fix login
This commit is contained in:
parent
28eb2671d5
commit
834ec56a4c
2 changed files with 8 additions and 14 deletions
|
|
@ -24,6 +24,14 @@ if (!function_exists('billing_panel_bootstrap')) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// When storefront runs from modules/billing/_website, $root points to modules/.
|
||||||
|
// Adjust path so panel includes resolve from the repository root, not modules/.
|
||||||
|
if (is_dir($root . '/modules') && is_dir($root . '/includes')) {
|
||||||
|
// already at repo root
|
||||||
|
} elseif (is_dir(dirname($root) . '/includes')) {
|
||||||
|
$root = dirname($root);
|
||||||
|
}
|
||||||
|
|
||||||
// Define panel constants if they are not already defined (panel runtime does this for us).
|
// Define panel constants if they are not already defined (panel runtime does this for us).
|
||||||
if (!defined('INCLUDES')) {
|
if (!defined('INCLUDES')) {
|
||||||
define('INCLUDES', 'includes/');
|
define('INCLUDES', 'includes/');
|
||||||
|
|
|
||||||
|
|
@ -73,7 +73,6 @@ $debug_messages = [];
|
||||||
|
|
||||||
// Process login form submission: simplified for debugging
|
// Process login form submission: simplified for debugging
|
||||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||||
$debug_messages[] = 'login handler hit; POST keys: ' . implode(', ', array_keys($_POST));
|
|
||||||
$username = trim($_POST['ulogin'] ?? '');
|
$username = trim($_POST['ulogin'] ?? '');
|
||||||
$password = $_POST['upassword'] ?? '';
|
$password = $_POST['upassword'] ?? '';
|
||||||
if ($username === '' || $password === '') {
|
if ($username === '' || $password === '') {
|
||||||
|
|
@ -83,10 +82,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||||
} else {
|
} else {
|
||||||
$safe = mysqli_real_escape_string($db, $username);
|
$safe = mysqli_real_escape_string($db, $username);
|
||||||
$sql = "SELECT * FROM {$table_prefix}users WHERE users_login = '$safe' LIMIT 1";
|
$sql = "SELECT * FROM {$table_prefix}users WHERE users_login = '$safe' LIMIT 1";
|
||||||
$debug_messages[] = 'SQL: ' . $sql;
|
|
||||||
$res = mysqli_query($db, $sql);
|
$res = mysqli_query($db, $sql);
|
||||||
if ($res && mysqli_num_rows($res) === 1) {
|
if ($res && mysqli_num_rows($res) === 1) {
|
||||||
$debug_messages[] = 'user row located in panel DB';
|
|
||||||
$row = mysqli_fetch_assoc($res);
|
$row = mysqli_fetch_assoc($res);
|
||||||
$userId = intval($row['user_id']);
|
$userId = intval($row['user_id']);
|
||||||
$legacyHash = $row['users_passwd'] ?? '';
|
$legacyHash = $row['users_passwd'] ?? '';
|
||||||
|
|
@ -94,11 +91,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||||
$authOk = false;
|
$authOk = false;
|
||||||
if (!empty($modernHash) && function_exists('password_verify')) {
|
if (!empty($modernHash) && function_exists('password_verify')) {
|
||||||
$authOk = password_verify($password, $modernHash);
|
$authOk = password_verify($password, $modernHash);
|
||||||
$debug_messages[] = 'password_verify ' . ($authOk ? 'accepted hash' : 'rejected hash');
|
|
||||||
}
|
}
|
||||||
if (!$authOk && !empty($legacyHash)) {
|
if (!$authOk && !empty($legacyHash)) {
|
||||||
$authOk = (md5($password) === $legacyHash);
|
$authOk = (md5($password) === $legacyHash);
|
||||||
$debug_messages[] = 'md5 fallback ' . ($authOk ? 'matched legacy' : 'did not match');
|
|
||||||
if ($authOk && function_exists('password_hash')) {
|
if ($authOk && function_exists('password_hash')) {
|
