public function login($loginoremail, $password) { if (isset($_COOKIE[$this->cookie_name])) { $this->logout(); } $user = new User($this->db); $user->loadByLoginOrEmail($loginoremail); if (isset($user) && $user->is_loaded) { if ($user->val('user_failed_attempts') > $this::$max_attempts) { $messages[] = t('Max. number of login attempts exceeded. Please ask for new password.'); } if (Authentication::verifyPassword($password, $user->val('user_password_hash'))) { // success - create new session $this->user = $user; $this->updateLastAccess(); $token = $this->generateToken(); $token_hash = Authentication::hashPassword($token); $expires = time() + Authentication::$session_expire; $session = new UserSession($this->db); $session->data['user_session_token_hash'] = $token_hash; $session->data['user_session_user_id'] = $this->user->val('user_id'); $session->data['user_session_expires'] = SqlQuery::mysqlTimestamp($expires); $session->save(); setcookie($this->cookie_name, $session->val('user_session_id') . "-" . $token, $expires, '/', false, false); $this->session = $session; } else { $user->data['user_failed_attempts'] += 1; $user->save(); } } }
/** * Call this from Elefant's bootstrap.php file so that * links to `/{app_url}/*` map to `/saasy/*`. * * Usage: * * saasy\App::bootstrap ($controller); * * @param \Controller $controller */ public static function bootstrap($controller) { self::$controller = $controller; $conf = self::conf(); $alias = $conf['App Settings']['app_alias']; // Rewrite /app_alias/ to /saasy/ if ($_SERVER['REQUEST_URI'] === '/' . $alias) { $_SERVER['REQUEST_URI'] = '/saasy'; } elseif (strpos($_SERVER['REQUEST_URI'], '/' . $alias . '/') === 0) { $_SERVER['REQUEST_URI'] = str_replace('/' . $alias . '/', '/saasy/', $_SERVER['REQUEST_URI']); } // Add bootstrap.js $page = $controller->page(); $page->add_script('/apps/saasy/bootstrap/js/bootstrap.min.js'); $page->add_script('<script>$(function(){$("input[type=submit]").addClass("btn");});</script>'); // Get the customer from the subdomain $sub = self::subdomain(); if ($sub) { /** @var $customer Customer */ $customer = Customer::query()->where('subdomain', $sub)->single(); if ($customer && !$customer->error) { self::customer($customer); // Get the account from the user if (\User::require_login()) { /** @var $acct Account */ $acct = Account::query()->where('user', \User::val('id'))->where('customer', $customer->id)->single(); if ($acct && !$acct->error) { self::acct($acct); } } } } }
function test_userdata() { $data = User::val('userdata'); $this->assertEquals(array(), $data); $data['foo'] = 'bar'; User::val('userdata', $data); $this->assertEquals(json_encode(array('foo' => 'bar')), User::$user->data['userdata']); }
/** * Make sure email is unique except for current user. */ public static function email($email) { $res = \DB::shift('select count() from #prefix#user where id != ? and email = ?', \User::val('id'), $email); if ($res > 0) { return false; } return true; }
/** * @depends test_info */ function test_exists() { // Shouldn't find our lock $this->assertEquals(self::$lock->exists(), false); // Change users, should find the lock now User::val('id', 2); $this->assertEquals(self::$lock->exists(), 1); }
/** * Ensure new email address doesn't already belong to another user. * If no `$user_id` is provided, will use `User::val ('id')` to limit * the email address search by the current user. If `$user_id` is * set to `false`, it will not limit by a user ID. */ public static function email_in_use($email, $user_id = null) { $user_id = $user_id === null ? $user_id : \User::val('id'); $q = \User::query()->where('email', $email); if ($user_id !== false) { $q->where('id != ?', $user_id); } return (bool) $q->count(); }
if (isset($_GET['redirect'])) { $_POST['redirect'] = $_GET['redirect']; } if (!isset($_POST['redirect'])) { $_POST['redirect'] = $_SERVER['REQUEST_URI']; if ($_POST['redirect'] == '/user/login') { $_POST['redirect'] = '/user'; } } if (!Validator::validate($_POST['redirect'], 'header')) { $_POST['redirect'] = '/user'; } if (!User::require_login()) { if (!$this->internal && !empty($_POST['username'])) { echo '<p>' . __('Incorrect email or password, please try again.') . '</p>'; } $_POST['signup_handler'] = false; echo $tpl->render('user/login', $_POST); } else { $customer = saasy\App::customer(); if (!$customer) { $acct = saasy\Account::query()->where('user', User::val('id'))->single(); if ($acct && !$acct->error) { $customer = new saasy\Customer($acct->customer); if (!$customer->error) { $this->redirect('//' . $customer->domain() . '/'); } } } $this->redirect($_POST['redirect']); }
