| 1: | <?php
|
| 2: | namespace Opencart\Admin\Controller\Common;
|
| 3: | |
| 4: | |
| 5: | |
| 6: | |
| 7: |
|
| 8: | class Authorize extends \Opencart\System\Engine\Controller {
|
| 9: | |
| 10: | |
| 11: | |
| 12: | |
| 13: |
|
| 14: | public function index(): void {
|
| 15: | $this->load->language('common/authorize');
|
| 16: |
|
| 17: | $this->document->setTitle($this->language->get('heading_title'));
|
| 18: |
|
| 19: | if (isset($this->request->cookie['authorize'])) {
|
| 20: | $token = $this->request->cookie['authorize'];
|
| 21: | } else {
|
| 22: | $token = '';
|
| 23: | }
|
| 24: |
|
| 25: |
|
| 26: | if (isset($this->session->data['error'])) {
|
| 27: | $data['error_warning'] = $this->session->data['error'];
|
| 28: |
|
| 29: | unset($this->session->data['error']);
|
| 30: | } else {
|
| 31: | $data['error_warning'] = '';
|
| 32: | }
|
| 33: |
|
| 34: | if (isset($this->session->data['success'])) {
|
| 35: | $data['success'] = $this->session->data['success'];
|
| 36: |
|
| 37: | unset($this->session->data['success']);
|
| 38: | } else {
|
| 39: | $data['success'] = '';
|
| 40: | }
|
| 41: |
|
| 42: | $this->load->model('user/user');
|
| 43: |
|
| 44: | $login_info = $this->model_user_user->getAuthorizeByToken($this->user->getId(), $token);
|
| 45: |
|
| 46: | if (!$login_info) {
|
| 47: |
|
| 48: | $token = oc_token(32);
|
| 49: |
|
| 50: | $authorize_data = [
|
| 51: | 'token' => $token,
|
| 52: | 'ip' => $this->request->server['REMOTE_ADDR'],
|
| 53: | 'user_agent' => $this->request->server['HTTP_USER_AGENT']
|
| 54: | ];
|
| 55: |
|
| 56: | $this->load->model('user/user');
|
| 57: |
|
| 58: | $this->model_user_user->addAuthorize($this->user->getId(), $authorize_data);
|
| 59: |
|
| 60: | setcookie('authorize', $token, time() + 60 * 60 * 24 * 365 * 10);
|
| 61: | }
|
| 62: |
|
| 63: | $data['action'] = $this->url->link('common/authorize.validate', 'user_token=' . $this->session->data['user_token']);
|
| 64: |
|
| 65: |
|
| 66: | $this->session->data['code'] = oc_token(4);
|
| 67: |
|
| 68: | if (isset($this->request->get['route']) && $this->request->get['route'] != 'common/login' && $this->request->get['route'] != 'common/authorize') {
|
| 69: | $args = $this->request->get;
|
| 70: |
|
| 71: | $route = $args['route'];
|
| 72: |
|
| 73: | unset($args['route']);
|
| 74: | unset($args['user_token']);
|
| 75: |
|
| 76: | $url = '';
|
| 77: |
|
| 78: | if ($args) {
|
| 79: | $url .= http_build_query($args);
|
| 80: | }
|
| 81: |
|
| 82: | $data['redirect'] = $this->url->link($route, $url);
|
| 83: | } else {
|
| 84: | $data['redirect'] = $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true);
|
| 85: | }
|
| 86: |
|
| 87: | $data['user_token'] = $this->session->data['user_token'];
|
| 88: |
|
| 89: | $data['header'] = $this->load->controller('common/header');
|
| 90: | $data['footer'] = $this->load->controller('common/footer');
|
| 91: |
|
| 92: | $this->response->setOutput($this->load->view('common/authorize', $data));
|
| 93: | }
|
| 94: |
|
| 95: | |
| 96: | |
| 97: | |
| 98: | |
| 99: |
|
| 100: | public function send(): void {
|
| 101: | $this->load->language('common/authorize');
|
| 102: |
|
| 103: | $json = [];
|
| 104: |
|
| 105: | $json['success'] = $this->language->get('text_resend');
|
| 106: |
|
| 107: | $this->response->addHeader('Content-Type: application/json');
|
| 108: | $this->response->setOutput(json_encode($json));
|
| 109: | }
|
| 110: |
|
| 111: | |
| 112: | |
| 113: | |
| 114: | |
| 115: |
|
| 116: | public function validate(): void {
|
| 117: | $this->load->language('common/authorize');
|
| 118: |
|
| 119: | $json = [];
|
| 120: |
|
| 121: | if (isset($this->request->cookie['authorize'])) {
|
| 122: | $token = $this->request->cookie['authorize'];
|
| 123: | } else {
|
| 124: | $token = '';
|
| 125: | }
|
| 126: |
|
| 127: | $this->load->model('user/user');
|
| 128: |
|
| 129: | $authorize_info = $this->model_user_user->getAuthorizeByToken($this->user->getId(), $token);
|
| 130: |
|
| 131: | if ($authorize_info) {
|
| 132: | if (($authorize_info['attempts'] <= 2) && (!isset($this->request->post['code']) || !isset($this->session->data['code']) || ($this->request->post['code'] != $this->session->data['code']))) {
|
| 133: | $json['error'] = $this->language->get('error_code');
|
| 134: |
|
| 135: | $this->model_user_user->editAuthorizeTotal($authorize_info['user_authorize_id'], $authorize_info['total'] + 1);
|
| 136: | }