||||||
$newHash = password_hash($password, PASSWORD_DEFAULT);
|
$newHash = password_hash($password, PASSWORD_DEFAULT);
|
||||||
$escapedHash = mysqli_real_escape_string($db, $newHash);
|
$escapedHash = mysqli_real_escape_string($db, $newHash);
|
||||||
|
|
@ -106,7 +101,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if ($authOk) {
|
if ($authOk) {
|
||||||
$debug_messages[] = 'authOk true; session variables being set';
|
|
||||||
session_regenerate_id(true);
|
session_regenerate_id(true);
|
||||||
$_SESSION['user_id'] = $userId;
|
$_SESSION['user_id'] = $userId;
|
||||||
$_SESSION['users_login'] = $row['users_login'] ?? $username;
|
$_SESSION['users_login'] = $row['users_login'] ?? $username;
|
||||||
|
|
@ -122,10 +116,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||||
$panelCtx = billing_panel_bootstrap();
|
$panelCtx = billing_panel_bootstrap();
|
||||||
if ($panelCtx && isset($panelCtx['db']) && $panelCtx['db'] instanceof OGPDatabase) {
|
if ($panelCtx && isset($panelCtx['db']) && $panelCtx['db'] instanceof OGPDatabase) {
|
||||||
$_SESSION['users_api_key'] = $panelCtx['db']->getApiToken($userId);
|
$_SESSION['users_api_key'] = $panelCtx['db']->getApiToken($userId);
|
||||||
$debug_messages[] = 'panel bridge pulled api token';
|
|
||||||
} else {
|
} else {
|
||||||
$_SESSION['users_api_key'] = $_SESSION['users_api_key'] ?? '';
|
$_SESSION['users_api_key'] = $_SESSION['users_api_key'] ?? '';
|
||||||
$debug_messages[] = 'panel bridge unavailable';
|
|
||||||
}
|
}
|
||||||
site_log_info('login_success', ['username'=>$username, 'ip'=>$_SERVER['REMOTE_ADDR'] ?? '']);
|
site_log_info('login_success', ['username'=>$username, 'ip'=>$_SERVER['REMOTE_ADDR'] ?? '']);
|
||||||
$returnToParam = $_POST['return_to'] ?? '';
|
$returnToParam = $_POST['return_to'] ?? '';
|
||||||
|
|
@ -136,11 +128,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||||
header('Location: ' . $destination);
|
header('Location: ' . $destination);
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
$debug_messages[] = 'authentication failed for provided password';
|
|
||||||
}
|
}
|
||||||
$error_message = 'Invalid username or password.';
|
$error_message = 'Invalid username or password.';
|
||||||
site_log_warn('login_failed_invalid_credentials', ['username'=>$username, 'ip'=>$_SERVER['REMOTE_ADDR'] ?? '']);
|
site_log_warn('login_failed_invalid_credentials', ['username'=>$username, 'ip'=>$_SERVER['REMOTE_ADDR'] ?? '']);
|
||||||
$debug_messages[] = 'no matching user row or auth failure';
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -315,10 +305,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||||
<div class="alert alert-success"><?php echo htmlspecialchars($success_message); ?></div>
|
<div class="alert alert-success"><?php echo htmlspecialchars($success_message); ?></div>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
|
|
||||||
<?php if (!empty($debug_messages)): ?>
|
|
||||||
<div class="alert" style="background:#111;color:#0ff;border:1px solid #0ff;margin-bottom:20px;font-size:0.8rem;white-space:pre-line;">Debug:
|
|
||||||
<?php echo htmlspecialchars(implode("\n", $debug_messages)); ?></div>
|
|
||||||
<?php endif; ?>
|
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
// Capture a return_to GET parameter so we can send users back after login
|
// Capture a return_to GET parameter so we can send users back after login
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue