first commit

2025-08-02 16:30:27 +02:00
commit 23646bfcee
14851 changed files with 1750626 additions and 0 deletions
--- a/socket/Pohoda.Functions.php
+++ b/socket/Pohoda.Functions.php
@@ -0,0 +1,224 @@
+<?php
+
+use KupShop\KupShopBundle\Util\Compat\ServiceContainer;
+
+defined('VALID_INCLUDE') or exit('Restricted area');
+
+function POHODA_getDataItemDetails($contactId = 0, $type, $status, $values = '')
+{
+    if ($contactId == 0) {
+        $structItemDetails['dataItemId'] = '';
+    } else {
+        $structItemDetails['dataItemId'] = $contactId;
+    }
+    $structItemDetails['dataItemDetails'][0]['type'] = $type;
+    $structItemDetails['dataItemDetails'][0]['status'] = $status;
+    $structItemDetails['dataItemDetails'][0]['statusMessage'] = getTextString('errors', $status);
+
+    if (!empty($values)) {
+        $structItemDetails['dataItemDetails'][0]['valueRequested']['name'] = $values['requestedValueName'];
+        $structItemDetails['dataItemDetails'][0]['valueRequested']['value'] = $values['requestedValue'];
+        $structItemDetails['dataItemDetails'][0]['valueAssigned']['name'] = $values['assignedValueName'];
+        $structItemDetails['dataItemDetails'][0]['valueAssigned']['value'] = $values['assignedValue'];
+    }
+
+    return $structItemDetails;
+}
+
+function POHODA_setDataItemValues($requestedValueName, $requestedValue, $assignedValueName, $assignedValue)
+{
+    $values['requestedValueName'] = $requestedValueName;
+    $values['requestedValue'] = $requestedValue;
+    $values['assignedValueName'] = $assignedValueName;
+    $values['assignedValue'] = $assignedValue;
+
+    return $values;
+}
+
+function updatePass($password, $id)
+{
+    $new_hash = password_hash($password, PASSWORD_BCRYPT);
+    sqlQuery('UPDATE '.getTableName('admins')." SET password='{$new_hash}' WHERE id={$id}");
+
+    return $new_hash;
+}
+
+function POHODA_login($params)
+{
+    global $cfg;
+
+    $requestParams = $params['requestParams'];
+
+    $session = ServiceContainer::getService('session');
+
+    if (!empty($requestParams['userName']) && !empty($requestParams['userPassw'])) {
+        // expirovane loginy znepristupnit
+        sqlQuery('UPDATE '.getTableName('admins')." SET active='N' WHERE date_valid<>'' AND date_valid<=NOW()");
+
+        $SQL = sqlQuery('SELECT id, password, OLD_PASSWORD(:password) AS passwGet
+							FROM '.getTableName('admins')."