/** * Add a version to the store. */ public static function add($obj) { $v = new Versions(array('class' => get_class($obj), 'pkey' => $obj->{$obj->key}, 'user' => !User::$user ? 0 : User::val('id'), 'ts' => gmdate('Y-m-d H:i:s'), 'serialized' => json_encode($obj->data))); $v->put(); return $v; }
if ($autopost_tw && !empty($appconf['Twitter']['username']) && !empty($appconf['Twitter']['password'])) { $b = new Bitly(); $short = $b->shorten('http://' . $_SERVER['HTTP_HOST'] . '/blog/post/' . $p->id . '/' . URLify::filter($p->title)); $t = new twitter(); $t->username = $appconf['Twitter']['username']; $t->password = $appconf['Twitter']['password']; $t->update($p->title . ' ' . $short); } } // reset blog rss cache $memcache->delete('blog_rss'); $_POST['page'] = 'blog/post/' . $p->id . '/' . URLify::filter($p->title); $this->hook('blog/add', $_POST); $this->redirect('/blog/admin'); } $page->title = 'An Error Occurred'; echo 'Error Message: ' . $p->error; } else { $p = new blog\Post(); $p->author = User::val('name'); $p->ts = gmdate('Y-m-d H:i:s'); $p->yes_no = array('yes' => i18n_get('Yes'), 'no' => i18n_get('No')); $p->autopost_pom = 'yes'; $p->autopost_tw = 'yes'; $p->failed = $f->failed; $p = $f->merge_values($p); $p->tag_list = explode(',', $p->tags); $page->title = i18n_get('Add Blog Post'); $page->head = $tpl->render('admin/wysiwyg') . $tpl->render('blog/add/head', $p); echo $tpl->render('blog/add', $p); }
if (count($tools) === 0 && admin\Toolbar::$autofill === false) { $tools = admin\Toolbar::apps($this); $is_apps = true; } else { if (admin\Toolbar::$autofill) { // Extend the tools list with any unused app resources. $apps = admin\Toolbar::apps($this); foreach ($tools as $column => $group) { // filter out resources that are already in use $apps = array_diff_key($apps, $group); } if (count($apps)) { $i = 0; $j = 2; $column = admin\Toolbar::$autofill; $tools[$column] = array(); foreach ($apps as $handler => $app) { if (++$i > 7) { $i = 0; $column = admin\Toolbar::$autofill . ' (' . $j++ . ')'; $tools[$column] = array(); } $tools[$column][$handler] = $apps[$handler]; } } } $is_apps = false; } $editable = User::require_acl('admin/toolbar'); $out = array('name' => Product::name(), 'logo' => Product::logo_toolbar(), 'is_apps' => $is_apps || count($tools) === 0 && !$editable, 'links' => $tpl->render('admin/head/links', array('user' => User::val('name'), 'tools' => $tools, 'is_apps' => $is_apps, 'editable' => $editable))); echo json_encode($out);
/** * Clear all locks held by the current user. */ public static function clear() { return DB::execute('delete from `lock` where user = ?', User::val('id')); }
<?php /** * Blog post add form. */ $page->layout = 'admin'; $this->require_acl('admin', 'blog', 'admin/add'); $p = new blog\Post(array('title' => '', 'ts' => gmdate('Y-m-d H:i:s'), 'author' => User::val('name'), 'body' => '', 'tags' => '', 'extra' => '', 'published' => 'no')); $p->put(); Versions::add($p); if (!$p->error) { $this->redirect('/blog/edit?id=' . $p->id); } else { $this->add_notification(__('An Error Occurred')); $this->redirect('/blog/admin'); }
$form->data['account_level'] = isset($limits['name']) ? $limits['name'] : false; $form->view = 'saasy/account_owner'; $form->rules = parse_ini_file('apps/saasy/forms/account_owner.php', true); $page->add_style('/apps/saasy/css/account_members.css'); $page->add_script('/apps/saasy/js/bootstrap-filestyle-0.1.0.min.js'); $page->add_script('/apps/admin/js/handlebars-1.0.rc.1.js'); $page->add_script('/apps/saasy/js/account_members.js'); } else { $page->add_script('/apps/saasy/js/bootstrap-filestyle-0.1.0.min.js'); } echo $form->handle(function ($form) use($page, $customer, $acct) { // update user/acct \User::val('name', $_POST['name']); \User::val('email', $_POST['email']); if (!empty($_POST['new_pass'])) { \User::val('password', \User::encrypt_pass($_POST['new_pass'])); } \User::save(); if (is_uploaded_file($_FILES['photo']['tmp_name'])) { $acct->save_photo($_FILES['photo']); } if ($acct->type === 'owner') { // update customer too $customer->name = $_POST['customer_name']; if ($customer->subdomain !== $_POST['subdomain']) { $customer->subdomain = $_POST['subdomain']; $domain_has_changed = true; } else { $domain_has_changed = false; } if (!$customer->put()) {
