/**
  * Method used to update the account password for a specific user.
  *
  * @param   integer $usr_id The user ID
  * @param   string  $password The password.
  * @return  boolean
  */
 public function updatePassword($usr_id, $password)
 {
     $stmt = 'UPDATE
                 {{%user}}
              SET
                 usr_password=?
              WHERE
                 usr_id=?';
     $params = array(Auth::hashPassword($password), $usr_id);
     try {
         DB_Helper::getInstance()->query($stmt, $params);
     } catch (DbException $e) {
         return false;
     }
     # NOTE: this will say updated failed if password is identical to old one
     $updated = DB_Helper::getInstance()->affectedRows();
     return $updated > 0;
 }
 /**
  * Update User
  *
  * @param int $userId
  */
 public function update($userId)
 {
     $user = $this->getUserFinder()->findOneBy('id', $userId);
     if ($this->slim->request->isGet()) {
         $this->slim->render('user/update.html.twig', ['user' => $user, 'sessionUser' => $this->getSessionUser()]);
     } elseif ($this->slim->request->isPost()) {
         $email = $_POST['email'];
         $password = $_POST['password'];
         $role = $_POST['role'];
         $auth = new Auth();
         $hash = $auth->hashPassword($password);
         $user->setEmail($email);
         $user->setPassword($hash);
         $user->getRole($role);
         $user->update();
         $this->slim->flash('success', 'User updated');
         $this->slim->redirect('/users');
     }
 }
Beispiel #3
0
 /**
  * @param $password string
  * 
  * Change the password of an user along with generating new salt.
  *
  */
 public function changePassword($password)
 {
     $this->salt = Auth::generatePasswordSalt();
     $this->password = Auth::hashPassword($password, $this->salt);
     $this->save();
 }
Beispiel #4
0
 /**
  * Method used to add a new user to the system.
  *
  * @param   array $user The array of user information
  * @return  integer 1 if the update worked, -1 otherwise
  */
 public static function insert($user)
 {
     $projects = array();
     foreach ($user['role'] as $prj_id => $role) {
         if ($role < 1) {
             continue;
         }
         $projects[] = $prj_id;
     }
     $params = array(isset($user['customer_id']) ? $user['customer_id'] : null, isset($user['contact_id']) ? $user['contact_id'] : null, Date_Helper::getCurrentDateGMT(), Auth::hashPassword($user['password']), $user['full_name'], $user['email'], !empty($user['grp_id']) ? $user['grp_id'] : null, $user['external_id'], isset($user['par_code']) ? $user['par_code'] : null);
     $stmt = 'INSERT INTO
                 {{%user}}
              (
                 usr_customer_id,
                 usr_customer_contact_id,
                 usr_created_date,
                 usr_password,
                 usr_full_name,
                 usr_email,
                 usr_grp_id,
                 usr_external_id,
                 usr_par_code
              ) VALUES (
                 ?,
                 ?,
                 ?,
                 ?,
                 ?,
                 ?,
                 ?,
                 ?,
                 ?
              )';
     try {
         DB_Helper::getInstance()->query($stmt, $params);
     } catch (DbException $e) {
         return -1;
     }
     $new_usr_id = DB_Helper::get_last_insert_id();
     // add the project associations!
     $projects = array();
     foreach ($user['role'] as $prj_id => $role) {
         if ($role < 1) {
             continue;
         }
         Project::associateUser($prj_id, $new_usr_id, $role);
         $projects[] = $prj_id;
     }
     Prefs::set($new_usr_id, Prefs::getDefaults($projects));
     // send email to user
     Notification::notifyNewUser($new_usr_id, $user['password']);
     return $new_usr_id;
 }
 public function actionRecovery($hash = false)
 {
     if ($hash) {
         if (isset($_POST['password1'])) {
             $model = UsersModel::model()->where("`hash`='{$hash}'")->findRow();
             $model->password = Auth::hashPassword($_POST['password1']);
             $model->hash = "";
             $model->save();
             $this->view("success", array("message" => Lang::get("password_changed")), false);
         }
         $this->view("profile/lostpassword", array(), false);
     } else {
         if (isset($_POST['lostname'])) {
             $name = $_POST['lostname'];
             $model = UsersModel::model()->where("`login`='{$name}' OR `email`='{$name}'")->findRow();
             if ($model) {
                 $model->hash = Auth::generateRandomHash();
                 $model->save();
                 $to = $model->email;
                 $subject = "Ссылка для восстановления пароля на " . $_SERVER[HTTP_HOST];
