public function login($loginoremail, $password)
{
if (isset($_COOKIE[$this->cookie_name])) {
$this->logout();
}
$user = new User($this->db);
$user->loadByLoginOrEmail($loginoremail);
if (isset($user) && $user->is_loaded) {
if ($user->val('user_failed_attempts') > $this::$max_attempts) {
$messages[] = t('Max. number of login attempts exceeded. Please ask for new password.');
}
if (Authentication::verifyPassword($password, $user->val('user_password_hash'))) {
// success - create new session
$this->user = $user;
$this->updateLastAccess();
$token = $this->generateToken();
$token_hash = Authentication::hashPassword($token);
$expires = time() + Authentication::$session_expire;
$session = new UserSession($this->db);
$session->data['user_session_token_hash'] = $token_hash;
$session->data['user_session_user_id'] = $this->user->val('user_id');
$session->data['user_session_expires'] = SqlQuery::mysqlTimestamp($expires);
$session->save();
setcookie($this->cookie_name, $session->val('user_session_id') . "-" . $token, $expires, '/', false, false);
$this->session = $session;
} else {
$user->data['user_failed_attempts'] += 1;
$user->save();
}
}
}
/**
* Call this from Elefant's bootstrap.php file so that
* links to `/{app_url}/*` map to `/saasy/*`.
*
* Usage:
*
* saasy\App::bootstrap ($controller);
*
* @param \Controller $controller
*/
public static function bootstrap($controller)
{
self::$controller = $controller;
$conf = self::conf();
$alias = $conf['App Settings']['app_alias'];
// Rewrite /app_alias/ to /saasy/
if ($_SERVER['REQUEST_URI'] === '/' . $alias) {
$_SERVER['REQUEST_URI'] = '/saasy';
} elseif (strpos($_SERVER['REQUEST_URI'], '/' . $alias . '/') === 0) {
$_SERVER['REQUEST_URI'] = str_replace('/' . $alias . '/', '/saasy/', $_SERVER['REQUEST_URI']);
}
// Add bootstrap.js
$page = $controller->page();
$page->add_script('/apps/saasy/bootstrap/js/bootstrap.min.js');
$page->add_script('<script>$(function(){$("input[type=submit]").addClass("btn");});</script>');
// Get the customer from the subdomain
$sub = self::subdomain();
if ($sub) {
/** @var $customer Customer */
$customer = Customer::query()->where('subdomain', $sub)->single();
if ($customer && !$customer->error) {
self::customer($customer);
// Get the account from the user
if (\User::require_login()) {
/** @var $acct Account */
$acct = Account::query()->where('user', \User::val('id'))->where('customer', $customer->id)->single();
if ($acct && !$acct->error) {
self::acct($acct);
}
}
}
}
}
function test_userdata()
{
$data = User::val('userdata');
$this->assertEquals(array(), $data);
$data['foo'] = 'bar';
User::val('userdata', $data);
$this->assertEquals(json_encode(array('foo' => 'bar')), User::$user->data['userdata']);
}
/**
* Make sure email is unique except for current user.
*/
public static function email($email)
{
$res = \DB::shift('select count() from #prefix#user where id != ? and email = ?', \User::val('id'), $email);
if ($res > 0) {
return false;
}
return true;
}
/**
* @depends test_info
*/
function test_exists()
{
// Shouldn't find our lock
$this->assertEquals(self::$lock->exists(), false);
// Change users, should find the lock now
User::val('id', 2);
$this->assertEquals(self::$lock->exists(), 1);
}
/**
* Ensure new email address doesn't already belong to another user.
* If no `$user_id` is provided, will use `User::val ('id')` to limit
* the email address search by the current user. If `$user_id` is
* set to `false`, it will not limit by a user ID.
*/
public static function email_in_use($email, $user_id = null)
{
$user_id = $user_id === null ? $user_id : \User::val('id');
$q = \User::query()->where('email', $email);
if ($user_id !== false) {
$q->where('id != ?', $user_id);
}
return (bool) $q->count();
}
if (isset($_GET['redirect'])) {
$_POST['redirect'] = $_GET['redirect'];
}
if (!isset($_POST['redirect'])) {
$_POST['redirect'] = $_SERVER['REQUEST_URI'];
if ($_POST['redirect'] == '/user/login') {
$_POST['redirect'] = '/user';
}
}
if (!Validator::validate($_POST['redirect'], 'header')) {
$_POST['redirect'] = '/user';
}
if (!User::require_login()) {
if (!$this->internal && !empty($_POST['username'])) {
echo '<p>' . __('Incorrect email or password, please try again.') . '</p>';
}
$_POST['signup_handler'] = false;
echo $tpl->render('user/login', $_POST);
} else {
$customer = saasy\App::customer();
if (!$customer) {
$acct = saasy\Account::query()->where('user', User::val('id'))->single();
if ($acct && !$acct->error) {
$customer = new saasy\Customer($acct->customer);
if (!$customer->error) {
$this->redirect('//' . $customer->domain() . '/');
}
}
}
$this->redirect($_POST['redirect']);
}
/**
* Add a version to the store.