<?php include_once $home_dir . 'classes/emails.php'; $page_title = t('Forgotten Password'); if (isset($_POST['email'])) { $zUser = new User($db); $zUser->loadByLoginOrEmail($_POST['email']); if ($zUser->is_loaded) { $reset_token = generateToken(50); $expires = time() + 60 * 60 * 24 * User::$reset_password_expires_days; $zUser->data['user_reset_password_hash'] = Authentication::hashPassword($reset_token); $zUser->data['user_reset_password_expires'] = ModelBase::mysqlTimestamp($expires); $zUser->save(); $email_text = t('To reset your password, visit this link: %s/admin/reset-password/%d?reset_token=%s. This link is only valid for %d days.', $base_url, $zUser->val('user_id'), $reset_token, User::$reset_password_expires_days); Emails::sendPlain($globals['emails_from'], $zUser->val('user_email'), '', t('Forgotten Password'), $email_text); $messages->add(t('An e-mail was sent to your address with reset password instructions.')); } else { // increase ip address failed attempts here // * $messages->error(t('This e-mail address or login was not found in our database.')); } }
$appconf = parse_ini_file($file, true); if (isset($appconf['Admin']['handler'])) { if (isset($appconf['Admin']['install'])) { $ver = $this->installed($app, $appconf['Admin']['version']); if ($ver === true) { // installed $tools[$appconf['Admin']['handler']] = $appconf['Admin']; $tools[$appconf['Admin']['handler']]['class'] = false; } elseif ($ver === false) { // not installed $appconf['Admin']['name'] .= ' (' . i18n_get('click to install') . ')'; $tools[$appconf['Admin']['install']] = $appconf['Admin']; $tools[$appconf['Admin']['install']]['class'] = 'not-installed'; } else { // needs upgrade $appconf['Admin']['name'] .= ' (' . i18n_get('click to upgrade') . ')'; $tools[$appconf['Admin']['upgrade']] = $appconf['Admin']; $tools[$appconf['Admin']['upgrade']]['class'] = 'needs-upgrade'; } } else { // no installer, as you were $tools[$appconf['Admin']['handler']] = $appconf['Admin']; $tools[$appconf['Admin']['handler']]['class'] = false; } } } uasort($tools, 'admin_head_links_sort'); $out = array('name' => Product::name(), 'logo' => Product::logo_toolbar(), 'links' => $tpl->render('admin/head/links', array('user' => User::val('name'), 'tools' => $tools))); $page->layout = false; header('Content-Type: application/json'); echo json_encode($out);
<?php include_once $home_dir . 'classes/emails.php'; $page_title = t('Reset Password'); $data['show_form'] = false; if (isset($path[2]) && isset($_GET['reset_token'])) { $user_id = intval($path[2]); $reset_token = $_GET['reset_token']; $zUser = new User($db, $user_id); if ($zUser->is_loaded && $zUser->val('user_reset_password_expires') > ModelBase::mysqlTimestamp(time()) && password_verify($reset_token, $zUser->val('user_reset_password_hash'))) { if (isset($_POST['password']) && isset($_POST['password2'])) { if ($_POST['password'] == $_POST['password2']) { $zUser->data['user_password_hash'] = Authentication::hashPassword($_POST['password']); $zUser->data['user_reset_password_hash'] = null; $zUser->data['user_reset_password_expires'] = null; $zUser->save(); $messages->add(t('Your password was reset.'), 'success'); } else { $messages->error(t('Passwords don\'t match.')); } } else { $data['show_form'] = true; $data['user_id'] = $zUser->val('user_id'); $data['reset_token'] = $reset_token; $messages->add(t('Enter your new password.')); } } else { $messages->error(t('Your link seems to be invalid.')); } } else { $messages->error(t('This page should only be accessed from link sent to your e-mail.'));
if (!User::require_login()) { $page->title = __('Members'); echo $this->run('user/login'); return; } $u = User::$user; $form = new Form('post', $this); $form->data = $u->orig(); $form->data->password = ''; $form->data = $form->merge_values($form->data); $form->data->failed = $form->failed; $form->data->_states = user\Data::states(); $form->data->_countries = user\Data::countries(); $page->title = __('Update Profile'); echo $form->handle(function ($form) use($u, $page) { if (user\Rules::email_in_use($_POST['email'], User::val('id'))) { $form->failed[] = 'email-in-use'; return false; } $u->name = $_POST['name']; $u->email = $_POST['email']; if (!empty($_POST['password'])) { $u->password = User::encrypt_pass($_POST['password']); } $u->about = $_POST['about']; $u->phone = $_POST['phone']; $u->address = $_POST['address']; $u->address2 = $_POST['address2']; $u->city = $_POST['city']; $u->state = $_POST['state']; $u->country = $_POST['country'];