/**
  * Attempts to log an Author in given a username and password.
  * If the password is not hashed, it will be hashed using the sha1
  * algorithm. The username and password will be sanitized before
  * being used to query the Database. If an Author is found, they
  * will be logged in and the sanitized username and password (also hashed)
  * will be saved as values in the `$Cookie`.
  *
  * @see toolkit.Cryptography#hash()
  * @throws DatabaseException
  * @param string $username
  *  The Author's username. This will be sanitized before use.
  * @param string $password
  *  The Author's password. This will be sanitized and then hashed before use
  * @param boolean $isHash
  *  If the password provided is already hashed, setting this parameter to
  *  true will stop it becoming rehashed. By default it is false.
  * @return boolean
  *  True if the Author was logged in, false otherwise
  */
 public static function login($username, $password, $isHash = false)
 {
     $username = trim(self::Database()->cleanValue($username));
     $password = trim(self::Database()->cleanValue($password));
     if (strlen($username) > 0 && strlen($password) > 0) {
         $author = AuthorManager::fetch('id', 'ASC', 1, null, sprintf("`username` = '%s'", $username));
         if (!empty($author) && Cryptography::compare($password, current($author)->get('password'), $isHash)) {
             self::$Author = current($author);
             // Only migrate hashes if there is no update available as the update might change the tbl_authors table.
             if (self::isUpgradeAvailable() === false && Cryptography::requiresMigration(self::$Author->get('password'))) {
                 self::$Author->set('password', Cryptography::hash($password));
                 self::Database()->update(array('password' => self::$Author->get('password')), 'tbl_authors', sprintf(" `id` = %d", self::$Author->get('id')));
             }
             self::$Cookie->set('username', $username);
             self::$Cookie->set('pass', self::$Author->get('password'));
             self::Database()->update(array('last_seen' => DateTimeObj::get('Y-m-d H:i:s')), 'tbl_authors', sprintf(" `id` = %d", self::$Author->get('id')));
             // Only set custom author language in the backend
             if (class_exists('Administration', false)) {
                 Lang::set(self::$Author->get('language'));
             }
             return true;
         }
     }
     return false;
 }
 public static function fetchByUsername($username)
 {
     $rec = Symphony::Database()->fetchRow(0, "SELECT * FROM `tbl_authors` WHERE `username` = '{$username}' LIMIT 1");
     if (!is_array($rec) || empty($rec)) {
         return NULL;
     }
     $author = new Author();
     foreach ($rec as $field => $val) {
         $author->set($field, $val);
     }
     return $author;
 }
Beispiel #3
0
 /**
  * Attempts to log an Author in given a username and password.
  * If the password is not hashed, it will be hashed using the sha1
  * algorithm. The username and password will be sanitized before
  * being used to query the Database. If an Author is found, they
  * will be logged in and the sanitized username and password (also hashed)
  * will be saved as values in the `$Cookie`.
  *
  * @see toolkit.General#hash()
  * @param string $username
  *  The Author's username. This will be sanitized before use.
  * @param string $password
  *  The Author's password. This will be sanitized and then hashed before use
  * @param boolean $isHash
  *  If the password provided is already hashed, setting this parameter to
  *  true will stop it becoming rehashed. By default it is false.
  * @return boolean
  *  True if the Author was logged in, false otherwise
  */
 public function login($username, $password, $isHash = false)
 {
     $username = self::Database()->cleanValue($username);
     $password = self::Database()->cleanValue($password);
     if (strlen(trim($username)) > 0 && strlen(trim($password)) > 0) {
         $author = AuthorManager::fetch('id', 'ASC', 1, null, sprintf("\n\t\t\t\t\t\t`username` = '%s'\n\t\t\t\t\t", $username));
         if (!empty($author) && Cryptography::compare($password, current($author)->get('password'), $isHash)) {
             $this->Author = current($author);
             // Only migrate hashes if there is no update available as the update might change the tbl_authors table.
             if (!Administration::instance()->isUpgradeAvailable() && Cryptography::requiresMigration($this->Author->get('password'))) {
                 $this->Author->set('password', Cryptography::hash($password));
                 self::Database()->update(array('password' => $this->Author->get('password')), 'tbl_authors', " `id` = '" . $this->Author->get('id') . "'");
             }
             $this->Cookie->set('username', $username);
             $this->Cookie->set('pass', $this->Author->get('password'));
             self::Database()->update(array('last_seen' => DateTimeObj::get('Y-m-d H:i:s')), 'tbl_authors', sprintf(" `id` = %d", $this->Author->get('id')));
             return true;
         }
     }
     return false;
 }
 /**
  * Returns an Author by Username. This function will search the
  * `AuthorManager::$_pool` for Authors first before querying `tbl_authors`
  *
  * @param string $username
  *	The Author's username
  * @return Author|null
  *	If an Author is found, an Author object is returned, otherwise null.
  */
 public static function fetchByUsername($username)
 {
     if (!isset(self::$_pool[$username])) {
         $records = Symphony::Database()->fetchRow(0, sprintf("\n\t\t\t\t\t\tSELECT *\n\t\t\t\t\t\tFROM `tbl_authors`\n\t\t\t\t\t\tWHERE `username` = '%s'\n\t\t\t\t\t\tLIMIT 1\n\t\t\t\t\t", Symphony::Database()->cleanValue($username)));
         if (!is_array($records) || empty($records)) {
             return array();
         }
         $author = new Author();
         foreach ($records as $field => $val) {
             $author->set($field, $val);
         }
         self::$_pool[$username] = $author;
     }
     return self::$_pool[$username];
 }