|
| 137: |
|
| 138: | if ($authorize_info['attempts'] >= 2) {
|
| 139: | $json['redirect'] = $this->url->link('common/authorize.unlock', 'user_token=' . $this->session->data['user_token'], true);
|
| 140: | }
|
| 141: | } else {
|
| 142: | $json['error'] = $this->language->get('error_code');
|
| 143: | }
|
| 144: |
|
| 145: | if (!$json) {
|
| 146: | $this->model_user_user->editAuthorizeStatus($authorize_info['user_authorize_id'], true);
|
| 147: | $this->model_user_user->editAuthorizeTotal($authorize_info['user_authorize_id'], 0);
|
| 148: |
|
| 149: | if (isset($this->request->post['redirect'])) {
|
| 150: | $redirect = urldecode(html_entity_decode($this->request->post['redirect'], ENT_QUOTES, 'UTF-8'));
|
| 151: | } else {
|
| 152: | $redirect = '';
|
| 153: | }
|
| 154: |
|
| 155: |
|
| 156: | if ($redirect && str_starts_with($redirect, HTTP_SERVER)) {
|
| 157: | $json['redirect'] = $redirect . '&user_token=' . $this->session->data['user_token'];
|
| 158: | } else {
|
| 159: | $json['redirect'] = $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true);
|
| 160: | }
|
| 161: | }
|
| 162: |
|
| 163: | $this->response->addHeader('Content-Type: application/json');
|
| 164: | $this->response->setOutput(json_encode($json));
|
| 165: | }
|
| 166: |
|
| 167: | |
| 168: | |
| 169: | |
| 170: | |
| 171: |
|
| 172: | public function unlock(): void {
|
| 173: | $this->load->language('common/authorize');
|
| 174: |
|
| 175: | if (isset($this->request->cookie['authorize'])) {
|
| 176: | $token = $this->request->cookie['authorize'];
|
| 177: | } else {
|
| 178: | $token = '';
|
| 179: | }
|
| 180: |
|
| 181: | $this->load->model('user/user');
|
| 182: |
|
| 183: | $authorize_info = $this->model_user_user->getAuthorizeByToken($this->user->getId(), $token);
|
| 184: |
|
| 185: | if ($authorize_info && $authorize_info['status']) {
|
| 186: |
|
| 187: | $this->response->redirect($this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true));
|
| 188: | }
|
| 189: |
|
| 190: | $data['user_token'] = $this->session->data['user_token'];
|
| 191: |
|
| 192: | $data['header'] = $this->load->controller('common/header');
|
| 193: | $data['footer'] = $this->load->controller('common/footer');
|
| 194: |
|
| 195: | $this->response->setOutput($this->load->view('common/authorize_unlock', $data));
|
| 196: | }
|
| 197: |
|
| 198: | |
| 199: | |
| 200: | |
| 201: | |
| 202: |
|
| 203: | public function confirm(): void {
|
| 204: | $this->load->language('common/authorize');
|
| 205: |
|
| 206: | $json = [];
|
| 207: |
|
| 208: | $json['success'] = $this->language->get('text_link');
|
| 209: |
|
| 210: |
|
| 211: | $this->load->model('user/user');
|
| 212: |
|
| 213: | $this->model_user_user->editCode($this->user->getEmail(), oc_token(32));
|
| 214: |
|
| 215: | $this->response->addHeader('Content-Type: application/json');
|
| 216: | $this->response->setOutput(json_encode($json));
|
| 217: | }
|
| 218: |
|
| 219: | |
| 220: | |
| 221: | |
| 222: | |
| 223: |
|
| 224: | public function reset(): void {
|
| 225: | $this->load->language('common/authorize');
|
| 226: |
|
| 227: | if (isset($this->request->get['email'])) {
|
| 228: | $email = (string)$this->request->get['email'];
|
| 229: | } else {
|
| 230: | $email = '';
|
| 231: | }
|
| 232: |
|
| 233: | if (isset($this->request->get['code'])) {
|
| 234: | $code = (string)$this->request->get['code'];
|
| 235: | } else {
|
| 236: | $code = '';
|
| 237: | }
|
| 238: |
|
| 239: | $this->load->model('user/user');
|
| 240: |
|
| 241: | $user_info = $this->model_user_user->getUserByEmail($email);
|
| 242: |
|
| 243: | if ($user_info && $user_info['code'] && $code && $user_info['code'] === $code) {
|
| 244: | $this->model_user_user->editAuthorizeTotalByUserId($user_info['user_id'], 0);
|
| 245: |
|
| 246: | $this->model_user_user->editCode($email, '');
|
| 247: |
|
| 248: | $this->session->data['success'] = $this->language->get('text_unlocked');
|
| 249: |
|
| 250: | $this->response->redirect($this->url->link('common/authorize', 'user_token=' . $this->session->data['user_token'], true));
|
| 251: | } else {
|
| 252: | $this->user->logout();
|
| 253: |
|
| 254: | $this->model_user_user->editCode($email, '');
|
| 255: |
|
| 256: | $this->session->data['error'] = $this->language->get('error_reset');
|
| 257: |
|
| 258: | $this->response->redirect($this->url->link('common/login', '', true));
|
| 259: | }
|
| 260: | }
|
| 261: | }
|
| 262: | |