*/
public static function add($obj)
{
$v = new Versions(array('class' => get_class($obj), 'pkey' => $obj->{$obj->key}, 'user' => !User::$user ? 0 : User::val('id'), 'ts' => gmdate('Y-m-d H:i:s'), 'serialized' => json_encode($obj->data)));
$v->put();
return $v;
}
if ($autopost_tw && !empty($appconf['Twitter']['username']) && !empty($appconf['Twitter']['password'])) {
$b = new Bitly();
$short = $b->shorten('http://' . $_SERVER['HTTP_HOST'] . '/blog/post/' . $p->id . '/' . URLify::filter($p->title));
$t = new twitter();
$t->username = $appconf['Twitter']['username'];
$t->password = $appconf['Twitter']['password'];
$t->update($p->title . ' ' . $short);
}
}
// reset blog rss cache
$memcache->delete('blog_rss');
$_POST['page'] = 'blog/post/' . $p->id . '/' . URLify::filter($p->title);
$this->hook('blog/add', $_POST);
$this->redirect('/blog/admin');
}
$page->title = 'An Error Occurred';
echo 'Error Message: ' . $p->error;
} else {
$p = new blog\Post();
$p->author = User::val('name');
$p->ts = gmdate('Y-m-d H:i:s');
$p->yes_no = array('yes' => i18n_get('Yes'), 'no' => i18n_get('No'));
$p->autopost_pom = 'yes';
$p->autopost_tw = 'yes';
$p->failed = $f->failed;
$p = $f->merge_values($p);
$p->tag_list = explode(',', $p->tags);
$page->title = i18n_get('Add Blog Post');
$page->head = $tpl->render('admin/wysiwyg') . $tpl->render('blog/add/head', $p);
echo $tpl->render('blog/add', $p);
}
if (count($tools) === 0 && admin\Toolbar::$autofill === false) {
$tools = admin\Toolbar::apps($this);
$is_apps = true;
} else {
if (admin\Toolbar::$autofill) {
// Extend the tools list with any unused app resources.
$apps = admin\Toolbar::apps($this);
foreach ($tools as $column => $group) {
// filter out resources that are already in use
$apps = array_diff_key($apps, $group);
}
if (count($apps)) {
$i = 0;
$j = 2;
$column = admin\Toolbar::$autofill;
$tools[$column] = array();
foreach ($apps as $handler => $app) {
if (++$i > 7) {
$i = 0;
$column = admin\Toolbar::$autofill . ' (' . $j++ . ')';
$tools[$column] = array();
}
$tools[$column][$handler] = $apps[$handler];
}
}
}
$is_apps = false;
}
$editable = User::require_acl('admin/toolbar');
$out = array('name' => Product::name(), 'logo' => Product::logo_toolbar(), 'is_apps' => $is_apps || count($tools) === 0 && !$editable, 'links' => $tpl->render('admin/head/links', array('user' => User::val('name'), 'tools' => $tools, 'is_apps' => $is_apps, 'editable' => $editable)));
echo json_encode($out);
/**
* Clear all locks held by the current user.
*/
public static function clear()
{
return DB::execute('delete from `lock` where user = ?', User::val('id'));
}
<?php
/**
* Blog post add form.
*/
$page->layout = 'admin';
$this->require_acl('admin', 'blog', 'admin/add');
$p = new blog\Post(array('title' => '', 'ts' => gmdate('Y-m-d H:i:s'), 'author' => User::val('name'), 'body' => '', 'tags' => '', 'extra' => '', 'published' => 'no'));
$p->put();
Versions::add($p);
if (!$p->error) {
$this->redirect('/blog/edit?id=' . $p->id);
} else {
$this->add_notification(__('An Error Occurred'));
$this->redirect('/blog/admin');
}
$form->data['account_level'] = isset($limits['name']) ? $limits['name'] : false;
$form->view = 'saasy/account_owner';
$form->rules = parse_ini_file('apps/saasy/forms/account_owner.php', true);
$page->add_style('/apps/saasy/css/account_members.css');
$page->add_script('/apps/saasy/js/bootstrap-filestyle-0.1.0.min.js');
$page->add_script('/apps/admin/js/handlebars-1.0.rc.1.js');
$page->add_script('/apps/saasy/js/account_members.js');
} else {
$page->add_script('/apps/saasy/js/bootstrap-filestyle-0.1.0.min.js');
}
echo $form->handle(function ($form) use($page, $customer, $acct) {
// update user/acct
\User::val('name', $_POST['name']);
\User::val('email', $_POST['email']);
if (!empty($_POST['new_pass'])) {
\User::val('password', \User::encrypt_pass($_POST['new_pass']));
}
\User::save();
if (is_uploaded_file($_FILES['photo']['tmp_name'])) {
$acct->save_photo($_FILES['photo']);
}
if ($acct->type === 'owner') {
// update customer too
$customer->name = $_POST['customer_name'];
if ($customer->subdomain !== $_POST['subdomain']) {
$customer->subdomain = $_POST['subdomain'];
$domain_has_changed = true;
} else {
$domain_has_changed = false;
}
if (!$customer->put()) {
<?php
include_once $home_dir . 'classes/emails.php';
$page_title = t('Forgotten Password');
if (isset($_POST['email'])) {
