Context Navigation

Back to Ticket #843

Ticket #843: login.php

File login.php, 12.5 KB (added by anonymous, 10 years ago)

Line
1	<?php
2	/* -----------------------------------------------------------------------------------------
3	$Id$
4
5	modified eCommerce Shopsoftware
6	http://www.modified-shop.org
7
8	Copyright (c) 2009 - 2013 [www.modified-shop.org]
9	-----------------------------------------------------------------------------------------
10	based on:
11	(c) 2000-2001 The Exchange Project (earlier name of osCommerce)
12	(c) 2002-2003 osCommerce(login.php,v 1.79 2003/05/19); www.oscommerce.com
13	(c) 2003 nextcommerce (login.php,v 1.13 2003/08/17); www.nextcommerce.org
14	(c) 2003 XT-Commerce
15
16	Released under the GNU General Public License
17	-----------------------------------------------------------------------------------------
18	Third Party contribution:
19
20	guest account idea by Ingo T. <xIngox@web.de>
21	---------------------------------------------------------------------------------------*/
22
23	include ('includes/application_top.php');
24
25	define('LOGIN_NUM', 2);
26	define('LOGIN_TIME', 3600);
27	defined('MODULE_CAPTCHA_CODE_LENGTH') or define('MODULE_CAPTCHA_CODE_LENGTH', 6);
28
29	if (isset ($_SESSION['customer_id'])) {
30	xtc_redirect(xtc_href_link(FILENAME_ACCOUNT, '', 'SSL'));
31	}
32
33	// create smarty elements
34	$smarty = new Smarty;
35
36	// include needed functions
37	require_once (DIR_FS_INC.'xtc_validate_password.inc.php');
38	require_once (DIR_FS_INC.'xtc_array_to_string.inc.php');
39	require_once (DIR_FS_INC.'xtc_write_user_info.inc.php');
40
41	// redirect the customer to a friendly cookie-must-be-enabled page if cookies are disabled (or the session has not started)
42	if ($session_started == false) {
43	xtc_redirect(xtc_href_link(FILENAME_COOKIE_USAGE));
44	}
45
46	$account_options = ACCOUNT_OPTIONS;
47	$products = $_SESSION['cart']->get_products();
48	for ($i = 0, $n = sizeof($products); $i < $n; $i ++) {
49	if (preg_match('/^GIFT/', addslashes($products[$i]['model']))) {
50	$account_options = 'account';
51	break;
52	}
53	}
54
55	if (!isset($_SESSION['customers_login_tries'])) {
56	$_SESSION['customers_login_tries'] = 0;
57	}
58
59	if (isset ($_GET['action']) && ($_GET['action'] == 'process')) {
60	$email_address = xtc_db_prepare_input($_POST['email_address']);
61	$password = xtc_db_prepare_input($_POST['password']);
62
63	$vvcode = xtc_db_prepare_input($_POST['vvcode']);
64	$captcha = xtc_db_prepare_input($_SESSION['vvcode']);
65	unset($_SESSION['vvcode']);
66
67	// captcha
68	$captcha_error = false;
69	if ($_SESSION['customers_login_tries'] >= LOGIN_NUM) {
70	if (strtoupper($vvcode) != $captcha) {
71	$captcha_error = true;
72	}
73	}
74
75	// increment login tries
76	$_SESSION['customers_login_tries'] ++;
77
78	// check if email exists
79	$check_customer_query = xtc_db_query("SELECT customers_id,
80	customers_vat_id,
81	customers_firstname,
82	customers_lastname,
83	customers_gender,
84	customers_password,
85	customers_email_address,
86	customers_default_address_id,
87	customers_login_tries,
88	customers_login_time,
89	password_request_key,
90	password_request_time
91	FROM ".TABLE_CUSTOMERS."
92	WHERE customers_email_address = '".xtc_db_input($email_address)."'
93	AND account_type = '0'");
94
95	if (xtc_db_num_rows($check_customer_query) < 1) {
96	$messageStack->add('login', TEXT_LOGIN_ERROR);
97	} else {
98	$check_customer = xtc_db_fetch_array($check_customer_query);
99
100	// update login tries
101	xtc_db_query("UPDATE ".TABLE_CUSTOMERS."
102	SET customers_login_tries = customers_login_tries+1,
103	customers_login_time = now()
104	WHERE customers_email_address = '".xtc_db_input($email_address)."'");
105
106	if (($check_customer['customers_login_tries'] + 1) > $_SESSION['customers_login_tries']) {
107	$_SESSION['customers_login_tries'] = $check_customer['customers_login_tries'] + 1;
108	}
109
110	if ($_SESSION['customers_login_tries'] >= LOGIN_NUM && (time() - strtotime($check_customer['customers_login_time'])) < LOGIN_TIME) {
