Beispiel #1
0
 /**
  * create new company & user as creator & admin
  */
 public function register()
 {
     $transaction = Yii::app()->db->beginTransaction();
     try {
         //create company first
         $company = new Company();
         $company->name = $this->name;
         $company->country = $this->country;
         $company->phone = $this->phone;
         if (!$company->save()) {
             $transaction->rollback();
             return false;
         }
         //create user
         $user = new User();
         $user->username = $this->username;
         $user->password = $user->encrypt($this->password);
         $user->password_repeat = $this->password_repeat;
         $user->email = $this->email;
         $user->company_id = $company->id;
         $user->create_time_utc = $user->update_time_utc = time();
         if (!$user->save(false)) {
             $transaction->rollback();
             return false;
         }
         $company->owner_id = $company->create_user_id = $company->update_user_id = $user->id;
         if (!$company->update()) {
             $transaction->rollback();
             return false;
         }
         $user->create_user_id = $user->update_user_id = $user->id;
         if (!$user->update()) {
             $transaction->rollback();
             return false;
         }
         //create default product folder
         $defaultProductFolder = new ProductFolder();
         $defaultProductFolder->name = 'Main Folder';
         $defaultProductFolder->parent_id = 0;
         $defaultProductFolder->company_id = $company->id;
         if (!$defaultProductFolder->save()) {
             $transaction->rollback();
             return false;
         }
         $transaction->commit();
         return true;
     } catch (Exception $ex) {
         $transaction->rollback();
         return false;
     }
 }
Beispiel #2
0
 public function authenticate()
 {
     $loginType = Yii::app()->controller->module->loginType;
     if ($loginType == 0) {
         $user = User::model()->findByAttributes(array('username' => $this->username));
     } else {
         if ($loginType == 1) {
             $user = User::model()->findByAttributes(array('email' => $this->username));
         } else {
             if ($loginType == 2) {
                 $user = User::model()->findByAttributes(array('username' => $this->username));
                 if (!is_object($user)) {
                     $user = User::model()->findByAttributes(array('email' => $this->username));
                 }
             }
         }
     }
     if ($user === null) {
         if ($logintype == 1) {
             $this->errorCode = self::ERROR_EMAIL_INVALID;
         } else {
             $this->errorCode = self::ERROR_USERNAME_INVALID;
         }
     } else {
         if (User::encrypt($this->password) !== $user->password) {
             $this->errorCode = self::ERROR_PASSWORD_INVALID;
         } else {
             if ($user->status == 0 && Yii::app()->user->loginNotActive == false) {
                 $this->errorCode = self::ERROR_STATUS_NOTACTIVE;
             } else {
                 if ($user->status == -1) {
                     $this->errorCode = self::ERROR_STATUS_BANNED;
                 } else {
                     $this->id = $user->id;
                     $this->setState('id', $user->id);
                     $this->username = $user->username;
                     $this->errorCode = self::ERROR_NONE;
                 }
             }
         }
     }
     return !$this->errorCode;
 }
Beispiel #3
0
 public function login($user, $pass)
 {
     $user = filter_var($user, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
     //returns false if no such user
     $salt = User::getUserByUserName($user);
     if ($salt['success'] == false) {
         return $salt;
     }
     $pass = User::encrypt($pass, $salt['salt']);
     $query = "SELECT id\n\t\t\t\t\t   FROM users \n\t\t\t\t\t   WHERE username = :username\n\t\t\t\t\t   AND password   = :pass";
     try {
         $DBH = Utility::connectToDB();
         if ($DBH == \NULL) {
             return array('success' => false, 'error' => 'Error connecting to database');
         }
         $STH = $DBH->prepare($query);
         $STH->bindParam('username', $user);
         $STH->bindParam('pass', $pass);
         $sqlError = $STH->execute();
         $result = User::checkExecute($STH, $DBH, $sqlError);
         if ($result['success'] == false) {
             return $result;
         }
         $rowCount = $STH->rowCount();
         if ($rowCount == 1) {
             $results = $STH->fetch(PDO::FETCH_ASSOC);
             $DBH = \NULL;
             return array('success' => true, 'id' => $results['id']);
         } else {
             $DBH = \NULL;
             return array('success' => false, 'error' => 'login failure');
         }
     } catch (PDOException $e) {
         if (Debug::DEBUG) {
             echo 'Error: ' . $e->getMessage();
         }
         $DBH = \NULL;
         return array('success' => false, 'error' => 'unknown error');
     }
     return array('success' => false, 'error' => 'unknown error');
 }
Beispiel #4
0
    // An authentication attempt.
