function handleEditPassword($p) { $error = ErrorHandler::getInstance(); $session = SessionHandler::getInstance(); $u = User::getExact($session->type, $session->id, $session->username, $p['curr_pwd']); if (!$u) { $error->add('Current password is not correct'); return false; } if ($p['new_pwd'] != $p['new_pwd2']) { $error->add('passwords dont match'); return false; } if (!$p['new_pwd']) { $error->add('no password entered'); return false; } UserHandler::setPassword($session->id, $p['new_pwd']); js_redirect('u/edit'); }
/** * Handles logins * * @param $username * @param $pwd * @return true on success */ function login($username, $pwd, $type = SESSION_REGULAR) { $error = ErrorHandler::getInstance(); if (!$this->allow_logins) { $error->add('Logins currently not allowed.'); return false; } $username = trim($username); $pwd = trim($pwd); switch ($type) { case SESSION_REGULAR: $user = User::getByName($username); break; case SESSION_FACEBOOK: $user = new FacebookUser($username); break; default: throw new \Exception('hmm ' . $type); } if (!$user || !$user->id) { $error->add('Login failed - user not found1'); return false; } $x = User::getExact($type, $user->id, $username, $pwd); if (!$x) { dp('Failed login attempt: username ' . $username); $error->add('Login failed - user not found2'); return false; } $this->id = $user->id; $this->ip = client_ip(); $this->username = $username; $this->type = $type; $this->usermode = UserGroupHandler::getUserLevel($user->id); if ($this->usermode >= USERLEVEL_WEBMASTER) { $this->isWebmaster = true; } if ($this->usermode >= USERLEVEL_ADMIN) { $this->isAdmin = true; } if ($this->usermode >= USERLEVEL_SUPERADMIN) { $this->isSuperAdmin = true; } $q = 'UPDATE tblUsers SET time_last_login = NOW(), time_last_active = NOW(), last_ip = ?' . ' WHERE id = ?'; Sql::pUpdate($q, 'si', client_ip(), $this->id); LoginEntry::add($this->id, client_ip(), $_SERVER['HTTP_USER_AGENT']); $_SESSION['id'] = $this->id; $_SESSION['username'] = $this->username; $_SESSION['usermode'] = $this->usermode; $_SESSION['isWebmaster'] = $this->isWebmaster; $_SESSION['isAdmin'] = $this->isAdmin; $_SESSION['isSuperAdmin'] = $this->isSuperAdmin; $_SESSION['referer'] = $this->referer; $_SESSION['ip'] = $this->ip; $_SESSION['type'] = $this->type; $_SESSION['last_active'] = time(); session_write_close(); dp($this->username . ' logged in from ' . $this->ip); $error->reset(); // remove previous errors return true; }