Projekt

Allgemein

Profil

GX-Bug #52276 » LoginContentControlFix1.patch

Till Tepelmann, 23.06.2017 14:57

Unterschiede anzeigen:

src/system/classes/accounts/LoginContentControl.inc.php (revision )
53 53
					$loginSuccess = $authService->authUser($credentials);
54 54
				}
55 55
				
56
				if(!$loginSuccess)
56
				if($loginSuccess)
57 57
				{
58
					$this->v_data_array['GET']['login'] = 'fail';
59
					$info_message                       = TEXT_LOGIN_ERROR;
60
					$gm_log->gm_track();
61
				}
62
				else
63
				{
64 58
					$email_address = xtc_db_prepare_input($this->v_data_array['POST']['email_address']);
65
					
59

  
66 60
					// Check if email exists
67
					$check_customer_query = xtc_db_query("SELECT 
68
														customers_id, 
69
														customers_password 
70
													FROM 
71
														" . TABLE_CUSTOMERS . " 
72
													WHERE 
73
														customers_email_address = '" . xtc_db_input($email_address) . "' 
61
					$check_customer_query = xtc_db_query("SELECT
62
														customers_id,
63
														customers_password
64
													FROM
65
														" . TABLE_CUSTOMERS . "
66
													WHERE
67
														customers_email_address = '" . xtc_db_input($email_address) . "'
74 68
														AND account_type = '0'");
75
					
69

  
70
					if(xtc_db_num_rows($check_customer_query) > 0)
71
					{
76
					$check_customer = xtc_db_fetch_array($check_customer_query);
77
					
78
					// Check if the password needs to be rehashed. 
79
					$hash = $authService->getRehashedPassword(new StringType(xtc_db_prepare_input($this->v_data_array['POST']['password'])),
80
					                                          new NonEmptyStringType($check_customer['customers_password']));
81
					
82
					if($hash !== $check_customer['customers_password']
83
					   && gm_get_conf('GM_PASSWORD_REENCRYPT') === 'true'
84
					)
85
					{
86
						$db = StaticGXCoreLoader::getDatabaseQueryBuilder();
87
						
88
						$db->update('customers', ['customers_password' => $hash],
89
						            ['customers_email_address' => $email_address]);
90
					}
72
						$check_customer = xtc_db_fetch_array($check_customer_query);
73

  
74
						// Check if the password needs to be rehashed.
75
						$hash = $authService->getRehashedPassword(new StringType(xtc_db_prepare_input($this->v_data_array['POST']['password'])),
76
						                                          new NonEmptyStringType($check_customer['customers_password']));
77

  
78
						if($hash !== $check_customer['customers_password']
79
						   && gm_get_conf('GM_PASSWORD_REENCRYPT') === 'true'
80
						)
81
						{
82
							$db = StaticGXCoreLoader::getDatabaseQueryBuilder();
83

  
84
							$db->update('customers', ['customers_password' => $hash],
85
							            ['customers_email_address' => $email_address]);
86
						}
91
					
92
					$gm_log->gm_delete(true);
93
					
94
					$this->loginAfterSuccessfulAuthorization($check_customer['customers_id']);
95
					
96
					if($_SESSION['cart']->count_contents() > 0)
97
					{
98
						if(isset($this->v_data_array['GET']['checkout_started'])
99
						   && $this->v_data_array['GET']['checkout_started'] == 1
100
						)
101
						{
102
							$this->set_redirect_url(xtc_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
103
						}
104
						else
105
						{
106
							$this->set_redirect_url(xtc_href_link(FILENAME_ACCOUNT, '', 'SSL'));
107
						}
108
					}
109
					else
110
					{
111
						$this->set_redirect_url(xtc_href_link(FILENAME_DEFAULT));
112
					}
87
						$gm_log->gm_delete(true);
88

  
89
						$this->loginAfterSuccessfulAuthorization($check_customer['customers_id']);
90

  
91
						if($_SESSION['cart']->count_contents() > 0)
92
						{
93
							if(isset($this->v_data_array['GET']['checkout_started'])
94
							   && $this->v_data_array['GET']['checkout_started'] == 1
95
							)
96
							{
97
								$this->set_redirect_url(xtc_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
98
							}
99
							else
100
							{
101
								$this->set_redirect_url(xtc_href_link(FILENAME_ACCOUNT, '', 'SSL'));
102
							}
103
						}
104
						else
105
						{
106
							$this->set_redirect_url(xtc_href_link(FILENAME_DEFAULT));
107
						}
108
					}
109
					else
110
					{
111

  
112
						$loginSuccess = false;
113
					}
114
				}
115
				if(!$loginSuccess)
116
				{
117
					$this->v_data_array['GET']['login'] = 'fail';
118
					$info_message                       = TEXT_LOGIN_ERROR;
119
					$gm_log->gm_track();
113 120
				}
114 121
			}
115 122
		}
    (1-1/1)