    include_once $GLOBALS['pie']['library_path'] . '/class/user.php';
    include_once $GLOBALS['pie']['library_path'] . '/share/log.php';
    $user = new User();
    if (!$user->isValidName($_REQUEST['username'])) {
        pieLog('error');
        include $GLOBALS['pie']['custom_path'] . '/frame/private_login.php';
        exit;
    }
    if (!$user->exists($_REQUEST['username'])) {
        pieLog('error');
        include $GLOBALS['pie']['custom_path'] . '/frame/private_login.php';
        exit;
    }
    $pw = $user->read($_REQUEST['username']);
    if ($pw != $user->encrypt($_REQUEST['password'])) {
        // The entered password differs from the registered password.
        // Try the crypt() command to handle old style passwords.
        $salt = substr($pw, 0, 2);
        if ($pw != crypt($_REQUEST['password'], $salt)) {
            // The entered password is just wrong.
            pieLog('error');
            include $GLOBALS['pie']['custom_path'] . '/frame/private_login.php';
            exit;
        }
    }
    // Login successful. Spaw standard login action.
    include $GLOBALS['pie']['library_path'] . '/action/login.php';
} else {
    include $GLOBALS['pie']['custom_path'] . '/frame/private_login.php';
    exit;
Beispiel #5
0
 /**
  * Login
  *
  * @param string $login      Username or email
  * @param string $password   Plain password
  * @param int    $expiration Expiration in Seconds
  *
  * @return bool
  */
 public static function login($login, $password, $expiration = 7200)
 {
     $db = Registry::getDb();
     $rows = $db->query("SELECT * FROM `users` WHERE (`username` = :username OR `email` = :email) AND `statusId` = 1 AND `password` = :password", array(":email" => $login, ":username" => $login, ":password" => User::encrypt($password)));
     if ($rows) {
         $user = new User($rows[0]);
         //Set Cookie
         $user->auth(60 * 60 * 24 * $expiration);
         //Update lastVisitDate
         $user->lastvisitDate = date("Y-m-d H:i:s");
         $user->update();
         //Log
         Log::add(LOG_LOGIN);
         return $user;
     }
 }
Beispiel #6
0
include_once "{$lib}/share/stdio.php";
include_once "{$lib}/share/string.php";
include_once "{$lib}/share/log.php";
pieRequireSuperuser();
pieHead("edit");
if (@$_REQUEST['username'] && @$_REQUEST['password']) {
    // A user has been specified.
    $user = new User();
    if (!$user->isValidName($_REQUEST['username'])) {
        pieError("InvalidUsername");
    }
    if ($user->exists($_REQUEST['username'])) {
        pieError("UserExists");
    }
    if ($_REQUEST['password'] != $_REQUEST['retype']) {
        pieError("PasswordMismatch");
    }
    // Userdata acceptable. Create new user.
    if (!$user->write($_REQUEST['username'], $user->encrypt($_REQUEST['password']))) {
        pieError("FailureForm");
    }
    $pref = new UserPref();
    $pref->write($_REQUEST['username'], "registered", time());
    $GLOBALS['pie']['user'] = $_REQUEST['username'];
    pieLog("user");
    pieNotice("SuccessForm");
} else {
    // Print the form.
    pieNotice('RegisterForm');
}
pieTail();
Beispiel #7
0
      * Le nouveau mot de passe sera celui fourni à la connexion.
