Projekt

Allgemein

Profil

Herunterladen (4,38 KB)

GX-Bug #52276 » LoginContentControlFix1.patch

Till Tepelmann, 23.06.2017 14:57

Unterschiede anzeigen:

src/system/classes/accounts/LoginContentControl.inc.php (revision )
53 53 
					$loginSuccess = $authService->authUser($credentials);
54 54 
				}
55 55
56 
				if(!$loginSuccess)
56 
				if($loginSuccess)
57 57 
				{
58 
					$this->v_data_array['GET']['login'] = 'fail';
59 
					$info_message                       = TEXT_LOGIN_ERROR;
60 
					$gm_log->gm_track();
61 
				}
62 
				else
63 
				{
64 58 
					$email_address = xtc_db_prepare_input($this->v_data_array['POST']['email_address']);
65
59 

  		




  66
  60
  
    
					// Check if email exists

  		




  67
  
  
    
					$check_customer_query = xtc_db_query("SELECT 

  		




  68
  
  
    
														customers_id, 

  		




  69
  
  
    
														customers_password 

  		




  70
  
  
    
													FROM 

  		




  71
  
  
    
														" . TABLE_CUSTOMERS . " 

  		




  72
  
  
    
													WHERE 

  		




  73
  
  
    
														customers_email_address = '" . xtc_db_input($email_address) . "' 

  		




  
  61
  
    
					$check_customer_query = xtc_db_query("SELECT

  		




  
  62
  
    
														customers_id,

  		




  
  63
  
    
														customers_password

  		




  
  64
  
    
													FROM

  		




  
  65
  
    
														" . TABLE_CUSTOMERS . "

  		




  
  66
  
    
													WHERE

  		




  
  67
  
    
														customers_email_address = '" . xtc_db_input($email_address) . "'

  		




  74
  68
  
    
														AND account_type = '0'");

  		




  75
  
  
    
					

  		




  
  69
  
    

  		




  
  70
  
    
					if(xtc_db_num_rows($check_customer_query) > 0)

  		




  
  71
  
    
					{

  		




  76
  
  
    
					$check_customer = xtc_db_fetch_array($check_customer_query);

  		




  77
  
  
    
					

  		




  78
  
  
    
					// Check if the password needs to be rehashed. 

  		




  79
  
  
    
					$hash = $authService->getRehashedPassword(new StringType(xtc_db_prepare_input($this->v_data_array['POST']['password'])),

  		




  80
  
  
    
					                                          new NonEmptyStringType($check_customer['customers_password']));

  		




  81
  
  
    
					

  		




  82
  
  
    
					if($hash !== $check_customer['customers_password']

  		




  83
  
  
    
					   && gm_get_conf('GM_PASSWORD_REENCRYPT') === 'true'

  		




  84
  
  
    
					)

  		




  85
  
  
    
					{

  		




  86
  
  
    
						$db = StaticGXCoreLoader::getDatabaseQueryBuilder();

  		




  87
  
  
    
						

  		




  88
  
  
    
						$db->update('customers', ['customers_password' => $hash],

  		




  89
  
  
    
						            ['customers_email_address' => $email_address]);

  		




  90
  
  
    
					}

  		




  
  72
  
    
						$check_customer = xtc_db_fetch_array($check_customer_query);

  		




  
  73
  
    

  		




  
  74
  
    
						// Check if the password needs to be rehashed.

  		




  
  75
  
    
						$hash = $authService->getRehashedPassword(new StringType(xtc_db_prepare_input($this->v_data_array['POST']['password'])),

  		




  
  76
  
    
						                                          new NonEmptyStringType($check_customer['customers_password']));

  		




  
  77
  
    

  		




  
  78
  
    
						if($hash !== $check_customer['customers_password']

  		




  
  79
  
    
						   && gm_get_conf('GM_PASSWORD_REENCRYPT') === 'true'

  		




  
  80
  
    
						)

  		




  
  81
  
    
						{

  		




  
  82
  
    
							$db = StaticGXCoreLoader::getDatabaseQueryBuilder();

  		




  
  83
  
    

  		




  
  84
  
    
							$db->update('customers', ['customers_password' => $hash],

  		




  
  85
  
    
							            ['customers_email_address' => $email_address]);

  		




  
  86
  
    
						}

  		




  91
  
  
    
					

  		




  92
  
  
    
					$gm_log->gm_delete(true);

  		




  93
  
  
    
					

  		




  94
  
  
    
					$this->loginAfterSuccessfulAuthorization($check_customer['customers_id']);

  		




  95
  
  
    
					

  		




  96
  
  
    
					if($_SESSION['cart']->count_contents() > 0)

  		




  97
  
  
    
					{

  		




  98
  
  
    
						if(isset($this->v_data_array['GET']['checkout_started'])

  		




  99
  
  
    
						   && $this->v_data_array['GET']['checkout_started'] == 1

  		




  100
  
  
    
						)

  		




  101
  
  
    
						{

  		




  102
  
  
    
							$this->set_redirect_url(xtc_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));

  		




  103
  
  
    
						}

  		




  104
  
  
    
						else

  		




  105
  
  
    
						{

  		




  106
  
  
    
							$this->set_redirect_url(xtc_href_link(FILENAME_ACCOUNT, '', 'SSL'));

  		




  107
  
  
    
						}

  		




  108
  
  
    
					}

  		




  109
  
  
    
					else

  		




  110
  
  
    
					{

  		




  111
  
  
    
						$this->set_redirect_url(xtc_href_link(FILENAME_DEFAULT));

  		




  112
  
  
    
					}

  		




  
  87
  
    
						$gm_log->gm_delete(true);

  		




  
  88
  
    

  		




  
  89
  
    
						$this->loginAfterSuccessfulAuthorization($check_customer['customers_id']);

  		




  
  90
  
    

  		




  
  91
  
    
						if($_SESSION['cart']->count_contents() > 0)

  		




  
  92
  
    
						{

  		




  
  93
  
    
							if(isset($this->v_data_array['GET']['checkout_started'])

  		




  
  94
  
    
							   && $this->v_data_array['GET']['checkout_started'] == 1

  		




  
  95
  
    
							)

  		




  
  96
  
    
							{

  		




  
  97
  
    
								$this->set_redirect_url(xtc_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));

  		




  
  98
  
    
							}

  		




  
  99
  
    
							else

  		




  
  100
  
    
							{

  		




  
  101
  
    
								$this->set_redirect_url(xtc_href_link(FILENAME_ACCOUNT, '', 'SSL'));

  		




  
  102
  
    
							}

  		




  
  103
  
    
						}

  		




  
  104
  
    
						else

  		




  
  105
  
    
						{

  		




  
  106
  
    
							$this->set_redirect_url(xtc_href_link(FILENAME_DEFAULT));

  		




  
  107
  
    
						}

  		




  
  108
  
    
					}

  		




  
  109
  
    
					else

  		




  
  110
  
    
					{

  		




  
  111
  
    

  		




  
  112
  
    
						$loginSuccess = false;

  		




  
  113
  
    
					}

  		




  
  114
  
    
				}

  		




  
  115
  
    
				if(!$loginSuccess)

  		




  
  116
  
    
				{

  		




  
  117
  
    
					$this->v_data_array['GET']['login'] = 'fail';

  		




  
  118
  
    
					$info_message                       = TEXT_LOGIN_ERROR;

  		




  
  119
  
    
					$gm_log->gm_track();

  		




  113
  120
  
    
				}

  		




  114
  121
  
    
			}

  		




  115
  122
  
    
		}

  		















  
    (1-1/1)