                 $body = "Здравствуйте, " . $model->name . "!" . "<br/><br/>Если вы желаете восстановить пароль вашей страницы, <br/>" . "пожалуйста перейдите по ссылке <a href='http://" . $_SERVER['HTTP_HOST'] . "/recovery/" . $model->hash . "'>подтверждения восстановления пароля</a>";
                 $headers = "From: support@speak.addic.tk";
                 $headers .= "Support " . $_SERVER[HTTP_HOST] . " " . "\r\n";
                 $headers .= "Content-type: text/html; charset=utf-8" . "\r\n";
                 $headers .= 'X-Mailer: PHP/' . phpversion();
                 if (empty($to)) {
                     echo "<script>alert('No email to send');</script>";
                 } else {
                     mail($to, $subject, $body, $headers);
                 }
                 $this->view("success", array("message" => Lang::get("restore_url")), false);
             } else {
                 Message::setError("email", Lang::get("login_not_found"));
             }
         }
         $this->view("profile/recovery", array(), false);
     }
 }
Beispiel #6
0
 function isCorrectPassword($email, $password)
 {
     $stmt = "SELECT\r\n\t\t\t\t\ten_username,\r\n                    en_password\r\n                 FROM\r\n                    " . ETEL_USER_TABLE_NOSUB . "\r\n                 WHERE\r\n                    en_email='" . Misc::escapeString($email) . "'";
     $info = $GLOBALS["db_api"]->dbh->getRow($stmt);
     if (PEAR::isError($info)) {
         Error_Handler::logError(array($passwd->getMessage(), $passwd->getDebugInfo()), __FILE__, __LINE__);
         return false;
     } else {
         if ($info[1] != Auth::hashPassword($info[0] . $password)) {
             return false;
         } else {
             return true;
         }
     }
 }
Beispiel #7
0
 public static function verifyPassword($password, $passwordHash, $passwordSalt)
 {
     return Auth::hashPassword($password, $passwordSalt, Config::PASSWORD_HASH_ROUNDS) === $passwordHash;
 }
Beispiel #8
0
 /**
  * Method used to add a new user to the system.
  *
  * @access  public
  * @return  integer 1 if the update worked, -1 otherwise
  */
 function insert()
 {
     global $HTTP_POST_VARS;
     $projects = array();
     foreach ($HTTP_POST_VARS["role"] as $prj_id => $role) {
         if ($role < 1) {
             continue;
         }
         $projects[] = $prj_id;
     }
     $fn = preg_split('/\\s+/', $HTTP_POST_VARS["full_name"], 2);
     $username = preg_split('/@/', $HTTP_POST_VARS["email"], 2);
     $prefs = Prefs::getDefaults($projects);
     $stmt = "INSERT INTO\n                    " . ETEL_USER_TABLE_NOSUB . "\n\t\t\t\tSET\n                    en_ev_customer_id = NULL,\n                    en_ev_contact_id = NULL,\n                    en_signup = '" . Date_API::getCurrentDateGMT() . "',\n                    en_username = '******',\n                    en_password = '******',\n                    en_firstname = '" . Misc::escapeString($fn[0]) . "',\n                    en_lastname = '" . Misc::escapeString($fn[1]) . "',\n                    en_email = '" . Misc::escapeString($HTTP_POST_VARS["email"]) . "',\n                    en_ev_pref = '" . Misc::escapeString($prefs) . "'\n                ";
     $res = $GLOBALS["db_api"]->dbh->query($stmt);
     if (PEAR::isError($res)) {
         Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
         return -1;
     } else {
         $new_usr_id = $GLOBALS["db_api"]->get_last_insert_id();
         // add the project associations!
         foreach ($HTTP_POST_VARS["role"] as $prj_id => $role) {
             if ($role < 1) {
                 continue;
             }
             Project::associateUser($prj_id, $new_usr_id, $role);
         }
         // send email to user
         Notification::notifyNewUser($new_usr_id, $HTTP_POST_VARS["password"]);
         return 1;
     }
 }
Beispiel #9
0
 public static function addUser($login, $password, $rol)
 {
     if ($login === '' || $password === '') {
         throw new AuthInvalidUserException("Invalid login or password [{$login}] : [{$password}]");
     }
     if ($rol !== \Acd\conf::$ROL_DEVELOPER && $rol !== \Acd\conf::$ROL_EDITOR) {
         throw new AuthInvalidUserException("Invalid rol [{$rol}]");
     }
     $aCredentials = Auth::loadAllCredentials();
     $aCredentials[$login]['password'] = Auth::hashPassword($password);
     $aCredentials[$login]['rol'] = $rol;
     $jsonCredentials = json_encode($aCredentials);
     $path = \Acd\conf::$PATH_AUTH_CREDENTIALS_FILE;
     $tempPath = \Acd\conf::$PATH_AUTH_CREDENTIALS_FILE . '.tmp';
     if (!($handle = fopen($tempPath, 'a'))) {
         echo "Cannot open file ({$tempPath})";
         exit;
     }
     // Write $jsonCredentials to our opened file.
     if (fwrite($handle, $jsonCredentials) === FALSE) {
         echo "Cannot write to file ({$tempPath})";
         exit;
     }
     fclose($handle);
     rename($tempPath, $path);
 }