ZenCart_Documentation  1.5.0
http://www.collinsharper.com
C:/xampp/htdocs/zen-cart/admin/login.php
Go to the documentation of this file.
00001 <?php
00009 define('ADMIN_SWITCH_SEND_LOGIN_FAILURE_EMAILS', 'Yes'); // Can be set to 'No' if you don't want warning/courtesy emails to be sent after several login failures have occurred
00010 
00011 // PCI-DSS / PA-DSS requirements for lockouts and intervals:
00012 define('ADMIN_LOGIN_LOCKOUT_TIMER', (30 * 60));
00013 define('ADMIN_PASSWORD_EXPIRES_INTERVAL', strtotime('- 90 day'));
00014 
00016 require ('includes/application_top.php');
00017 $admin_name = $admin_pass = $message = "";
00018 $errors = array();
00019 $error = $expired = false;
00020 if (isset($_POST['action']) && $_POST['action'] != '')
00021 {
00022   if ((! isset($_SESSION['securityToken']) || ! isset($_POST['securityToken'])) || ($_SESSION['securityToken'] !== $_POST['securityToken']))
00023   {
00024     $error = true;
00025     $message = ERROR_SECURITY_ERROR;
00026   }
00027   if ($_POST['action'] == 'do' . $_SESSION['securityToken'])
00028   {
00029     $admin_name = zen_db_prepare_input($_POST['admin_name']);
00030     $admin_pass = zen_db_prepare_input($_POST['admin_pass']);
00031     if ($admin_name == '' && $admin_pass == '')
00032     {
00033       sleep(4);
00034       $error = true;
00035       $message = ERROR_WRONG_LOGIN;
00036     } else
00037     {
00038       list($error, $expired, $message, $redirect) = zen_validate_user_login($admin_name, $admin_pass);
00039       if ($redirect != '') zen_redirect($redirect);
00040     }
00041   } elseif ($_POST['action'] == 'rs' . $_SESSION['securityToken'])
00042   {
00043     $expired = true;
00044     $admin_name = zen_db_prepare_input($_POST['admin_name-' . $_SESSION['securityToken']]);
00045     $adm_old_pwd = zen_db_prepare_input($_POST['oldpwd-' . $_SESSION['securityToken']]);
00046     $adm_new_pwd = zen_db_prepare_input($_POST['newpwd-' . $_SESSION['securityToken']]);
00047     $adm_conf_pwd = zen_db_prepare_input($_POST['confpwd-' . $_SESSION['securityToken']]);
00048 
00049     $errors = zen_validate_pwd_reset_request($admin_name, $adm_old_pwd, $adm_new_pwd, $adm_conf_pwd);
00050     if (sizeof($errors) > 0)
00051     {
00052       $error = TRUE;
00053       foreach ($errors as $text)
00054       {
00055         $message .= '<br />' . $text;
00056       }
00057     } else
00058     {
00059       $message = SUCCESS_PASSWORD_UPDATED;
00060       list($error, $expired, $message, $redirect) = zen_validate_user_login($admin_name, $adm_new_pwd);
00061       if ($redirect != '') zen_redirect($redirect);
00062       zen_redirect(zen_href_link(FILENAME_DEFAULT, '', 'SSL'));
00063     }
00064     if ($error) sleep(3);
00065   }
00066 }
00067 if ($expired && $message == '') $message = sprintf(ERROR_PASSWORD_EXPIRED . ' ' . ERROR_PASSWORD_RULES, ((int)ADMIN_PASSWORD_MIN_LENGTH < 7 ? 7 : (int)ADMIN_PASSWORD_MIN_LENGTH));
00068 ?>
00069 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
00070 <html xmlns="http://www.w3.org/1999/xhtml" <?php echo HTML_PARAMS; ?>>
00071 <head>
00072 <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
00073 <title><?php echo TITLE; ?></title>
00074 <link href="includes/stylesheet.css" rel="stylesheet" type="text/css" />
00075 <meta name="robot" content="noindex, nofollow" />
00076 <script language="javascript" type="text/javascript"><!--
00077 function animate(f)
00078 {
00079   var button = document.getElementById("btn_submit");
00080   var img = document.getElementById("actionImg");
00081   button.style.cursor="wait";
00082   button.disabled = true;
00083   button.className = 'hiddenField';
00084   img.className = '';
00085   return true;
00086 }
00087 //--></script>
00088 </head>
00089 <?php if (!isset($expired) || $expired == FALSE) { ?>
00090 <body id="login" onload="document.getElementById('admin_name').focus()">