111	if (strtoupper($vvcode) != $captcha) {
112	$captcha_error = true;
113	}
114	}
115
116	// Check that password is good
117	if (xtc_validate_password($password, $check_customer['customers_password'], $check_customer['customers_id']) !== true) {
118	$messageStack->add('login', TEXT_LOGIN_ERROR);
119	} elseif ($captcha_error === false) {
120	if (SESSION_RECREATE == 'True') {
121	xtc_session_recreate();
122	}
123
124	// reset Login tries
125	unset($_SESSION['customers_login_tries']);
126	xtc_db_query("UPDATE ".TABLE_CUSTOMERS."
127	SET customers_login_tries = '0',
128	customers_login_time = now()
129	WHERE customers_email_address = '".xtc_db_input($email_address)."'");
130
131	$check_country_query = xtc_db_query("SELECT entry_country_id,
132	entry_zone_id
133	FROM ".TABLE_ADDRESS_BOOK."
134	WHERE customers_id = '".(int) $check_customer['customers_id']."'
135	AND address_book_id = '".$check_customer['customers_default_address_id']."'");
136	$check_country = xtc_db_fetch_array($check_country_query);
137
138	$_SESSION['customer_gender'] = $check_customer['customers_gender'];
139	$_SESSION['customer_first_name'] = $check_customer['customers_firstname'];
140	$_SESSION['customer_last_name'] = $check_customer['customers_lastname'];
141	$_SESSION['customer_email_address'] = $check_customer['customers_email_address'];
142	$_SESSION['customer_id'] = $check_customer['customers_id'];
143	$_SESSION['customer_vat_id'] = $check_customer['customers_vat_id'];
144	$_SESSION['customer_default_address_id'] = $check_customer['customers_default_address_id'];
145	$_SESSION['customer_country_id'] = $check_country['entry_country_id'];
146	$_SESSION['customer_zone_id'] = $check_country['entry_zone_id'];
147
148	xtc_db_query("UPDATE ".TABLE_CUSTOMERS_INFO."
149	SET customers_info_date_of_last_logon = now(),
150	customers_info_number_of_logons = customers_info_number_of_logons+1
151	WHERE customers_info_id = '".(int) $_SESSION['customer_id']."'");
152	xtc_write_user_info((int) $_SESSION['customer_id']);
153
154	// restore cart contents
155	$_SESSION['cart']->restore_contents();
156
157	// restore wishlist contents
158	if (defined('MODULE_WISHLIST_SYSTEM_STATUS') && MODULE_WISHLIST_SYSTEM_STATUS == 'true') {
159	$_SESSION['wishlist']->restore_contents();
160	}
161
162	if (isset($econda) && is_object($econda)) {
163	$econda->_loginUser();
164	}
165
166	// webald - write customers status in session
167	write_customers_status_in_session();
168
169	// define pages allowed to redirect
170	$redirect_array = array(FILENAME_ACCOUNT_HISTORY_INFO,
171	FILENAME_ACCOUNT,
172	FILENAME_CHECKOUT_SHIPPING,
173	FILENAME_PRODUCT_REVIEWS_WRITE
174	);
175
176	// webald - Userdefined order for redirect after login - start
177
178	function redirect_target($target){
179	global $messageStack;
180
181	$result = false;
182	switch ($target){
183	case 'referer':
184	if (isset($_SESSION['REFERER']) && xtc_not_null($_SESSION['REFERER']) && in_array($_SESSION['REFERER'], $redirect_array) && $_SESSION['old_customers_basket'] === false) {
185	$result = true;
186	xtc_redirect(xtc_href_link($_SESSION['REFERER'], xtc_get_all_get_params(array('review_prod_id', 'action')).(isset($_GET['review_prod_id']) ? 'products_id=' .$_GET['review_prod_id'] : '')));
187	}
188	break;
189	case 'cart':
190	if ($_SESSION['cart']->count_contents() > 0){
191	$result = true;
192	if ($_SESSION['old_customers_basket_cart'] === true) {
193	unset($_SESSION['old_customers_basket_cart']);
194	$messageStack->add_session('info_message_3', TEXT_SAVED_BASKET);
195	}
196	xtc_redirect(xtc_href_link(FILENAME_SHOPPING_CART),'NONSSL');
197	}
198	break;
199	case 'account':
200	$result = true;
201	xtc_redirect(xtc_href_link(FILENAME_ACCOUNT),'NONSSL');
202	break;
203	case 'admin':
204	if ($_SESSION['customers_status']['customers_status_id'] == '0') {
205	$result = true;
206	xtc_redirect(xtc_href_link(FILENAME_START),'','SSL');
207	}
208	break;
209	case 'index':
