File: /www/wwwroot//shop.glgz.tw/admin/controller/common/login.php
<?php
class ControllerCommonLogin extends Controller {
private $error = array();
public function index() {
$this->load->language('common/login');
$this->document->setTitle($this->language->get('heading_title'));
if ($this->user->isLogged() && isset($this->request->get['user_token']) && ($this->request->get['user_token'] == $this->session->data['user_token'])) {
$this->response->redirect($this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token']));
}
if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validate()) {
$this->session->data['user_token'] = token(32);
if (isset($this->request->post['redirect']) && (strpos($this->request->post['redirect'], HTTP_SERVER) === 0)) {
$this->response->redirect($this->request->post['redirect'] . '&user_token=' . $this->session->data['user_token']);
} else {
$this->response->redirect($this->url->link('common/dashboard', 'user_token=' . $this->session->data['user_token']));
}
}
if ((isset($this->session->data['user_token']) && !isset($this->request->get['user_token'])) || ((isset($this->request->get['user_token']) && (isset($this->session->data['user_token']) && ($this->request->get['user_token'] != $this->session->data['user_token']))))) {
$this->error['warning'] = $this->language->get('error_token');
} elseif (isset($this->error['warning'])) {
$data['error_warning'] = $this->error['warning'];
} elseif (isset($this->session->data['error'])) {
$data['error_warning'] = $this->session->data['error'];
unset($this->session->data['error']);
} else {
$data['error_warning'] = '';
}
if (isset($this->session->data['success'])) {
$data['success'] = $this->session->data['success'];
unset($this->session->data['success']);
} else {
$data['success'] = '';
}
$data['action'] = $this->url->link('common/login');
if (isset($this->request->post['username'])) {
$data['username'] = $this->request->post['username'];
} else {
$data['username'] = '';
}
if (isset($this->request->post['password'])) {
$data['password'] = $this->request->post['password'];
} else {
$data['password'] = '';
}
if (isset($this->request->get['route'])) {
$route = $this->request->get['route'];
unset($this->request->get['route']);
unset($this->request->get['user_token']);
$url = '';
if ($this->request->get) {
$url .= http_build_query($this->request->get);
}
$data['redirect'] = $this->url->link($route, $url);
} else {
$data['redirect'] = '';
}
if ($this->config->get('config_password')) {
$data['forgotten'] = $this->url->link('common/forgotten');
} else {
$data['forgotten'] = '';
}
$data['header'] = $this->load->controller('common/header');
$data['footer'] = $this->load->controller('common/footer');
$this->response->setOutput($this->load->view('common/login', $data));
}
protected function validate() {
if (!isset($this->request->post['username']) || !isset($this->request->post['password']) || !$this->user->login($this->request->post['username'], html_entity_decode($this->request->post['password'], ENT_QUOTES, 'UTF-8'))) {
$this->error['warning'] = $this->language->get('error_login');
}
return !$this->error;
}
}