00091 <form id="loginForm" name="loginForm" action="<?php echo zen_href_link(FILENAME_LOGIN, zen_get_all_get_params(), 'SSL'); ?>" method="post" onsubmit="animate(this)">
00092   <fieldset>
00093     <legend><?php echo HEADING_TITLE; ?></legend>
00094     <label class="loginLabel" for="admin_name"><?php echo TEXT_ADMIN_NAME; ?></label>
00095     <input style="float: left" type="text" id="admin_name" name="admin_name" value="<?php echo zen_output_string($admin_name); ?>" autocomplete="off" />
00096     <br class="clearBoth" />
00097     <label  class="loginLabel" for="admin_pass"><?php echo TEXT_ADMIN_PASS; ?></label>
00098     <input style="float: left" type="password" id="admin_pass" name="admin_pass" value="" autocomplete="off" />
00099     <br class="clearBoth" />
00100     <p class="messageStackError"><?php echo $message; ?></p>
00101     <input type="hidden" name="securityToken" value="<?php echo $_SESSION['securityToken']; ?>">
00102     <input type="submit" name="submit" class="button" value="Login" id="btn_submit"/>
00103     <input type="hidden" name="action" value="do<?php echo $_SESSION['securityToken']; ?>" id="action1"/>
00104     <img id="actionImg" src = "images/loading.gif" class="hiddenField" />
00105     <br /><a style="float: right;" href="<?php echo zen_href_link(FILENAME_PASSWORD_FORGOTTEN, '', 'SSL');?>"><?php echo TEXT_PASSWORD_FORGOTTEN; ?></a>
00106   </fieldset>
00107 </form>
00108 <div id="loginExpiryPolicy"><?php echo LOGIN_EXPIRY_NOTICE; ?></div>
00109 </body>
00110 <?php } else { ?>
00111 <body id="login" onload="document.getElementById('old_pwd').focus()">
00112 <form id="loginForm" name="loginForm" action="<?php echo zen_href_link(FILENAME_LOGIN, '', 'SSL'); ?>" method="post" onsubmit="animate(this)">
00113   <fieldset>
00114     <legend><?php echo HEADING_TITLE_EXPIRED; ?></legend>
00115     <p class="messageStackError"><?php echo $message; ?></p>
00116     <label class="loginLabel" for="admin_name-<?php echo $_SESSION['securityToken']; ?>"><?php echo TEXT_ADMIN_NAME; ?></label>
00117     <input style="float: left" type="text" id="admin_name" name="admin_name-<?php echo $_SESSION['securityToken']; ?>" value="<?php echo zen_output_string($admin_name); ?>" autocomplete="off"/>
00118     <br class="clearBoth" />
00119     <label class="loginLabel" for="oldpwd-<?php echo $_SESSION['securityToken']; ?>"><?php echo TEXT_ADMIN_OLD_PASSWORD; ?></label>
00120     <input style="float: left" type="password" id="old_pwd" name="oldpwd-<?php echo $_SESSION['securityToken']; ?>" autocomplete="off" />
00121     <br class="clearBoth" />
00122     <label  class="loginLabel" for="newpwd-<?php echo $_SESSION['securityToken']; ?>"><?php echo TEXT_ADMIN_NEW_PASSWORD; ?></label>
00123     <input style="float: left" type="password" id="admin_pass" name="newpwd-<?php echo $_SESSION['securityToken']; ?>" autocomplete="off" />
00124     <br class="clearBoth" />
00125     <label  class="loginLabel" for="confpwd"-<?php echo $_SESSION['securityToken']; ?>><?php echo TEXT_ADMIN_CONFIRM_PASSWORD; ?></label>
00126     <input style="float: left" type="password" id="admin_pass2" name="confpwd-<?php echo $_SESSION['securityToken']; ?>" autocomplete="off" />
00127     <br class="clearBoth" />
00128     <input type="hidden" name="securityToken" value="<?php echo $_SESSION['securityToken']; ?>">
00129     <input type="submit" name="submit" class="button" value="Submit" id="btn_submit" />
00130     <input type="hidden" name="action" value="rs<?php echo $_SESSION['securityToken']; ?>" id="action1"/>
00131     <img id="actionImg" src = "images/loading.gif" class="hiddenField" />
00132   </fieldset>
00133 </form>
00134 </body>
00135 <?php } ?>
00136 </html>
00137 <?php require('includes/application_bottom.php'); ?>
 All Data Structures Namespaces Files Functions Variables Enumerations