Example #1
0
 /**
  * 
  * Checks if username and password is not empty
  * Checks if user exists and password matches
  * Logs the user in
  * remember_me() is called
  * 
  * @return type
  */
 public function process_login()
 {
     //don't neeed much validation since we use prepared queries
     $username = strip_tags(trim($this->username));
     $hasher = new \CODOF\Pass(8, false);
     $password = $this->password;
     $errors = array();
     if (strlen($username) == 0) {
         $errors[]["msg"] = _t("username field cannot be left empty");
     }
     if (strlen($password) == 0) {
         $errors[]["msg"] = _t("password field cannot be left empty");
     }
     if (strlen($password) < 72 && empty($errors)) {
         $user = User::getByUsername($username);
         $ip = $_SERVER['REMOTE_ADDR'];
         //cannot be trusted at all ;)
         $ban = new Ban($this->db);
         if ($user && $ban->is_banned(array($ip, $username, $user->mail))) {
             $ban_len = '';
             if ($ban->expires > 0) {
                 $ban_len = _t("until ") . date('d-m-Y h:m:s', $ban->expires);
             }
             return json_encode(array("msg" => _t("You have been banned ") . $ban_len));
         }
         if ($user && $hasher->CheckPassword($password, $user->pass)) {
             User::login($user->id);
             $user = User::get();
             $user->rememberMe();
             return json_encode(array("msg" => "success", "uid" => $user->id, "rid" => $user->rid, "role" => User::getRoleName($user->rid)));
         } else {
             \CODOF\Log::info('failed login attempt by ' . $username . 'wrong username/password');
             return json_encode(array("msg" => _t("Wrong username or password")));
         }
     } else {
         return json_encode($errors);
     }
 }
Example #2
0
                    if ($userFriendlyURL) {
                        $field = '<a href="/user/profile/' . $user->id . '">' . htmlentities($user->name, ENT_QUOTES) . '</a>';
                    }
                } else {
                    $field = htmlentities($user->name, ENT_QUOTES);
                }
                $html .= '<td>' . $field . '</td>';
                break;
            case 'nbposts':
                $html .= '<td>' . $user->no_posts . '</td>';
                break;
            case 'nbviews':
                $html .= '<td>' . $user->profile_views . '</td>';
                break;
            case 'role':
                $html .= '<td>' . htmlentities(User::getRoleName($user->rid), ENT_QUOTES) . '</td>';
                break;
            default:
                //nothing
        }
    }
    $html .= '</tr>';
}
$html .= '
  </tbody>
</table>
<script>
$(document).ready(function() { $("#userTable").tablesorter(); } );
</script>
';
echo $html;