1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
<?php
class ControllerCommonLogin extends Controller {
private $error = array();
public function index() {
$this->load->language('common/login');
$this->document->setTitle($this->language->get('heading_title'));
if ($this->user->isLogged() && isset($this->request->get['user_token']) && ($this->request->get['user_token'] == $this->session->data['user_token'])) {
$this->response->redirect($this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true));
}
if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validate()) {
$this->session->data['user_token'] = token(32);
if (isset($this->request->post['redirect']) && (strpos($this->request->post['redirect'], HTTP_SERVER) === 0 || strpos($this->request->post['redirect'], HTTPS_SERVER) === 0)) {
$this->response->redirect($this->request->post['redirect'] . '&user_token=' . $this->session->data['user_token']);
} else {
$this->response->redirect($this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true));
}
}
if ((isset($this->session->data['user_token']) && !isset($this->request->get['user_token'])) || ((isset($this->request->get['user_token']) && (isset($this->session->data['user_token']) && ($this->request->get['user_token'] != $this->session->data['user_token']))))) {
$this->error['warning'] = $this->language->get('error_token');
}
if (isset($this->error['warning'])) {
$data['error_warning'] = $this->error['warning'];
} else {
$data['error_warning'] = '';
}
if (isset($this->session->data['success'])) {
$data['success'] = $this->session->data['success'];
unset($this->session->data['success']);
} else {
$data['success'] = '';
}
$data['action'] = $this->url->link('common/login', '', true);
if (isset($this->request->post['username'])) {
$data['username'] = $this->request->post['username'];
} else {
$data['username'] = '';
}
if (isset($this->request->post['password'])) {
$data['password'] = $this->request->post['password'];
} else {
$data['password'] = '';
}
if (isset($this->request->get['route'])) {
$route = $this->request->get['route'];
unset($this->request->get['route']);
unset($this->request->get['user_token']);
$url = '';
if ($this->request->get) {
$url .= http_build_query($this->request->get);
}
$data['redirect'] = $this->url->link($route, $url, true);
} else {
$data['redirect'] = '';
}
if ($this->config->get('config_password')) {
$data['forgotten'] = $this->url->link('common/forgotten', '', true);
} else {
$data['forgotten'] = '';
}
$data['header'] = $this->load->controller('common/header');
$data['footer'] = $this->load->controller('common/footer');
$this->response->setOutput($this->load->view('common/login', $data));
}
protected function validate() {
if (!isset($this->request->post['username']) || !isset($this->request->post['password']) || !$this->user->login($this->request->post['username'], html_entity_decode($this->request->post['password'], ENT_QUOTES, 'UTF-8'))) {
$this->error['warning'] = $this->language->get('error_login');
}
return !$this->error;
}
}
|
