public function login($loginoremail, $password) { if (isset($_COOKIE[$this->cookie_name])) { $this->logout(); } $user = new User($this->db); $user->loadByLoginOrEmail($loginoremail); if (isset($user) && $user->is_loaded) { if ($user->val('user_failed_attempts') > $this::$max_attempts) { $messages[] = t('Max. number of login attempts exceeded. Please ask for new password.'); } if (Authentication::verifyPassword($password, $user->val('user_password_hash'))) { // success - create new session $this->user = $user; $this->updateLastAccess(); $token = $this->generateToken(); $token_hash = Authentication::hashPassword($token); $expires = time() + Authentication::$session_expire; $session = new UserSession($this->db); $session->data['user_session_token_hash'] = $token_hash; $session->data['user_session_user_id'] = $this->user->val('user_id'); $session->data['user_session_expires'] = SqlQuery::mysqlTimestamp($expires); $session->save(); setcookie($this->cookie_name, $session->val('user_session_id') . "-" . $token, $expires, '/', false, false); $this->session = $session; } else { $user->data['user_failed_attempts'] += 1; $user->save(); } } }
<?php include_once $home_dir . 'classes/emails.php'; $page_title = t('Forgotten Password'); if (isset($_POST['email'])) { $zUser = new User($db); $zUser->loadByLoginOrEmail($_POST['email']); if ($zUser->is_loaded) { $reset_token = generateToken(50); $expires = time() + 60 * 60 * 24 * User::$reset_password_expires_days; $zUser->data['user_reset_password_hash'] = Authentication::hashPassword($reset_token); $zUser->data['user_reset_password_expires'] = ModelBase::mysqlTimestamp($expires); $zUser->save(); $email_text = t('To reset your password, visit this link: %s/admin/reset-password/%d?reset_token=%s. This link is only valid for %d days.', $base_url, $zUser->val('user_id'), $reset_token, User::$reset_password_expires_days); Emails::sendPlain($globals['emails_from'], $zUser->val('user_email'), '', t('Forgotten Password'), $email_text); $messages->add(t('An e-mail was sent to your address with reset password instructions.')); } else { // increase ip address failed attempts here // * $messages->error(t('This e-mail address or login was not found in our database.')); } }