docs/api/source-admin.controller.common.authorize.html
| 1: | <?php | | 2: | namespace Opencart\Admin\Controller\Common; | | 3: | /** | | 4: | * Class Authorize | | 5: | * | | 6: | * @package Opencart\Admin\Controller\Common | | 7: | */ | | 8: | class Authorize extends \Opencart\System\Engine\Controller { | | 9: | /** | | 10: | * Index | | 11: | * | | 12: | * @return void | | 13: | */ | | 14: | public function index(): void { | | 15: | $this->load->language('common/authorize'); | | 16: | | | 17: | $this->document->setTitle($this->language->get('heading_title')); | | 18: | | | 19: | if (isset($this->request->cookie['authorize'])) { | | 20: | $token = $this->request->cookie['authorize']; | | 21: | } else { | | 22: | $token = ''; | | 23: | } | | 24: | | | 25: | // Check to see if user is using incorrect token | | 26: | if (isset($this->session->data['error'])) { | | 27: | $data['error_warning'] = $this->session->data['error']; | | 28: | | | 29: | unset($this->session->data['error']); | | 30: | } else { | | 31: | $data['error_warning'] = ''; | | 32: | } | | 33: | | | 34: | if (isset($this->session->data['success'])) { | | 35: | $data['success'] = $this->session->data['success']; | | 36: | | | 37: | unset($this->session->data['success']); | | 38: | } else { | | 39: | $data['success'] = ''; | | 40: | } | | 41: | | | 42: | $this->load->model('user/user'); | | 43: | | | 44: | $login_info = $this->model_user_user->getAuthorizeByToken($this->user->getId(), $token); | | 45: | | | 46: | if (!$login_info) { | | 47: | // Create a token that can be stored as a cookie and will be used to identify device is safe. | | 48: | $token = oc_token(32); | | 49: | | | 50: | $authorize_data = [ | | 51: | 'token' => $token, | | 52: | 'ip' => $this->request->server['REMOTE_ADDR'], | | 53: | 'user_agent' => $this->request->server['HTTP_USER_AGENT'] | | 54: | ]; | | 55: | | | 56: | $this->load->model('user/user'); | | 57: | | | 58: | $this->model_user_user->addAuthorize($this->user->getId(), $authorize_data); | | 59: | | | 60: | setcookie('authorize', $token, time() + 60 * 60 * 24 * 365 * 10); | | 61: | } | | 62: | | | 63: | $data['action'] = $this->url->link('common/authorize.validate', 'user_token=' . $this->session->data['user_token']); | | 64: | | | 65: | // Set the code to be emailed | | 66: | $this->session->data['code'] = oc_token(4); | | 67: | | | 68: | if (isset($this->request->get['route']) && $this->request->get['route'] != 'common/login' && $this->request->get['route'] != 'common/authorize') { | | 69: | $args = $this->request->get; | | 70: | | | 71: | $route = $args['route']; | | 72: | | | 73: | unset($args['route']); | | 74: | unset($args['user_token']); | | 75: | | | 76: | $url = ''; | | 77: | | | 78: | if ($args) { | | 79: | $url .= http_build_query($args); | | 80: | } | | 81: | | | 82: | $data['redirect'] = $this->url->link($route, $url); | | 83: | } else { | | 84: | $data['redirect'] = $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true); | | 85: | } | | 86: | | | 87: | $data['user_token'] = $this->session->data['user_token']; | | 88: | | | 89: | $data['header'] = $this->load->controller('common/header'); | | 90: | $data['footer'] = $this->load->controller('common/footer'); | | 91: | | | 92: | $this->response->setOutput($this->load->view('common/authorize', $data)); | | 93: | } | | 94: | | | 95: | /** | | 96: | * Send | | 97: | * | | 98: | * @return void | | 99: | */ | | 100: | public function send(): void { | | 101: | $this->load->language('common/authorize'); | | 102: | | | 103: | $json = []; | | 104: | | | 105: | $json['success'] = $this->language->get('text_resend'); | | 106: | | | 107: | $this->response->addHeader('Content-Type: application/json'); | | 108: | $this->response->setOutput(json_encode($json)); | | 109: | } | | 110: | | | 111: | /** | | 112: | * Validate | | 113: | * | | 114: | * @return void | | 115: | */ | | 116: | public function validate(): void { | | 117: | $this->load->language('common/authorize'); | | 118: | | | 119: | $json = []; | | 120: | | | 121: | if (isset($this->request->cookie['authorize'])) { | | 122: | $token = $this->request->cookie['authorize']; | | 123: | } else { | | 124: | $token = ''; | | 125: | } | | 126: | | | 127: | $this->load->model('user/user'); | | 128: | | | 129: | $authorize_info = $this->model_user_user->getAuthorizeByToken($this->user->getId(), $token); | | 130: | | | 131: | if ($authorize_info) { | | 132: | if (($authorize_info['attempts'] <= 2) && (!isset($this->request->post['code']) || !isset($this->session->data['code']) || ($this->request->post['code'] != $this->session->data['code']))) { | | 133: | $json['error'] = $this->language->get('error_code'); | | 134: | | | 135: | $this->model_user_user->editAuthorizeTotal($authorize_info['user_authorize_id'], $authorize_info['total'] + 1); | | 136: | } | | 137: | | | 138: | if ($authorize_info['attempts'] >= 2) { | | 139: | $json['redirect'] = $this->url->link('common/authorize.unlock', 'user_token=' . $this->session->data['user_token'], true); | | 140: | } | | 141: | } else { | | 142: | $json['error'] = $this->language->get('error_code'); | | 143: | } | | 144: | | | 145: | if (!