public static function login($username, $password, $set_cookie = false) { self::logout(); $user = User::findBy('username', $username); if (!$user instanceof User && self::ALLOW_LOGIN_WITH_EMAIL) { $user = User::findBy('email', $username); } if ($user instanceof User && $user->password == sha1($password)) { $user->last_login = date('Y-m-d H:i:s'); $user->save(); if ($set_cookie) { $time = $_SERVER['REQUEST_TIME'] + self::COOKIE_LIFE; setcookie(self::COOKIE_KEY, self::bakeUserCookie($time, $user), $time, '/', null, isset($_ENV['SERVER_PROTOCOL']) && (strpos($_ENV['SERVER_PROTOCOL'], 'https') || strpos($_ENV['SERVER_PROTOCOL'], 'HTTPS'))); } self::setInfos($user); return true; } else { if (self::DELAY_ON_INVALID_LOGIN) { if (!isset($_SESSION[self::SESSION_KEY . '_invalid_logins'])) { $_SESSION[self::SESSION_KEY . '_invalid_logins'] = 1; } else { ++$_SESSION[self::SESSION_KEY . '_invalid_logins']; } sleep(max(0, min($_SESSION[self::SESSION_KEY . '_invalid_logins'], ini_get('max_execution_time') - 1))); } return false; } }
public function currentUser() { if (session_status() == PHP_SESSION_NONE) { session_start(); } if (isset($_SESSION['user_id'])) { return User::findBy('user_id', $_SESSION['user_id']); } }
function _sendPasswordTo($email) { $user = User::findBy('email', $email); if ($user) { use_helper('Email'); $new_pass = '******' . dechex(rand(100000000, 4294967295)) . 'K'; $user->password = sha1($new_pass); $user->save(); $email = new Email(); $email->from('*****@*****.**', 'Frog CMS'); $email->to($user->email); $email->subject('Your new password from Frog CMS'); $email->message('username: '******'success', 'An email has been send with your new password!'); redirect(get_url('login')); } else { Flash::set('email', $email); Flash::set('error', 'No user found!'); redirect(get_url('login/forgot')); } }
public static function activation() { //User::removeNonActivatedUsers(3600); // for last hour $login = urldecode(Core::validate(self::getVar('login'))); $code = Core::validate(self::getVar('code')); $nonActivatedUser = User::findBy(array('Login' => $login, 'Activation' => 0)); if (empty($nonActivatedUser)) { header('Location: /'); // too late exit; } $usr = new User(); $usr->findById($nonActivatedUser[0]['id']); $rightCode = self::calcActivationCode($usr); if ($code != $rightCode) { header('Location: /'); exit; } $usr->update(array('Activation' => 1)); self::createEmptyPursesFor($usr->getId()); $session = new Session(); $session->create($usr->getId(), Core::getClientIP()); header('Location: /usr/mypage/'); }
/** * Save the original group membership * * @param string $strColumn * @param mixed $varValue * * @return boolean */ public function findBy($strColumn, $varValue) { if (parent::findBy($strColumn, $varValue) === false) { return false; } $this->arrGroups = $this->groups; return true; }
/** * Attempts to log in a user based on the username and password they provided. * * @param string $username User provided username. * @param string $password User provided password. * @param boolean $set_cookie Set a "remember me" cookie? Defaults to false. * @return boolean Returns true when successful, otherwise false. */ public static final function login($username, $password, $set_cookie = false, $validate_password = true) { self::logout(); $user = User::findBy('username', $username); if (self::DELAY_ON_INVALID_LOGIN && $user->failure_count > 0) { $last = explode(' ', $user->last_failure); $date = explode('-', $last[0]); $hours = explode(':', $last[1]); $last = mktime($hours[0], $hours[1], $hours[2], $date[1], $date[2], $date[0]); // thirty (by default) second delay for every failed attempt $now = time() - self::DELAY_ONCE_EVERY * $user->failure_count; if ($last > $now) { return false; } } if (!$user instanceof User && self::ALLOW_LOGIN_WITH_EMAIL) { $user = User::findBy('email', $username); } if ($user instanceof User && (false === $validate_password || self::validatePassword($user, $password))) { $user->last_login = date('Y-m-d H:i:s'); $user->failure_count = 0; $user->save(); if ($set_cookie) { $time = $_SERVER['REQUEST_TIME'] + self::COOKIE_LIFE; setcookie(self::COOKIE_KEY, self::bakeUserCookie($time, $user), $time, '/', null, isset($_ENV['SERVER_PROTOCOL']) && (strpos($_ENV['SERVER_PROTOCOL'], 'https') || strpos($_ENV['SERVER_PROTOCOL'], 'HTTPS'))); } // Regenerate Session ID upon login session_regenerate_id(true); self::setInfos($user); return true; } else { if ($user instanceof User) { $user->last_failure = date('Y-m-d H:i:s'); $user->failure_count = ++$user->failure_count; $user->save(); } return false; } }
function testFindByOrderSQL() { $user = new User(); $users = $user->findBy('id', 1, 'username ASC'); $this->assertEqual($user->lastSqlQuery, 'SELECT * FROM `users` WHERE `id` = 1 ORDER BY username ASC'); }
/** * Save the original group membership * @param int * @return boolean */ public function findBy($strRefField, $varRefId) { if (parent::findBy($strRefField, $varRefId) === false) { return false; } $this->arrGroups = $this->groups; return true; }
public function getUser() { return User::findBy('email', $this->username)->getFirst(); }
/** * This method is used to send a newly generated password to a user. * * @param string $email The user's email adress. */ private function _sendPasswordTo($email) { $user = User::findBy('email', $email); if ($user) { use_helper('Email'); $new_pass = '******' . dechex(rand(100000000, 4294967295)) . 'K'; $user->password = AuthUser::generateHashedPassword($new_pass . $user->salt); $user->save(); $email = new Email(); $email->from(Setting::get('admin_email'), Setting::get('admin_title')); $email->to($user->email); $email->subject(__('Your new password from ') . Setting::get('admin_title')); $email->message(__('Username') . ': ' . $user->username . "\n" . __('Password') . ': ' . $new_pass); $email->send(); Flash::set('success', __('An email has been sent with your new password!')); redirect(get_url('login')); } else { Flash::set('email', $email); Flash::set('error', __('No user found!')); redirect(get_url('login/forgot')); } }
public function cmdPassword() { try { $login = ArgsHolder::get()->shiftCommand(); $password = ArgsHolder::get()->shiftCommand(); if ($login === false) { return io::out('Incorrect param count', IO::MESSAGE_FAIL) | 1; } if ($user = User::findBy("login", $login)) { if (!$password) { IO::out('New password: '******'Confirm New password: '******'Passwords not match.', IO::MESSAGE_FAIL) | 2; } } $user->setPassword($password); } else { return io::out(PHP_EOL . 'User ~WHITE~' . $login . '~~~ not found', IO::MESSAGE_FAIL) | 3; } } catch (UserException $e) { return io::out($e->getMessage(), IO::MESSAGE_FAIL) | 127; } }