function _retryReport()
{
require_once libfile('class/sec');
$sec = Sec::getInstance();
$sec->retryReportData();
}
/**
* The public action for loging into the system
* @access public
* @todo TestCase
*/
public function login()
{
$error = true;
if(!empty($this->data)){
$user = $this->User->find('first', array(
'conditions'=>array('or' => array(
'User.id' => $this->data['User']['username'],
'User.username' => $this->data['User']['username'],
'User.email' => $this->data['User']['username']
)),
'contain' => array(
'UserSetting' => array()
)
));
if(empty($user)){
$this->log("User not found {$this->data['User']['username']}", 'weekly_user_login');
$error = true;
}else{
if(Configure::read('Login.attempts') > 0){
if($user['User']['last_login_attempt'] != null){
if(($user['User']['last_login_attempt'] + (Configure::read('Login.lockout')*60))
> strtotime('now')){
if($user['User']['login_attempts'] == Configure::read('Login.attempts')){
$this->set('lockout', 1);
$this->request->data['User']['password'] = null;
}
}else{
$person['Person']['login_attempts'] = 0;
$person['Person']['last_login_attempt'] = null;
$person['Person']['id'] = $user['User']['id'];
$this->Person->save($person);
}
}
}
$hash = Sec::hashPassword($this->data['User']['password'], $user['User']['salt']);
if($hash == $user['User']['password']){
if($this->Auth->login($user['User'])){
$this->Session->setFlash(__('You have been authenticated'), 'success');
$this->Session->write('Auth.User', $user['User']);
$this->Session->write('Auth.User.Settings', $user['UserSetting']);
$this->Access->permissions($user['User']);
$person['Person']['login_attempts'] = 0;
$person['Person']['last_login_attempt'] = null;
$person['Person']['id'] = $user['User']['id'];
$this->Person->save($person);
$this->redirect($this->Auth->redirect());
$error = false;
}else{
$error = true;
}
}else{
if(Configure::read('Login.attempts') > 0){
if($user['User']['login_attempts'] < Configure::read('Login.attempts')){
$person['Person']['last_login_attempt'] = strtotime('now');
$person['Person']['login_attempts'] = ($user['User']['login_attempts']+1);
$person['Person']['id'] = $user['User']['id'];
$this->Person->save($person);
}
}
$this->log("Password mismatch {$this->data['User']['username']}", 'weekly_user_login');
$error = true;
}
}
if($error) {
$this->Session->setFlash(__('You could not be authenticated'), 'error');
}
}
$this->set('title_for_layout', __('Login to Your Account'));
}
/**
* A generalized method for performing a password change
* @access public
* @param data array - A 1 deminisonal array focused in the user data
* @return array
*/
public function changePassword($data)
{
$this->create();
//Create a salt value for the user
$salt = Sec::makeSalt();
//Load salt into the data array
$data['salt'] = $salt;
$data['temp_password'] = $data['password'];
//Hash the password and its verifcation then load it into the data array
$data['password'] = Sec::hashPassword($data['password'], $salt);
$data['verify_password'] = Sec::hashPassword($data['verify_password'], $salt);
//set expiration date for the password
$data['password_expires'] = date("Y-m-d H:i:s", strtotime("+".Configure::read('Password.expiration')." Days"));
//Clear out any password reset request tokens along with a successfull password reset
$data['password_reset_token'] = null;
$data['password_reset_token_expiry'] = null;
//Try to save the new user record
if($this->save($data)){
$_SESSION['Auth']['User']['password_expires'] = $data['password_expires'];
return array('password' => $data['password'], 'salt' => $data['salt']);
}else{
return array();
}
}
function logBannedMember($username, $reason = 'Admin Banned')
{
if (notOpenService()) {
return false;
}
if (!$username) {
return false;
}
$username = daddslashes($username);
$uid = DB::result_first("SELECT uid FROM " . DB::table('common_member') . " WHERE username = '******'");
if ($uid) {
require_once libfile('class/sec');
$sec = Sec::getInstance();
$data = array('uid' => $uid, 'openId' => getOpenId($uid), 'clientIp' => getMemberIp($uid));
$sec->logFailed('banUser', $data, $reason);
}
}
/**
* The result of makeSalt() MUST NOT ever yeild the same results twice
*
* @return void
* @access public
*/
public function testMakeSaltAmbiguity() {
$hash1 = Sec::makeSalt();
$hash2 = Sec::makeSalt();
$this->assertNotEqual($hash1, $hash2);
}
<?php
/**
* [Discuz!] (C)2001-2099 Comsenz Inc.
* This is NOT a freeware, use is subject to license terms
*
* $Id: job.inc.php 27070 2012-01-04 05:55:20Z songlixin $
*/
if (!defined('IN_DISCUZ')) {
exit('Access Denied');
}
if ($_G['gp_formhash'] != formhash()) {
exit('Access Denied');
}
require_once libfile('class/sec');
$sec = Sec::getInstance();
$limit = 3;
while ($limit > 0) {
$limit = $limit - 1;
$sec->retryReportData();
}
