File admin\controller\common\authorize.php

1:	<?php
2:	namespace Opencart\Admin\Controller\Common;
3:	/**
4:	* Class Authorize
5:	*
6:	* @package Opencart\Admin\Controller\Common
7:	*/
8:	class Authorize extends \Opencart\System\Engine\Controller {
9:	/**
10:	* Index
11:	*
12:	* @return void
13:	*/
14:	public function index(): void {
15:	$this->load->language('common/authorize');
16:
17:	$this->document->setTitle($this->language->get('heading_title'));
18:
19:	if (isset($this->request->cookie['authorize'])) {
20:	$token = $this->request->cookie['authorize'];
21:	} else {
22:	$token = '';
23:	}
24:
25:	// Check to see if user is using incorrect token
26:	if (isset($this->session->data['error'])) {
27:	$data['error_warning'] = $this->session->data['error'];
28:
29:	unset($this->session->data['error']);
30:	} else {
31:	$data['error_warning'] = '';
32:	}
33:
34:	if (isset($this->session->data['success'])) {
35:	$data['success'] = $this->session->data['success'];
36:
37:	unset($this->session->data['success']);
38:	} else {
39:	$data['success'] = '';
40:	}
41:
42:	$this->load->model('user/user');
43:
44:	$login_info = $this->model_user_user->getAuthorizeByToken($this->user->getId(), $token);
45:
46:	if (!$login_info) {
47:	// Create a token that can be stored as a cookie and will be used to identify device is safe.
48:	$token = oc_token(32);
49:
50:	$authorize_data = [
51:	'token' => $token,
52:	'ip' => $this->request->server['REMOTE_ADDR'],
53:	'user_agent' => $this->request->server['HTTP_USER_AGENT']
54:	];
55:
56:	$this->load->model('user/user');
57:
58:	$this->model_user_user->addAuthorize($this->user->getId(), $authorize_data);
59:
60:	setcookie('authorize', $token, time() + 60 * 60 * 24 * 365 * 10);
61:	}
62:
63:	$data['action'] = $this->url->link('common/authorize.validate', 'user_token=' . $this->session->data['user_token']);
64:
65:	// Set the code to be emailed
66:	$this->session->data['code'] = oc_token(4);
67:
68:	if (isset($this->request->get['route']) && $this->request->get['route'] != 'common/login' && $this->request->get['route'] != 'common/authorize') {
69:	$args = $this->request->get;
70:
71:	$route = $args['route'];
72:
73:	unset($args['route']);
74:	unset($args['user_token']);
75:
76:	$url = '';
77:
78:	if ($args) {
79:	$url .= http_build_query($args);
80:	}
81:
82:	$data['redirect'] = $this->url->link($route, $url);
83:	} else {
84:	$data['redirect'] = $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true);
85:	}
86:
87:	$data['user_token'] = $this->session->data['user_token'];
88:
89:	$data['header'] = $this->load->controller('common/header');
90:	$data['footer'] = $this->load->controller('common/footer');
91:
92:	$this->response->setOutput($this->load->view('common/authorize', $data));
93:	}
94:
95:	/**
96:	* Send
97:	*
98:	* @return void
99:	*/
100:	public function send(): void {
101:	$this->load->language('common/authorize');
102:
103:	$json = [];
104:
105:	$json['success'] = $this->language->get('text_resend');
106:
107:	$this->response->addHeader('Content-Type: application/json');
108:	$this->response->setOutput(json_encode($json));
109:	}
110:
111:	/**
112:	* Validate
113:	*
114:	* @return void
115:	*/
116:	public function validate(): void {
117:	$this->load->language('common/authorize');
118:
119:	$json = [];
120:
121:	if (isset($this->request->cookie['authorize'])) {
122:	$token = $this->request->cookie['authorize'];
123:	} else {
124:	$token = '';
125:	}
126:
127:	$this->load->model('user/user');
128:
129:	$authorize_info = $this->model_user_user->getAuthorizeByToken($this->user->getId(), $token);
130:
131:	if ($authorize_info) {
132:	if (($authorize_info['attempts'] <= 2) && (!isset($this->request->post['code']) \|\| !isset($this->session->data['code']) \|\| ($this->request->post['code'] != $this->session->data['code']))) {
133:	$json['error'] = $this->language->get('error_code');
134:
135:	$this->model_user_user->editAuthorizeTotal($authorize_info['user_authorize_id'], $authorize_info['total'] + 1);
