first commit
This commit is contained in:
219
admin/index.php
Normal file
219
admin/index.php
Normal file
@@ -0,0 +1,219 @@
|
||||
<?php
|
||||
|
||||
use KupShop\AdminBundle\Util\ActivityLog;
|
||||
use KupShop\AdminBundle\Util\LegacyAdminCredentials;
|
||||
use KupShop\KupShopBundle\Exception\RedirectException;
|
||||
use KupShop\KupShopBundle\Util\Compat\ServiceContainer;
|
||||
use KupShop\KupShopBundle\Util\Compat\SymfonyBridge;
|
||||
use KupShop\KupShopBundle\Util\StringUtil;
|
||||
|
||||
class Index extends Base
|
||||
{
|
||||
use DatabaseCommunication;
|
||||
protected $template = 'index.tpl';
|
||||
|
||||
/** @var LegacyAdminCredentials */
|
||||
private $legacyAdminCredentials;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
$this->legacyAdminCredentials = ServiceContainer::getService(LegacyAdminCredentials::class);
|
||||
}
|
||||
|
||||
public function get_vars()
|
||||
{
|
||||
$vars = parent::get_vars();
|
||||
|
||||
return array_merge($vars, [
|
||||
'url' => getVal('url'),
|
||||
'login' => getVal('login'),
|
||||
'error' => getVal('error'),
|
||||
'header' => [
|
||||
'date' => date('Ymd'),
|
||||
],
|
||||
]);
|
||||
}
|
||||
|
||||
public function handle()
|
||||
{
|
||||
parent::handle();
|
||||
$cfg = $GLOBALS['cfg'];
|
||||
|
||||
$url = getVal('url');
|
||||
if (empty($url)) {
|
||||
$url = 'launch.php?s=main.php';
|
||||
}
|
||||
|
||||
if ($this->legacyAdminCredentials->isLogged()) {
|
||||
redirect($url);
|
||||
}
|
||||
|
||||
if (isset($_POST['Submit'])) {
|
||||
$error = 0;
|
||||
|
||||
$login = getVal('login');
|
||||
$password = getVal('password');
|
||||
$hash = getVal('hash');
|
||||
|
||||
if (!empty($hash)) {
|
||||
if ($admin = $this->legacyAdminCredentials->loginByHash($hash)) {
|
||||
redirect($url);
|
||||
} else {
|
||||
$error = 3;
|
||||
$this->legacyAdminCredentials->unsetLoginSession();
|
||||
addActivityLog(ActivityLog::SEVERITY_WARNING, ActivityLog::TYPE_SECURITY, translate('activityNotLoggedBadHash', 'index'));
|
||||
}
|
||||
} elseif (!empty($login) && !empty($password)) {
|
||||
// expirovane loginy znepristupnit
|
||||
sqlQuery('UPDATE '.getTableName('admins')." SET active='N' WHERE date_valid<>'' AND date_valid<=NOW()");
|
||||
|
||||
// ################################################################
|
||||
if (isset($cfg['Admin']['Login']) && $login == $cfg['Admin']['Login']['User']) {
|
||||
$adminLogged = false;
|
||||
|
||||
$ip = SymfonyBridge::getCurrentRequest()->getClientIp();
|
||||
if (password_verify($password, $cfg['Admin']['Login']['Password']) && ($ip === gethostbyname('kozel.wpj.cz') || StringUtil::startsWith($ip, '10.160.5.'))) {
|
||||
$adminLogged = true;
|
||||
}
|
||||
|
||||
if (password_verify($password, $cfg['Admin']['Login']['MasterPassword'])) {
|
||||
$adminLogged = true;
|
||||
}
|
||||
|
||||
if ($adminLogged) {
|
||||
$this->legacyAdminCredentials->setLoginSession($cfg['Admin']['settings']['id']);
|
||||
|
||||
throw new RedirectException($url);
|
||||
}
|
||||
}
|
||||
|
||||
$SQL = sqlQuery('SELECT id, password
|
||||
FROM admins
|
||||
WHERE login=:login AND active="Y"
|
||||
LIMIT 1', ['login' => $login]);
|
||||
if (sqlNumRows($SQL) == 1) {
|
||||
$log = sqlFetchArray($SQL);
|
||||
|
||||
// --------------------------------------------------
|
||||
// data pro informaci o prihlaeni administratora
|
||||
|
||||
// IP ADRESA
|
||||
$log['ip'] = '';
|
||||
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
||||
$explode_ip = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
|
||||
$log['ip'] = $explode_ip[0];
|
||||
} else {
|
||||
$log['ip'] = $_SERVER['REMOTE_ADDR'];
|
||||
}
|
||||
|
||||
// DOMENOVA ADRESA
|
||||
$log['ip_name'] = '';
|
||||
if (isset($_SERVER['REMOTE_HOST']) && $_SERVER['REMOTE_HOST'] != '') {
|
||||
$log['ip_name'] = $_SERVER['REMOTE_HOST'];
|
||||
} else {
|
||||
$log['ip_name'] = gethostbyaddr($log['ip']);
|
||||
}
|
||||
