1: | <?php
|
2: | namespace Opencart\Admin\Controller\Common;
|
3: | |
4: | |
5: | |
6: | |
7: |
|
8: | class Login extends \Opencart\System\Engine\Controller {
|
9: | |
10: | |
11: | |
12: | |
13: |
|
14: | public function index(): void {
|
15: | $this->load->language('common/login');
|
16: |
|
17: | $this->document->setTitle($this->language->get('heading_title'));
|
18: |
|
19: |
|
20: | if ($this->user->isLogged() && isset($this->request->get['user_token']) && isset($this->session->data['user_token']) && ($this->request->get['user_token'] == $this->session->data['user_token'])) {
|
21: | $this->response->redirect($this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true));
|
22: | }
|
23: |
|
24: |
|
25: | if (isset($this->request->get['user_token']) && (!isset($this->session->data['user_token']) || ($this->request->get['user_token'] != $this->session->data['user_token']))) {
|
26: | $data['error_warning'] = $this->language->get('error_token');
|
27: | } elseif (isset($this->session->data['error'])) {
|
28: | $data['error_warning'] = $this->session->data['error'];
|
29: |
|
30: | unset($this->session->data['error']);
|
31: | } else {
|
32: | $data['error_warning'] = '';
|
33: | }
|
34: |
|
35: | if (isset($this->session->data['success'])) {
|
36: | $data['success'] = $this->session->data['success'];
|
37: |
|
38: | unset($this->session->data['success']);
|
39: | } else {
|
40: | $data['success'] = '';
|
41: | }
|
42: |
|
43: |
|
44: | $this->session->data['login_token'] = oc_token(32);
|
45: |
|
46: | $data['login'] = $this->url->link('common/login.login', 'login_token=' . $this->session->data['login_token'], true);
|
47: |
|
48: | if ($this->config->get('config_mail_engine')) {
|
49: | $data['forgotten'] = $this->url->link('common/forgotten');
|
50: | } else {
|
51: | $data['forgotten'] = '';
|
52: | }
|
53: |
|
54: | if (isset($this->request->get['route']) && $this->request->get['route'] != 'common/login') {
|
55: | $args = $this->request->get;
|
56: |
|
57: | $route = $args['route'];
|
58: |
|
59: | unset($args['route']);
|
60: | unset($args['user_token']);
|
61: |
|
62: | $url = '';
|
63: |
|
64: | $url .= http_build_query($args);
|
65: |
|
66: | $data['redirect'] = $this->url->link($route, $url);
|
67: | } else {
|
68: | $data['redirect'] = '';
|
69: | }
|
70: |
|
71: | $data['header'] = $this->load->controller('common/header');
|
72: | $data['footer'] = $this->load->controller('common/footer');
|
73: |
|
74: | $this->response->setOutput($this->load->view('common/login', $data));
|
75: | }
|
76: |
|
77: | |
78: | |
79: | |
80: | |
81: |
|
82: | public function login(): void {
|
83: | $this->load->language('common/login');
|
84: |
|
85: | $json = [];
|
86: |
|
87: |
|
88: | $keys = [
|
89: | 'username',
|
90: | 'password',
|
91: | 'redirect'
|
92: | ];
|
93: |
|
94: | foreach ($keys as $key) {
|
95: | if (!isset($this->request->post[$key])) {
|
96: | $this->request->post[$key] = '';
|
97: | }
|
98: | }
|
99: |
|
100: | if ($this->user->isLogged() && isset($this->request->get['user_token']) && isset($this->session->data['user_token']) && ($this->request->get['user_token'] == $this->session->data['user_token'])) {
|
101: | $json['redirect'] = $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true);
|
102: | }
|
103: |
|
104: | if (!isset($this->request->get['login_token']) || !isset($this->session->data['login_token']) || $this->request->get['login_token'] != $this->session->data['login_token']) {
|
105: | $this->session->data['error'] = $this->language->get('error_login');
|
106: |
|
107: | $json['redirect'] = $this->url->link('common/login', '', true);
|
108: | }
|
109: |
|
110: | if (!$json && !$this->user->login($this->request->post['username'], html_entity_decode($this->request->post['password'], ENT_QUOTES, 'UTF-8'))) {
|
111: | $json['error'] = $this->language->get('error_login');
|
112: | }
|
113: |
|
114: | if (!$json) {
|
115: | $this->session->data['user_token'] = oc_token(32);
|
116: |
|
117: |
|
118: | unset($this->session->data['login_token']);
|
119: |
|
120: | $login_data = [
|
121: | 'ip' => $this->request->server['REMOTE_ADDR'],
|
122: | 'user_agent' => $this->request->server['HTTP_USER_AGENT']
|
123: | ];
|
124: |
|
125: | $this->load->model('user/user');
|
126: |
|
127: | $this->model_user_user->addLogin($this->user->getId(), $login_data);
|
128: |
|
129: | if ($this->request->post['redirect'] && str_starts_with(html_entity_decode($this->request->post['redirect'], ENT_QUOTES, 'UTF-8'), HTTP_SERVER)) {
|
130: | $json['redirect'] = html_entity_decode($this->request->post['redirect'], ENT_QUOTES, 'UTF-8') . '&user_token=' . $this->session->data['user_token'];
|
131: | } else {
|
132: | $json['redirect'] = $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true);
|
133: | }
|
134: | }
|
135: |
|
136: | $this->response->addHeader('Content-Type: application/json');
|
137: | $this->response->setOutput(json_encode($json));
|
138: | }
|
139: | }
|
140: | |