['header'] = $this->load->controller('common/header');
72: $data['footer'] = $this->load->controller('common/footer');
73:
74: $this->response->setOutput($this->load->view('common/login', $data));
75: }
76:
77: /**
78: * Login
79: *
80: * @return void
81: */
82: public function login(): void {
83: $this->load->language('common/login');
84:
85: $json = [];
86:
87: // Stop any undefined index messages.
88: $keys = [
89: 'username',
90: 'password',
91: 'redirect'
92: ];
93:
94: foreach ($keys as $key) {
95: if (!isset($this->request->post[$key])) {
96: $this->request->post[$key] = '';
97: }
98: }
99:
100: if ($this->user->isLogged() && isset($this->request->get['user_token']) && isset($this->session->data['user_token']) && ($this->request->get['user_token'] == $this->session->data['user_token'])) {
101: $json['redirect'] = $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true);
102: }
103:
104: if (!isset($this->request->get['login_token']) || !isset($this->session->data['login_token']) || $this->request->get['login_token'] != $this->session->data['login_token']) {
105: $this->session->data['error'] = $this->language->get('error_login');
106:
107: $json['redirect'] = $this->url->link('common/login', '', true);
108: }
109:
110: if (!$json && !$this->user->login($this->request->post['username'], html_entity_decode($this->request->post['password'], ENT_QUOTES, 'UTF-8'))) {
111: $json['error'] = $this->language->get('error_login');
112: }
113:
114: if (!$json) {
115: $this->session->data['user_token'] = oc_token(32);
116:
117: // Remove login token so it cannot be used again.
118: unset($this->session->data['login_token']);
119:
120: $login_data = [
121: 'ip' => $this->request->server['REMOTE_ADDR'],
122: 'user_agent' => $this->request->server['HTTP_USER_AGENT']
123: ];
124:
125: $this->load->model('user/user');
126:
127: $this->model_user_user->addLogin($this->user->getId(), $login_data);
128:
129: if ($this->request->post['redirect'] && str_starts_with(html_entity_decode($this->request->post['redirect'], ENT_QUOTES, 'UTF-8'), HTTP_SERVER)) {
130: $json['redirect'] = html_entity_decode($this->request->post['redirect'], ENT_QUOTES, 'UTF-8') . '&user_token=' . $this->session->data['user_token'];
131: } else {
132: $json['redirect'] = $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true);
133: }
134: }
135:
136: $this->response->addHeader('Content-Type: application/json');
137: $this->response->setOutput(json_encode($json));
138: }
139: }
140: