public static function userDelete(\GO\Base\Model\User $user) { $dbxUser = Model\User::model()->findByPk($user->id); if ($dbxUser) { $dbxUser->delete(); } }
public function testModel() { $someModel = new Model\User(); $this->assertEquals('model\\user', $someModel->model()); }
/** * Logs a user in. * * @param string $username * @param string $password * @return Model\User or false on failure. */ public function login($username, $password, $countLogin = true) { if (!$this->fireEvent('beforelogin', array($username, $password, $countLogin))) { return false; } $user = Model\User::model()->findSingleByAttribute('username', $username); $success = true; if (!$user) { \GO::debug("LOGIN: User " . $username . " not found"); $success = false; } elseif (!$user->enabled) { \GO::debug("LOGIN: User " . $username . " is disabled"); $success = false; } elseif (!$user->checkPassword($password)) { \GO::debug("LOGIN: Incorrect password for " . $username); $success = false; } $str = "LOGIN "; $str .= $success ? "SUCCESS" : "FAILED"; $str .= " for user: \"" . $username . "\" from IP: "; if (isset($_SERVER['REMOTE_ADDR'])) { $str .= $_SERVER['REMOTE_ADDR']; } else { $str .= 'unknown'; } \GO::infolog($str); \GO::debug($str); if (!$success) { return false; } else { $this->_user = $user; $this->setCurrentUser($user->id); if ($countLogin) { $user->lastlogin = time(); $user->logins++; $user->save(true); $this->clearUserTempFiles(); } $this->fireEvent('login', array($username, $password, $user, $countLogin)); //A PHP variable named “session.use_only_cookies” controls the behaviour //of session_start(). When this variable is enabled (true) then session_start() on- //ly uses the cookies of a request for retrieving the session ID. If this variable is disa- //bled, then GET or POST requests can contain the session ID and can be used for //session fixation. This PHP variable was added in PHP 4.3.0 but is enabled by default //only since PHP 5.3.0. Environments with previous PHP versions, as well as non- //default PHP configurations are vulnerable to the session fixation attack described in //this finding if further measures are not taken. //In addition to only accepting session IDs in the form of cookies, the application //should force the re-generation of session IDs upon successful user authentication. //This way, an attacker would not be able to create a session ID that will be reused by //the application to identify a valid authenticated session. This is possible in PHP by //using the session_regenerate_id() function. if (PHP_SAPI != 'cli' && !defined('GO_NO_SESSION')) { session_regenerate_id(); } if ($countLogin) { $this->_log(\GO\Log\Model\Log::ACTION_LOGIN); } \GO::session()->values['countLogin'] = $countLogin; return $user; } }