<?php
$user = new User();
$user->db = $db;
if (isset($_SESSION['email'])) {
$user->session($_SESSION['email']);
}
/**
* Verifies a username/password combo against the database.
* Username is matched to the email field. If things check out,
* a session_id is generated and initialized in the database
* and for the user. Also creates the global $user object
* as well, since we have the data (no sense requesting it
* twice).
*/
public static function verifier($user, $pass)
{
// If it's been called before for this user, return cached result
static $called = array();
if (isset($called[$user])) {
return $called[$user];
}
$u = DB::single('select * from `#prefix#user` where email = ?', $user);
// Check if they've exceeded their login attempt limit
global $controller;
$cache = $controller->cache();
$attempts = $cache->get('_user_login_attempts_' . session_id());
if (!$attempts) {
$attempts = 0;
}
if ($attempts > Appconf::user('User', 'login_attempt_limit')) {
$called[$user] = FALSE;
$controller->redirect('/user/too-many-attempts');
}
if ($u && crypt($pass, $u->password) == $u->password) {
$class = get_called_class();
self::$user = new $class((array) $u, FALSE);
if (Appconf::user('User', 'multi_login')) {
self::$session = user\Session::create($u->id);
if (self::$session === false) {
$called[$user] = FALSE;
return false;
}
self::$user->session_id = self::$session->session_id;
self::$user->expires = self::$session->expires;
$_SESSION['session_id'] = self::$user->session_id;
} else {
self::$user->session_id = md5(uniqid(mt_rand(), 1));
self::$user->expires = gmdate('Y-m-d H:i:s', time() + 2592000);
// 1 month
$try = 0;
while (!self::$user->put()) {
self::$user->session_id = md5(uniqid(mt_rand(), 1));
$try++;
if ($try == 5) {
$called[$user] = FALSE;
return FALSE;
}
}
$_SESSION['session_id'] = self::$user->session_id;
}
// Save the user agent so we can verify it against future sessions,
// and remove the login attempts cache item
$cache->add('_user_session_agent_' . $_SESSION['session_id'], $_SERVER['HTTP_USER_AGENT'], 0, time() + 2592000);
$cache->delete('_user_login_attempts_' . session_id());
$called[$user] = TRUE;
return TRUE;
}
// Increment the number of attempts they've made
$attempts++;
if (!$cache->add('_user_login_attempts_' . session_id(), $attempts, 0, Appconf::user('User', 'block_attempts_for'))) {
$cache->replace('_user_login_attempts_' . session_id(), $attempts, 0, Appconf::user('User', 'block_attempts_for'));
}
$called[$user] = FALSE;
return FALSE;
}