$zUser = new User($db);
$zUser->loadByLoginOrEmail($_POST['email']);
if ($zUser->is_loaded) {
$reset_token = generateToken(50);
$expires = time() + 60 * 60 * 24 * User::$reset_password_expires_days;
$zUser->data['user_reset_password_hash'] = Authentication::hashPassword($reset_token);
$zUser->data['user_reset_password_expires'] = ModelBase::mysqlTimestamp($expires);
$zUser->save();
$email_text = t('To reset your password, visit this link: %s/admin/reset-password/%d?reset_token=%s. This link is only valid for %d days.', $base_url, $zUser->val('user_id'), $reset_token, User::$reset_password_expires_days);
Emails::sendPlain($globals['emails_from'], $zUser->val('user_email'), '', t('Forgotten Password'), $email_text);
$messages->add(t('An e-mail was sent to your address with reset password instructions.'));
} else {
// increase ip address failed attempts here
// *
$messages->error(t('This e-mail address or login was not found in our database.'));
}
}
$appconf = parse_ini_file($file, true);
if (isset($appconf['Admin']['handler'])) {
if (isset($appconf['Admin']['install'])) {
$ver = $this->installed($app, $appconf['Admin']['version']);
if ($ver === true) {
// installed
$tools[$appconf['Admin']['handler']] = $appconf['Admin'];
$tools[$appconf['Admin']['handler']]['class'] = false;
} elseif ($ver === false) {
// not installed
$appconf['Admin']['name'] .= ' (' . i18n_get('click to install') . ')';
$tools[$appconf['Admin']['install']] = $appconf['Admin'];
$tools[$appconf['Admin']['install']]['class'] = 'not-installed';
} else {
// needs upgrade
$appconf['Admin']['name'] .= ' (' . i18n_get('click to upgrade') . ')';
$tools[$appconf['Admin']['upgrade']] = $appconf['Admin'];
$tools[$appconf['Admin']['upgrade']]['class'] = 'needs-upgrade';
}
} else {
// no installer, as you were
$tools[$appconf['Admin']['handler']] = $appconf['Admin'];
$tools[$appconf['Admin']['handler']]['class'] = false;
}
}
}
uasort($tools, 'admin_head_links_sort');
$out = array('name' => Product::name(), 'logo' => Product::logo_toolbar(), 'links' => $tpl->render('admin/head/links', array('user' => User::val('name'), 'tools' => $tools)));
$page->layout = false;
header('Content-Type: application/json');
echo json_encode($out);
<?php
include_once $home_dir . 'classes/emails.php';
$page_title = t('Reset Password');
$data['show_form'] = false;
if (isset($path[2]) && isset($_GET['reset_token'])) {
$user_id = intval($path[2]);
$reset_token = $_GET['reset_token'];
$zUser = new User($db, $user_id);
if ($zUser->is_loaded && $zUser->val('user_reset_password_expires') > ModelBase::mysqlTimestamp(time()) && password_verify($reset_token, $zUser->val('user_reset_password_hash'))) {
if (isset($_POST['password']) && isset($_POST['password2'])) {
if ($_POST['password'] == $_POST['password2']) {
$zUser->data['user_password_hash'] = Authentication::hashPassword($_POST['password']);
$zUser->data['user_reset_password_hash'] = null;
$zUser->data['user_reset_password_expires'] = null;
$zUser->save();
$messages->add(t('Your password was reset.'), 'success');
} else {
$messages->error(t('Passwords don\'t match.'));
}
} else {
$data['show_form'] = true;
$data['user_id'] = $zUser->val('user_id');
$data['reset_token'] = $reset_token;
$messages->add(t('Enter your new password.'));
}
} else {
$messages->error(t('Your link seems to be invalid.'));
}
} else {
$messages->error(t('This page should only be accessed from link sent to your e-mail.'));
if (!User::require_login()) {
$page->title = __('Members');
echo $this->run('user/login');
return;
}
$u = User::$user;
$form = new Form('post', $this);
$form->data = $u->orig();
$form->data->password = '';
$form->data = $form->merge_values($form->data);
$form->data->failed = $form->failed;
$form->data->_states = user\Data::states();
$form->data->_countries = user\Data::countries();
$page->title = __('Update Profile');
echo $form->handle(function ($form) use($u, $page) {
if (user\Rules::email_in_use($_POST['email'], User::val('id'))) {
$form->failed[] = 'email-in-use';
return false;
}
$u->name = $_POST['name'];
$u->email = $_POST['email'];
if (!empty($_POST['password'])) {
$u->password = User::encrypt_pass($_POST['password']);
}
$u->about = $_POST['about'];
$u->phone = $_POST['phone'];
$u->address = $_POST['address'];
$u->address2 = $_POST['address2'];
$u->city = $_POST['city'];
$u->state = $_POST['state'];
$u->country = $_POST['country'];