210	$result = true;
211	xtc_redirect(xtc_href_link(FILENAME_DEFAULT),'NONSSL');
212	break;
213	}
214
215	return $result;
216	}
217
218	if(!defined('LOGIN_REDIRECT_ORDER')) define('LOGIN_REDIRECT_ORDER', 'admin;referer; cart; account; index');
219
220	$login_redirect_order = explode(';', strtolower(LOGIN_REDIRECT_ORDER)); // allowed values: referer, cart, account, admin, index
221	$redirect_target_result = false;
222	foreach ($login_redirect_order as $target){
223	$redirect_target_result = redirect_target(trim($target));
224	if ($redirect_target_result == true) break;
225	}
226	if ($redirect_target_result == false) xtc_redirect(xtc_href_link(FILENAME_DEFAULT),'NONSSL');
227
228	// webald - Userdefined order for redirect after login - end
229
230	/*
231	if (isset($_SESSION['REFERER']) && xtc_not_null($_SESSION['REFERER']) && in_array($_SESSION['REFERER'], $redirect_array) && $_SESSION['old_customers_basket'] === false) {
232	xtc_redirect(xtc_href_link($_SESSION['REFERER'], xtc_get_all_get_params(array('review_prod_id', 'action')).(isset($_GET['review_prod_id']) ? 'products_id=' .$_GET['review_prod_id'] : '')));
233	} elseif ($_SESSION['cart']->count_contents() > 0) {
234	if ($_SESSION['old_customers_basket_cart'] === true) {
235	unset($_SESSION['old_customers_basket_cart']);
236	$messageStack->add_session('info_message_3', TEXT_SAVED_BASKET);
237	}
238	xtc_redirect(xtc_href_link(FILENAME_SHOPPING_CART),'NONSSL');
239	} else {
240	xtc_redirect(xtc_href_link(FILENAME_DEFAULT),'NONSSL');
241	}*/
242	}
243	}
244	}
245
246	if ($captcha_error === true) {
247	$messageStack->add('login', TEXT_WRONG_CODE);
248	}
249
250	// include boxes
251	require (DIR_FS_CATALOG.'templates/'.CURRENT_TEMPLATE.'/source/boxes.php');
252
253	$breadcrumb->add(NAVBAR_TITLE_LOGIN, xtc_href_link(FILENAME_LOGIN, '', 'SSL'));
254	require (DIR_WS_INCLUDES.'header.php');
255
256	if (isset($_GET['info_message']) && xtc_not_null($_GET['info_message'])) {
257	$messageStack->add('login', get_message('info_message'));
258	}
259
260	if ($messageStack->size('login') > 0) {
261	$smarty->assign('info_message', $messageStack->output('login'));
262	}
263
264	$smarty->assign('account_option', $account_options);
265	$smarty->assign('BUTTON_NEW_ACCOUNT', '<a href="'.xtc_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL').'">'.xtc_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE).'</a>');
266	$smarty->assign('BUTTON_LOGIN', xtc_image_submit('button_login.gif', IMAGE_BUTTON_LOGIN));
267	$smarty->assign('BUTTON_GUEST', '<a href="'.xtc_href_link(FILENAME_CREATE_GUEST_ACCOUNT, '', 'SSL').'">'.xtc_image_button('button_continue.gif', IMAGE_BUTTON_CONTINUE).'</a>');
268	$smarty->assign('FORM_ACTION', xtc_draw_form('login', xtc_href_link(FILENAME_LOGIN, xtc_get_all_get_params().'action=process', 'SSL')));
269	$smarty->assign('INPUT_MAIL', xtc_draw_input_field('email_address'));
270	$smarty->assign('INPUT_PASSWORD', xtc_draw_password_field('password'));
271	$smarty->assign('LINK_LOST_PASSWORD', xtc_href_link(FILENAME_PASSWORD_DOUBLE_OPT, '', 'SSL'));
272	$smarty->assign('FORM_END', '</form>');
273
274	// captcha
275	if ($_SESSION['customers_login_tries'] >= LOGIN_NUM) {
276	$smarty->assign('VVIMG', '<img src="'.xtc_href_link(FILENAME_DISPLAY_VVCODES, '', 'SSL').'" alt="Captcha" />');
277	$smarty->assign('INPUT_CODE', xtc_draw_input_field('vvcode', '', 'size="'.MODULE_CAPTCHA_CODE_LENGTH.'" maxlength="'.MODULE_CAPTCHA_CODE_LENGTH.'"', 'text', false));
278	}
279
280	$smarty->assign('language', $_SESSION['language']);
281	$smarty->caching = 0;
282	$main_content = $smarty->fetch(CURRENT_TEMPLATE.'/module/login.html');
283	$smarty->assign('main_content', $main_content);
284
285	$smarty->assign('language', $_SESSION['language']);
286	$smarty->caching = 0;
287	if (!defined('RM'))
288	$smarty->load_filter('output', 'note');
289	$smarty->display(CURRENT_TEMPLATE.'/index.html');
290	include ('includes/application_bottom.php');
291	?>

Download in other formats:

Original Format