fix login
This commit is contained in:
parent
28eb2671d5
commit
834ec56a4c
2 changed files with 8 additions and 14 deletions
|
|
@ -24,6 +24,14 @@ if (!function_exists('billing_panel_bootstrap')) {
|
|||
return null;
|
||||
}
|
||||
|
||||
// When storefront runs from modules/billing/_website, $root points to modules/.
|
||||
// Adjust path so panel includes resolve from the repository root, not modules/.
|
||||
if (is_dir($root . '/modules') && is_dir($root . '/includes')) {
|
||||
// already at repo root
|
||||
} elseif (is_dir(dirname($root) . '/includes')) {
|
||||
$root = dirname($root);
|
||||
}
|
||||
|
||||
// Define panel constants if they are not already defined (panel runtime does this for us).
|
||||
if (!defined('INCLUDES')) {
|
||||
define('INCLUDES', 'includes/');
|
||||
|
|
|
|||
|
|
@ -73,7 +73,6 @@ $debug_messages = [];
|
|||
|
||||
// Process login form submission: simplified for debugging
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$debug_messages[] = 'login handler hit; POST keys: ' . implode(', ', array_keys($_POST));
|
||||
$username = trim($_POST['ulogin'] ?? '');
|
||||
$password = $_POST['upassword'] ?? '';
|
||||
if ($username === '' || $password === '') {
|
||||
|
|
@ -83,10 +82,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||
} else {
|
||||
$safe = mysqli_real_escape_string($db, $username);
|
||||
$sql = "SELECT * FROM {$table_prefix}users WHERE users_login = '$safe' LIMIT 1";
|
||||
$debug_messages[] = 'SQL: ' . $sql;
|
||||
$res = mysqli_query($db, $sql);
|
||||
if ($res && mysqli_num_rows($res) === 1) {
|
||||
$debug_messages[] = 'user row located in panel DB';
|
||||
$row = mysqli_fetch_assoc($res);
|
||||
$userId = intval($row['user_id']);
|
||||
$legacyHash = $row['users_passwd'] ?? '';
|
||||
|
|
@ -94,11 +91,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||
$authOk = false;
|
||||
if (!empty($modernHash) && function_exists('password_verify')) {
|
||||
$authOk = password_verify($password, $modernHash);
|
||||
$debug_messages[] = 'password_verify ' . ($authOk ? 'accepted hash' : 'rejected hash');
|
||||
}
|
||||
if (!$authOk && !empty($legacyHash)) {
|
||||
$authOk = (md5($password) === $legacyHash);
|
||||
$debug_messages[] = 'md5 fallback ' . ($authOk ? 'matched legacy' : 'did not match');
|
||||
if ($authOk && function_exists('password_hash')) {
|
||||
$newHash = password_hash($password, PASSWORD_DEFAULT);
|
||||
$escapedHash = mysqli_real_escape_string($db, $newHash);
|
||||
|
|
@ -106,7 +101,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||
}
|
||||
}
|
||||
if ($authOk) {
|
||||
$debug_messages[] = 'authOk true; session variables being set';
|
||||
session_regenerate_id(true);
|
||||
$_SESSION['user_id'] = $userId;
|
||||
$_SESSION['users_login'] = $row['users_login'] ?? $username;
|
||||
|
|
@ -122,10 +116,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||
$panelCtx = billing_panel_bootstrap();
|
||||
if ($panelCtx && isset($panelCtx['db']) && $panelCtx['db'] instanceof OGPDatabase) {
|
||||
$_SESSION['users_api_key'] = $panelCtx['db']->getApiToken($userId);
|
||||
$debug_messages[] = 'panel bridge pulled api token';
|
||||
} else {
|
||||
$_SESSION['users_api_key'] = $_SESSION['users_api_key'] ?? '';
|
||||
$debug_messages[] = 'panel bridge unavailable';
|
||||
}
|
||||
site_log_info('login_success', ['username'=>$username, 'ip'=>$_SERVER['REMOTE_ADDR'] ?? '']);
|
||||
$returnToParam = $_POST['return_to'] ?? '';
|
||||
|
|
@ -136,11 +128,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||
header('Location: ' . $destination);
|
||||
exit();
|
||||
}
|
||||
$debug_messages[] = 'authentication failed for provided password';
|
||||
}
|
||||
$error_message = 'Invalid username or password.';
|
||||
site_log_warn('login_failed_invalid_credentials', ['username'=>$username, 'ip'=>$_SERVER['REMOTE_ADDR'] ?? '']);
|
||||
$debug_messages[] = 'no matching user row or auth failure';
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -315,10 +305,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|||
<div class="alert alert-success"><?php echo htmlspecialchars($success_message); ?></div>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if (!empty($debug_messages)): ?>
|
||||
<div class="alert" style="background:#111;color:#0ff;border:1px solid #0ff;margin-bottom:20px;font-size:0.8rem;white-space:pre-line;">Debug:
|
||||
<?php echo htmlspecialchars(implode("\n", $debug_messages)); ?></div>
|
||||
<?php endif; ?>
|
||||
|
||||
<?php
|
||||
// Capture a return_to GET parameter so we can send users back after login
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue