/** * put your comment there... * * @param mixed $system * @param mixed $ugr_Name */ function user_ResetPassword($system, $username) { if ($username) { $mysqli = $system->get_mysqli(); $user = user_getByField($mysqli, 'ugr_Name', $username); if (null == $user) { $user = user_getByField($system->get_mysqli(), 'ugr_Name', $username); } if (null == $user) { $system->addError(HEURIST_NOT_FOUND, "It is not possible to recover password. Username / email, you specified, not found"); } else { //do not update password if mail is not enabled if (!checkSmtp()) { $system->addError(HEURIST_SYSTEM_CONFIG, 'Error_Mail_Recovery'); return false; } $new_passwd = generate_passwd(); $record = array("ugr_ID" => $user['ugr_ID'], "ugr_Password" => hash_it($new_passwd)); $res = mysql__insertupdate($mysqli, "sysUGrps", "ugr_", $record); if (is_numeric($res) > 0) { $email_title = 'Password reset'; $email_text = "Dear " . $user['ugr_FirstName'] . ",\n\n" . "Your Heurist password has been reset.\n\n" . "Your username is: " . $user['ugr_Name'] . "\n" . "Your new password is: " . $new_passwd . "\n\n" . "To change your password go to Profile -> My User Info in the top right menu.\nYou will first be asked to log in with the new password above."; $dbowner_Email = user_getDbOwner($mysqli, 'ugr_eMail'); $rv = sendEmail($user['ugr_eMail'], $email_title, $email_text, "From: " . $dbowner_Email); if ($rv == "ok") { return true; } else { $system->addError(HEURIST_SYSTEM_CONFIG, 'Error_Password_Reset', $rv); } } else { $system->addError(HEURIST_DB_ERROR, 'Cannot update record in database', $res); } } } else { $system->addError(HEURIST_INVALID_REQUEST, "Username / email not defined"); //INVALID_REQUEST } return false; }
/** * Find user by name and password and keeps user info in current_User and in session * * @param mixed $username * @param mixed $password * @param mixed $session_type - public, shared, remember * * @return TRUE if login is success */ public function login($username, $password, $session_type) { if ($username && $password) { //db_users $user = user_getByField($this->mysqli, 'ugr_Name', $username); if ($user) { if ($user['ugr_Enabled'] != 'y') { $this->addError(HEURIST_REQUEST_DENIED, "Your user profile is not active. Please contact database owner"); return false; } else { if (crypt($password, $user['ugr_Password']) == $user['ugr_Password']) { $_SESSION[$this->dbname_full]['ugr_ID'] = $user['ugr_ID']; $_SESSION[$this->dbname_full]['ugr_Name'] = $user['ugr_Name']; $_SESSION[$this->dbname_full]['ugr_FullName'] = $user['ugr_FirstName'] . ' ' . $user['ugr_LastName']; //@todo $_SESSION[$this->dbname_full]['user_access'] = $groups; //$_SESSION[$this->dbname_full]['cookie_version'] = COOKIE_VERSION; $time = 0; if ($session_type == 'public') { $time = 0; } else { if ($session_type == 'shared') { $time = time() + 24 * 60 * 60; //day } else { if ($session_type == 'remember') { $time = time() + 30 * 24 * 60 * 60; //30 days $_SESSION[$this->dbname_full]['keepalive'] = true; //refresh time on next entry } } } $cres = setcookie('heurist-sessionid', session_id(), $time, '/'); //, HEURIST_SERVER_NAME); if (!$cres) { } //update login time in database user_updateLoginTime($this->mysqli, $user['ugr_ID']); //keep current user info $user['ugr_FullName'] = $user['ugr_FirstName'] . ' ' . $user['ugr_LastName']; $user['ugr_Password'] = ''; $user['ugr_Groups'] = user_getWorkgroups($this->mysqli, $user['ugr_ID']); $user['ugr_Preferences'] = user_getDefaultPreferences(); $this->current_User = $user; /* $this->current_User = array( 'ugr_ID'=>$user['ugr_ID'], 'ugr_FullName'=>$user['ugr_FirstName'] . ' ' . $user['ugr_LastName'], 'ugr_Groups' => user_getWorkgroups( $this->mysqli, $user['ugr_ID'] ), 'ugr_Preferences' => user_getPreferences() ); */ //header('Location: http://localhost/h4/index.php?db='.$this->dbname); //vsn 3 backward capability $h3session = $this->dbname_full . '.heurist'; $_SESSION[$h3session]['cookie_version'] = 1; $_SESSION[$h3session]['user_name'] = $user['ugr_Name']; $_SESSION[$h3session]['user_realname'] = $user['ugr_FullName']; $_SESSION[$h3session]['user_id'] = $user['ugr_ID']; $_SESSION[$h3session]['user_access'] = $user['ugr_Groups']; $_SESSION[$h3session]['keepalive'] = $session_type == 'remember'; return true; } else { $this->addError(HEURIST_REQUEST_DENIED, "Password is incorrect"); return false; } } } else { $this->addError(HEURIST_REQUEST_DENIED, "User name is incorrect"); return false; } } else { $this->addError(HEURIST_INVALID_REQUEST, "Username / password not defined"); //INVALID_REQUEST return false; } }