136:	}
137:
138:	if ($authorize_info['attempts'] >= 2) {
139:	$json['redirect'] = $this->url->link('common/authorize.unlock', 'user_token=' . $this->session->data['user_token'], true);
140:	}
141:	} else {
142:	$json['error'] = $this->language->get('error_code');
143:	}
144:
145:	if (!$json) {
146:	$this->model_user_user->editAuthorizeStatus($authorize_info['user_authorize_id'], true);
147:	$this->model_user_user->editAuthorizeTotal($authorize_info['user_authorize_id'], 0);
148:
149:	if (isset($this->request->post['redirect'])) {
150:	$redirect = urldecode(html_entity_decode($this->request->post['redirect'], ENT_QUOTES, 'UTF-8'));
151:	} else {
152:	$redirect = '';
153:	}
154:
155:	// Register the cookie for security.
156:	if ($redirect && str_starts_with($redirect, HTTP_SERVER)) {
157:	$json['redirect'] = $redirect . '&user_token=' . $this->session->data['user_token'];
158:	} else {
159:	$json['redirect'] = $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true);
160:	}
161:	}
162:
163:	$this->response->addHeader('Content-Type: application/json');
164:	$this->response->setOutput(json_encode($json));
165:	}
166:
167:	/**
168:	* Unlock
169:	*
170:	* @return void
171:	*/
172:	public function unlock(): void {
173:	$this->load->language('common/authorize');
174:
175:	if (isset($this->request->cookie['authorize'])) {
176:	$token = $this->request->cookie['authorize'];
177:	} else {
178:	$token = '';
179:	}
180:
181:	$this->load->model('user/user');
182:
183:	$authorize_info = $this->model_user_user->getAuthorizeByToken($this->user->getId(), $token);
184:
185:	if ($authorize_info && $authorize_info['status']) {
186:	// Redirect if already have a valid token.
187:	$this->response->redirect($this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true));
188:	}
189:
190:	$data['user_token'] = $this->session->data['user_token'];
191:
192:	$data['header'] = $this->load->controller('common/header');
193:	$data['footer'] = $this->load->controller('common/footer');
194:
195:	$this->response->setOutput($this->load->view('common/authorize_unlock', $data));
196:	}
197:
198:	/**
199:	* Confirm
200:	*
201:	* @return void
202:	*/
203:	public function confirm(): void {
204:	$this->load->language('common/authorize');
205:
206:	$json = [];
207:
208:	$json['success'] = $this->language->get('text_link');
209:
210:	// Create reset code
211:	$this->load->model('user/user');
212:
213:	$this->model_user_user->editCode($this->user->getEmail(), oc_token(32));
214:
215:	$this->response->addHeader('Content-Type: application/json');
216:	$this->response->setOutput(json_encode($json));
217:	}
218:
219:	/**
220:	* Reset
221:	*
222:	* @return void
223:	*/
224:	public function reset(): void {
225:	$this->load->language('common/authorize');
226:
227:	if (isset($this->request->get['email'])) {
228:	$email = (string)$this->request->get['email'];
229:	} else {
230:	$email = '';
231:	}
232:
233:	if (isset($this->request->get['code'])) {
234:	$code = (string)$this->request->get['code'];
235:	} else {
236:	$code = '';
237:	}
238:
239:	$this->load->model('user/user');
240:
241:	$user_info = $this->model_user_user->getUserByEmail($email);
242:
243:	if ($user_info && $user_info['code'] && $code && $user_info['code'] === $code) {
244:	$this->model_user_user->editAuthorizeTotalByUserId($user_info['user_id'], 0);
245:
246:	$this->model_user_user->editCode($email, '');
247:
248:	$this->session->data['success'] = $this->language->get('text_unlocked');
249:
250:	$this->response->redirect($this->url->link('common/authorize', 'user_token=' . $this->session->data['user_token'], true));
251:	} else {
252:	$this->user->logout();
253:
254:	$this->model_user_user->editCode($email, '');
255:
256:	$this->session->data['error'] = $this->language->get('error_reset');
257:
258:	$this->response->redirect($this->url->link('common/login', '', true));
259:	}
260:	}
261:	}
262:

Namespaces

Classes