$json) { | | 146: | $this->model_user_user->editAuthorizeStatus($authorize_info['user_authorize_id'], true); | | 147: | $this->model_user_user->editAuthorizeTotal($authorize_info['user_authorize_id'], 0); | | 148: | | | 149: | if (isset($this->request->post['redirect'])) { | | 150: | $redirect = urldecode(html_entity_decode($this->request->post['redirect'], ENT_QUOTES, 'UTF-8')); | | 151: | } else { | | 152: | $redirect = ''; | | 153: | } | | 154: | | | 155: | // Register the cookie for security. | | 156: | if ($redirect && str_starts_with($redirect, HTTP_SERVER)) { | | 157: | $json['redirect'] = $redirect . '&user_token=' . $this->session->data['user_token']; | | 158: | } else { | | 159: | $json['redirect'] = $this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true); | | 160: | } | | 161: | } | | 162: | | | 163: | $this->response->addHeader('Content-Type: application/json'); | | 164: | $this->response->setOutput(json_encode($json)); | | 165: | } | | 166: | | | 167: | /** | | 168: | * Unlock | | 169: | * | | 170: | * @return void | | 171: | */ | | 172: | public function unlock(): void { | | 173: | $this->load->language('common/authorize'); | | 174: | | | 175: | if (isset($this->request->cookie['authorize'])) { | | 176: | $token = $this->request->cookie['authorize']; | | 177: | } else { | | 178: | $token = ''; | | 179: | } | | 180: | | | 181: | $this->load->model('user/user'); | | 182: | | | 183: | $authorize_info = $this->model_user_user->getAuthorizeByToken($this->user->getId(), $token); | | 184: | | | 185: | if ($authorize_info && $authorize_info['status']) { | | 186: | // Redirect if already have a valid token. | | 187: | $this->response->redirect($this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token'], true)); | | 188: | } | | 189: | | | 190: | $data['user_token'] = $this->session->data['user_token']; | | 191: | | | 192: | $data['header'] = $this->load->controller('common/header'); | | 193: | $data['footer'] = $this->load->controller('common/footer'); | | 194: | | | 195: | $this->response->setOutput($this->load->view('common/authorize_unlock', $data)); | | 196: | } | | 197: | | | 198: | /** | | 199: | * Confirm | | 200: | * | | 201: | * @return void | | 202: | */ | | 203: | public function confirm(): void { | | 204: | $this->load->language('common/authorize'); | | 205: | | | 206: | $json = []; | | 207: | | | 208: | $json['success'] = $this->language->get('text_link'); | | 209: | | | 210: | // Create reset code | | 211: | $this->load->model('user/user'); | | 212: | | | 213: | $this->model_user_user->editCode($this->user->getEmail(), oc_token(32)); | | 214: | | | 215: | $this->response->addHeader('Content-Type: application/json'); | | 216: | $this->response->setOutput(json_encode($json)); | | 217: | } | | 218: | | | 219: | /** | | 220: | * Reset | | 221: | * | | 222: | * @return void | | 223: | */ | | 224: | public function reset(): void { | | 225: | $this->load->language('common/authorize'); | | 226: | | | 227: | if (isset($this->request->get['email'])) { | | 228: | $email = (string)$this->request->get['email']; | | 229: | } else { | | 230: | $email = ''; | | 231: | } | | 232: | | | 233: | if (isset($this->request->get['code'])) { | | 234: | $code = (string)$this->request->get['code']; | | 235: | } else { | | 236: | $code = ''; | | 237: | } | | 238: | | | 239: | $this->load->model('user/user'); | | 240: | | | 241: | $user_info = $this->model_user_user->getUserByEmail($email); | | 242: | | | 243: | if ($user_info && $user_info['code'] && $code && $user_info['code'] === $code) { | | 244: | $this->model_user_user->editAuthorizeTotalByUserId($user_info['user_id'], 0); | | 245: | | | 246: | $this->model_user_user->editCode($email, ''); | | 247: | | | 248: | $this->session->data['success'] = $this->language->get('text_unlocked'); | | 249: | | | 250: | $this->response->redirect($this->url->link('common/authorize', 'user_token=' . $this->session->data['user_token'], true)); | | 251: | } else { | | 252: | $this->user->logout(); | | 253: | | | 254: | $this->model_user_user->editCode($email, ''); | | 255: | | | 256: | $this->session->data['error'] = $this->language->get('error_reset'); | | 257: | | | 258: | $this->response->redirect($this->url->link('common/login', '', true)); | | 259: | } | | 260: | } | | 261: | } | | 262: | |
OpenCart API API documentation generated by ApiGen dev-master