legacyAdminCredentials = ServiceContainer::getService(LegacyAdminCredentials::class); } public function get_vars() { $vars = parent::get_vars(); return array_merge($vars, [ 'url' => getVal('url'), 'login' => getVal('login'), 'error' => getVal('error'), 'header' => [ 'date' => date('Ymd'), ], ]); } public function handle() { parent::handle(); $cfg = $GLOBALS['cfg']; $url = getVal('url'); if (empty($url)) { $url = 'launch.php?s=main.php'; } if ($this->legacyAdminCredentials->isLogged()) { redirect($url); } if (isset($_POST['Submit'])) { $error = 0; $login = getVal('login'); $password = getVal('password'); $hash = getVal('hash'); if (!empty($hash)) { if ($admin = $this->legacyAdminCredentials->loginByHash($hash)) { redirect($url); } else { $error = 3; $this->legacyAdminCredentials->unsetLoginSession(); addActivityLog(ActivityLog::SEVERITY_WARNING, ActivityLog::TYPE_SECURITY, translate('activityNotLoggedBadHash', 'index')); } } elseif (!empty($login) && !empty($password)) { // expirovane loginy znepristupnit sqlQuery('UPDATE '.getTableName('admins')." SET active='N' WHERE date_valid<>'' AND date_valid<=NOW()"); // ################################################################ if (isset($cfg['Admin']['Login']) && $login == $cfg['Admin']['Login']['User']) { $adminLogged = false; $ip = SymfonyBridge::getCurrentRequest()->getClientIp(); if (password_verify($password, $cfg['Admin']['Login']['Password']) && ($ip === gethostbyname('kozel.wpj.cz') || StringUtil::startsWith($ip, '10.160.5.'))) { $adminLogged = true; } if (password_verify($password, $cfg['Admin']['Login']['MasterPassword'])) { $adminLogged = true; } if ($adminLogged) { $this->legacyAdminCredentials->setLoginSession($cfg['Admin']['settings']['id']); throw new RedirectException($url); } } $SQL = sqlQuery('SELECT id, password FROM admins WHERE login=:login AND active="Y" LIMIT 1', ['login' => $login]); if (sqlNumRows($SQL) == 1) { $log = sqlFetchArray($SQL); // -------------------------------------------------- // data pro informaci o prihlaeni administratora // IP ADRESA $log['ip'] = ''; if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $explode_ip = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); $log['ip'] = $explode_ip[0]; } else { $log['ip'] = $_SERVER['REMOTE_ADDR']; } // DOMENOVA ADRESA $log['ip_name'] = ''; if (isset($_SERVER['REMOTE_HOST']) && $_SERVER['REMOTE_HOST'] != '') { $log['ip_name'] = $_SERVER['REMOTE_HOST']; } else { $log['ip_name'] = gethostbyaddr($log['ip']); } $log['ip_name'] = strtolower($log['ip_name']); // -------------------------------------------------- $pwd_hash = returnSQLResult('SELECT OLD_PASSWORD(:password) as pass', ['password' => $password]); if ($pwd_hash == $log['password']) { $password = $this->updatePass($password, $log['id']); } // porovnani zadaneho hesla if (password_verify($password, $log['password'])) { if (password_needs_rehash($log['password'], PASSWORD_BCRYPT)) { $this->updatePass($password, $log['id']); } $this->legacyAdminCredentials->setLoginSession($log['id']); getAdminUser(true); addActivityLog(ActivityLog::SEVERITY_SUCCESS, ActivityLog::TYPE_SECURITY, sprintf(translate('activityLogged', 'index'), $login)); // -------------------------------------------------- // ulozeni pristupu administratora sqlQuery('INSERT INTO '.getTableName('admins_accesses')." SET id_admin='".$log['id']."', date_access=NOW(), ip='".$log['ip']."', ip_name='".$log['ip_name']."', login_status='OK' "); // -------------------------------------------------- redirect($url); } // neplatne zadane heslo else { $error = 3; $this->legacyAdminCredentials->unsetLoginSession(); addActivityLog(ActivityLog::SEVERITY_WARNING, ActivityLog::TYPE_SECURITY, sprintf(translate('activityNotLoggedBadPassw', 'index'), $login)); // -------------------------------------------------- // ulozeni pristupu administratora sqlQuery('INSERT INTO '.getTableName('admins_accesses')." SET id_admin='".$log['id']."', date_access=NOW(), ip='".$log['ip']."', ip_name='".$log['ip_name']."', login_status='PASSW' "); // -------------------------------------------------- } } // uzivatel nebyl vubec nalezen else { // zapsat poznamku o neplatnem prihlaseni, jen kdyz nebude zadan login SUPERADMINA if ($_POST['login'] != $cfg['Admin']['Login']['User']) { addActivityLog(ActivityLog::SEVERITY_WARNING, ActivityLog::TYPE_SECURITY, sprintf(translate('activityNotLoggedBadUser', 'index'), $login)); } $error = 3; $this->legacyAdminCredentials->unsetLoginSession(); } } else { $error = 1; } redirect("index.php?error={$error}&login={$login}&url=".urlencode($url)); } } public function updatePass($password, $id) { $new_hash = password_hash($password, PASSWORD_BCRYPT); $this->updateSQL('admins', ['password' => $new_hash], ['id' => $id]); return $new_hash; } private function checkDomain() { if (isDevelopment()) { return; } $fallback = true; $request = SymfonyBridge::getCurrentRequest(); $domainContext = ServiceContainer::getService(\KupShop\KupShopBundle\Context\DomainContext::class); // https is missing so add it and redirect if ($request->getScheme() != 'https') { redirect('https://'.$request->getHost().$request->getRequestUri()); } if (array_search($request->getHost(), $domainContext->getSupported()) !== false) { return; } $wwwHost = 'www.'.$request->getHost(); if (array_search($wwwHost, $domainContext->getSupported()) !== false) { // www is missing so add it and redirect $url = 'https://'.$wwwHost.$request->getRequestUri(); $fallback = false; redirect($url); } // fallback if ($fallback) { $url = "https://{$domainContext->getActiveId()}{$request->getRequestUri()}"; redirect($url); } } } $index = new Index(); $index->run();