+							WHERE login=:login AND active='Y'
+							LIMIT 1", ['login' => $requestParams['userName'], 'password' => $requestParams['userPassw']]);
+        if (sqlNumRows($SQL) == 1) {
+            $log = sqlFetchArray($SQL);
+
+            // --------------------------------------------------
+            // data pro informaci o prihlaeni administratora
+
+            // IP ADRESA
+            $log['ip'] = '';
+            if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+                $explode_ip = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
+                $log['ip'] = $explode_ip[0];
+            } else {
+                $log['ip'] = $_SERVER['REMOTE_ADDR'];
+            }
+
+            // DOMENOVA ADRESA
+            $log['ip_name'] = '';
+            if (isset($_SERVER['REMOTE_HOST']) && $_SERVER['REMOTE_HOST'] != '') {
+                $log['ip_name'] = $_SERVER['REMOTE_HOST'];
+            } else {
+                $log['ip_name'] = gethostbyaddr($log['ip']);
+            }
+            $log['ip_name'] = strtolower($log['ip_name']);
+            // --------------------------------------------------
+
+            $password = $requestParams['userPassw'];
+
+            if ($log['passwGet'] == $log['password']) {
+                $password = updatePass($password, $log['id']);
+            }
+
+            // porovnani zadaneho hesla
+            if (password_verify($password, $log['password'])) {
+                if (password_needs_rehash($log['password'], PASSWORD_BCRYPT)) {
+                    updatePass($password, $log['id']);
+                }
+
+                $session->set('_logged', true);
+                $session->set('_ctrlString', md5(getShopUniqueName().':'.getIP()));
+                $session->set('_expiry', ceil(time() + 120));
+                $session->set('_adminID', $log['id']);
+                $session->set('_eshopID', $cfg['Program']['licence']['ID']);
+
+                // --------------------------------------------------
+                // ulozeni pristupu administratora
+                sqlQuery('INSERT INTO '.getTableName('admins_accesses')." SET
+							id_admin='".$log['id']."', date_access=NOW(), ip='".$log['ip']."', 
+							ip_name='".$log['ip_name']."', login_status='OK' ");
+                // --------------------------------------------------
+
+                $response = [
+                    'status' => 200,
+                    'statusMessage' => getTextString('errors', 200),
+                    'responseData' => [],
+                ];
+
+                $response['responseData']['sessionId'] = session_id();
+            } // neplatne zadane heslo
+            else {
+                $error = 3;
+                $session->set('_logged', false);
+                $password = '';
+
+                // --------------------------------------------------
+                // ulozeni pristupu administratora
+                sqlQuery('INSERT INTO '.getTableName('admins_accesses')." SET
+							id_admin='".$log['id']."', date_access=NOW(), ip='".$log['ip']."', 
+							ip_name='".$log['ip_name']."', login_status='PASSW' ");
+                // --------------------------------------------------
+
+                $response = [
+                    'status' => 403,
+                    'statusMessage' => getTextString('errors', 403).' - spatne heslo',
+                ];
+            }
+        } // uzivatel nebyl vubec nalezen
+        else {
+            $error = 2;
+            $session->set('_logged', false);
+            $login = '';
+            $password = '';
+
+            $response = [
+                'status' => 403,
+                'statusMessage' => getTextString('errors', 403).' - uzivatel nebyl nalezen',
+            ];
+        }
+    } else {
+        $response = [
+            'status' => 403,
+            'statusMessage' => getTextString('errors', 403).' - prazdne prihlasovaci udaje',
+        ];
+    }
+
+    $session->save();
+
+    return new xmlrpcresp(php_xmlrpc_encode($response));
+}
+
+function POHODA_logout($params)
+{
+    $requestParams = $params['requestParams'];
+
+    $session = ServiceContainer::getService('session');
+
+    if (isset($requestParams['sessionId'])) {
+        $session->set('_logged', false);
+        $session->remove('_adminID');
+        $session->remove('_ip');
+
+        $response = [
+            'status' => 200,
+            'statusMessage' => getTextString('errors', 200),
+        ];
+    } else {
+        $response = [
+            'status' => 200,
+            'statusMessage' => getTextString('errors', 200),
+        ];
+    }
+
+    return new xmlrpcresp(php_xmlrpc_encode($response));
+}
+
+function POHODA_checkSession($sessionId)
+{
+    // tmp hotfix
+    //    return true;
+
+    if (!$sessionId) {
+        return false;
+    }
+
+    $session = ServiceContainer::getService('session');
+
+    if ($session->isStarted()) {
+        $session->save();
+    }
+
+    $session->setId($sessionId);
+
+    $ret = $session->start();
+
+    // logError(__FILE__, __LINE__, session_id(), true);
+
+    if ($session->get('_logged', false)) {
+        return true;
+    } else {
+        return false;
+    }
+}
+
+function POHODA_unauthorized($params = null)
+{
+    $response = [
+        'status' => 403,
+        'statusMessage' => getTextString('errors', 403),
+        'requestedParams' => [],
+        'responseData' => [],
+    ];
+
+    return new xmlrpcresp(php_xmlrpc_encode($response));
+}