      */
     @unlink(RESET_PASSWORD_FILE);
     if (file_exists(RESET_PASSWORD_FILE)) {
         $message = 'Unable to remove "' . RESET_PASSWORD_FILE . '"!';
         /* Pas supprimable ==> on ne remet pas à zéro */
     } else {
         $resetPassword = $_['password'];
         assert('!empty($resetPassword)');
         $tmpUser = User::get($_['login']);
         if (false === $tmpUser) {
             $message = "Unknown user '{$_['login']}'! No password reset.";
         } else {
             $id = $tmpUser->getId();
             $salt = $configurationManager->get('cryptographicSalt');
             $userManager->change(array('password' => User::encrypt($resetPassword, $salt)), array('id' => $id));
             $message = "User '{$_['login']}' (id={$id}) Password reset to '{$resetPassword}'.";
         }
     }
     error_log($message);
 }
 if (isset($_['usr'])) {
     $user = User::existAuthToken($_['usr']);
     if ($user == false) {
         exit("error");
         //@TODO: traduire
     } else {
         $_SESSION['currentUser'] = serialize($user);
         header('location: ./action.php?action=addFeed&newUrl=' . $_['newUrl']);
         exit;
     }
Beispiel #8
0
 function setPassword($password, $salt = '')
 {
     $this->password = User::encrypt($password, $salt);
 }
Beispiel #9
0
<?php

/*
 *	Create superuser account for user "admin", password "secret".
 */
$GLOBALS['pie']['log'] = 'Superuser Account';
if (!file_exists("{$lib}/class/user.php")) {
    bye("The user class library could not be found.");
}
include_once "{$lib}/class/user.php";
$user = new User();
if (!$user->exists("admin")) {
    if (!$user->write('admin', $user->encrypt('secret'))) {
        bye("The superuser account could not be created.");
    }
}
Beispiel #10
0
/*
 *	Change the password of a user.
 */
include_once "{$lib}/class/user.php";
include_once "{$lib}/share/auth.php";
include_once "{$lib}/share/log.php";
include_once "{$lib}/share/stdio.php";
pieRequireUser();
pieHead("edit");
if (@$_REQUEST['old'] && @$_REQUEST['new'] && @$_REQUEST['retype']) {
    if ($_REQUEST['new'] != $_REQUEST['retype']) {
        pieError("PasswordMismatch");
    }
    $user = new User();
    $pw = $user->read($GLOBALS['pie']['user']);
    if ($pw != $user->encrypt($_REQUEST['old'])) {
        // The entered password differs from the registered password.
        // Try the crypt() command to handle old style passwords.
        $salt = substr($pw, 0, 2);
        if ($pw != crypt($_REQUEST['old'], $salt)) {
            // The entered password is just wrong.
            pieLog("failure");
            pieError("PasswordFailure");
        }
    }
    // The input is acceptable. Change the password.
    if (!$user->write($GLOBALS['pie']['user'], $user->encrypt($_REQUEST['new']))) {
        pieError("PasswordFailure");
    }
    pieLog("user");
    pieNotice("PasswordSuccess");
Beispiel #11
0
    }
    if (empty($_POST["confirmPassword"])) {
        $_SESSION["erreur"][$errorCodeEmpty] = "Vous n'avez pas spécifié la confirmation du mot de passe";
    }
    if (empty($_POST["birth"])) {
        $_SESSION["erreur"][$errorCodeEmpty] = "Vous n'avez pas spécifié de date d'anniversaire";
    }
    if (isset($_POST["sexe"])) {
        if ($_POST["sexe"] == 'H' || $_POST["sexe"] == 'F') {
            $sexe = $_POST["sexe"];
        } else {
            $_SESSION["erreur"][] = "Veuillez renseigner votre sexe.";
        }
    } else {
        $_SESSION["erreur"][] = "Veuillez renseigner votre sexe.";
    }
    if (isset($_SESSION["erreur"])) {
        header("Location: /Erreur");
    }
    $user = new User($_POST["pseudo"], $_POST["birth"], $sexe, $_POST["mail"], $_POST["password"]);
    $user->encrypt();
    $req = $bdd->prepare("SELECT * FROM user WHERE UCASE(pseudo)=UCASE(:pseudo) OR UCASE(mail)=UCASE(:mail)");
    $req->execute(array(":pseudo" => $_POST["pseudo"], ":mail" => $_POST["mail"]));
    if ($req->rowCount() >= 1) {
        $_SESSION["erreur"][] = "Le pseudo ou le mail renseigner existe déjà.";
        header("Location: /Erreur");
    } else {
        $user->save();
        header("Location: /Portail/Connexion");
    }
}