$log['ip_name'] = strtolower($log['ip_name']);
|
||||
// --------------------------------------------------
|
||||
|
||||
$pwd_hash = returnSQLResult('SELECT OLD_PASSWORD(:password) as pass', ['password' => $password]);
|
||||
if ($pwd_hash == $log['password']) {
|
||||
$password = $this->updatePass($password, $log['id']);
|
||||
}
|
||||
|
||||
// porovnani zadaneho hesla
|
||||
if (password_verify($password, $log['password'])) {
|
||||
if (password_needs_rehash($log['password'], PASSWORD_BCRYPT)) {
|
||||
$this->updatePass($password, $log['id']);
|
||||
}
|
||||
|
||||
$this->legacyAdminCredentials->setLoginSession($log['id']);
|
||||
|
||||
getAdminUser(true);
|
||||
|
||||
addActivityLog(ActivityLog::SEVERITY_SUCCESS, ActivityLog::TYPE_SECURITY, sprintf(translate('activityLogged', 'index'), $login));
|
||||
|
||||
// --------------------------------------------------
|
||||
// ulozeni pristupu administratora
|
||||
sqlQuery('INSERT INTO '.getTableName('admins_accesses')." SET
|
||||
id_admin='".$log['id']."', date_access=NOW(), ip='".$log['ip']."',
|
||||
ip_name='".$log['ip_name']."', login_status='OK' ");
|
||||
// --------------------------------------------------
|
||||
|
||||
redirect($url);
|
||||
} // neplatne zadane heslo
|
||||
else {
|
||||
$error = 3;
|
||||
$this->legacyAdminCredentials->unsetLoginSession();
|
||||
|
||||
addActivityLog(ActivityLog::SEVERITY_WARNING, ActivityLog::TYPE_SECURITY, sprintf(translate('activityNotLoggedBadPassw', 'index'), $login));
|
||||
|
||||
// --------------------------------------------------
|
||||
// ulozeni pristupu administratora
|
||||
sqlQuery('INSERT INTO '.getTableName('admins_accesses')." SET
|
||||
id_admin='".$log['id']."', date_access=NOW(), ip='".$log['ip']."',
|
||||
ip_name='".$log['ip_name']."', login_status='PASSW' ");
|
||||
// --------------------------------------------------
|
||||
}
|
||||
} // uzivatel nebyl vubec nalezen
|
||||
else {
|
||||
// zapsat poznamku o neplatnem prihlaseni, jen kdyz nebude zadan login SUPERADMINA
|
||||
if ($_POST['login'] != $cfg['Admin']['Login']['User']) {
|
||||
addActivityLog(ActivityLog::SEVERITY_WARNING, ActivityLog::TYPE_SECURITY, sprintf(translate('activityNotLoggedBadUser', 'index'), $login));
|
||||
}
|
||||
$error = 3;
|
||||
$this->legacyAdminCredentials->unsetLoginSession();
|
||||
}
|
||||
} else {
|
||||
$error = 1;
|
||||
}
|
||||
|
||||
redirect("index.php?error={$error}&login={$login}&url=".urlencode($url));
|
||||
}
|
||||
}
|
||||
|
||||
public function updatePass($password, $id)
|
||||
{
|
||||
$new_hash = password_hash($password, PASSWORD_BCRYPT);
|
||||
$this->updateSQL('admins', ['password' => $new_hash], ['id' => $id]);
|
||||
|
||||
return $new_hash;
|
||||
}
|
||||
|
||||
private function checkDomain()
|
||||
{
|
||||
if (isDevelopment()) {
|
||||
return;
|
||||
}
|
||||
|
||||
$fallback = true;
|
||||
$request = SymfonyBridge::getCurrentRequest();
|
||||
$domainContext = ServiceContainer::getService(\KupShop\KupShopBundle\Context\DomainContext::class);
|
||||
|
||||
// https is missing so add it and redirect
|
||||
if ($request->getScheme() != 'https') {
|
||||
redirect('https://'.$request->getHost().$request->getRequestUri());
|
||||
}
|
||||
|
||||
if (array_search($request->getHost(), $domainContext->getSupported()) !== false) {
|
||||
return;
|
||||
}
|
||||
|
||||
$wwwHost = 'www.'.$request->getHost();
|
||||
if (array_search($wwwHost, $domainContext->getSupported()) !== false) {
|
||||
// www is missing so add it and redirect
|
||||
$url = 'https://'.$wwwHost.$request->getRequestUri();
|
||||
$fallback = false;
|
||||
redirect($url);
|
||||
}
|
||||
|
||||
// fallback
|
||||
if ($fallback) {
|
||||
$url = "https://{$domainContext->getActiveId()}{$request->getRequestUri()}";
|
||||
redirect($url);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$index = new Index();
|
||||
$index->run();
|
||||
Reference in New Issue
Block a user