/**
* Login a user
* @return
* @param $username Object
* @param $password Object
*/
function login($username, $password)
{
$db =& $this->db;
Kit::ClassLoader('userdata');
if (Config::Version('DBVersion') < 62) {
// We can't do CSPRNG because the field doesn't exist, so we need to do standard user login
// This can ONLY happen during an upgrade.
$dbh = PDOConnect::init();
$sth = $dbh->prepare('SELECT UserID, UserName, UserPassword, UserTypeID FROM `user` WHERE UserName = :userName');
$sth->execute(array('userName' => $username));
$rows = $sth->fetchAll();
if (count($rows) != 1) {
setMessage(__('Username or Password incorrect'));
return false;
}
$userInfo = $rows[0];
// Check the password using a MD5
if ($userInfo['UserPassword'] != md5($password)) {
setMessage(__('Username or Password incorrect'));
return false;
}
} else {
// Get the SALT for this username
if (!($userInfo = $db->GetSingleRow(sprintf("SELECT UserID, UserName, UserPassword, UserTypeID, CSPRNG FROM `user` WHERE UserName = '******'", $db->escape_string($username))))) {
setMessage(__('Username or Password incorrect'));
return false;
}
// User Data Object to check the password
$userData = new Userdata($db);
// Is SALT empty
if ($userInfo['CSPRNG'] == 0) {
// Check the password using a MD5
if ($userInfo['UserPassword'] != md5($password)) {
setMessage(__('Username or Password incorrect'));
return false;
}
// Now that we are validated, generate a new SALT and set the users password.
$userData->ChangePassword(Kit::ValidateParam($userInfo['UserID'], _INT), null, $password, $password, true);
} else {
// Check the users password using the random SALTED password
if ($userData->validate_password($password, $userInfo['UserPassword']) === false) {
setMessage(__('Username or Password incorrect'));
return false;
}
}
}
// there is a result so we store the userID in the session variable
$_SESSION['userid'] = Kit::ValidateParam($userInfo['UserID'], _INT);
$_SESSION['username'] = Kit::ValidateParam($userInfo['UserName'], _USERNAME);
$_SESSION['usertype'] = Kit::ValidateParam($userInfo['UserTypeID'], _INT);
// Set the User Object
$this->usertypeid = $_SESSION['usertype'];
$this->userid = $_SESSION['userid'];
// update the db
// write out to the db that the logged in user has accessed the page
$SQL = sprintf("UPDATE user SET lastaccessed = '" . date("Y-m-d H:i:s") . "', loggedin = 1 WHERE userid = %d", $_SESSION['userid']);
$db->query($SQL) or trigger_error(__('Can not write last accessed info.'), E_USER_ERROR);
// Switch Session ID's
global $session;
$session->setIsExpired(0);
$session->RegenerateSessionID(session_id());
return true;
}
/**
* Login a user
* @return
* @param $username Object
* @param $password Object
*/
function login($username, $password)
{
$db =& $this->db;
Kit::ClassLoader('userdata');
// Get the SALT for this username
if (!($userInfo = $db->GetSingleRow(sprintf("SELECT UserID, UserName, UserPassword, UserTypeID, CSPRNG FROM `user` WHERE UserName = '******'", $db->escape_string($username))))) {
setMessage(__('Username or Password incorrect'));
return false;
}
// User Data Object to check the password
$userData = new Userdata($db);
// Is SALT empty
if ($userInfo['CSPRNG'] == 0) {
// Check the password using a MD5
if ($userInfo['UserPassword'] != md5($password)) {
setMessage(__('Username or Password incorrect'));
return false;
}
// Now that we are validated, generate a new SALT and set the users password.
$userData->ChangePassword(Kit::ValidateParam($userInfo['UserID'], _INT), null, $password, $password, true);
} else {
// Check the users password using the random SALTED password
if ($userData->validate_password($password, $userInfo['UserPassword']) === false) {
setMessage(__('Username or Password incorrect'));
return false;
}
}
// there is a result so we store the userID in the session variable
$_SESSION['userid'] = Kit::ValidateParam($userInfo['UserID'], _INT);
$_SESSION['username'] = Kit::ValidateParam($userInfo['UserName'], _USERNAME);
$_SESSION['usertype'] = Kit::ValidateParam($userInfo['UserTypeID'], _INT);
// Set the User Object
$this->usertypeid = $_SESSION['usertype'];
$this->userid = $_SESSION['userid'];
// update the db
// write out to the db that the logged in user has accessed the page
$SQL = sprintf("UPDATE user SET lastaccessed = '" . date("Y-m-d H:i:s") . "', loggedin = 1 WHERE userid = %d", $_SESSION['userid']);
$db->query($SQL) or trigger_error(__('Can not write last accessed info.'), E_USER_ERROR);
// Switch Session ID's
global $session;
$session->setIsExpired(0);
$session->RegenerateSessionID(session_id());
return true;
}
reportError("0", __("Password incorrect. Please try again."));
}
// User Data Object to check the password
$userData = new Userdata($db);
// Is SALT empty
if ($userInfo['CSPRNG'] == 0) {
// Check the password using a MD5
if ($userInfo['UserPassword'] != md5($password)) {
$_SESSION['auth'] = false;
reportError("0", __("Password incorrect. Please try again."));
}
// Now that we are validated, generate a new SALT and set the users password.
$userData->ChangePassword(Kit::ValidateParam($userInfo['UserID'], _INT), null, $password, $password, true);
} else {
// Check the users password using the random SALTED password
if ($userData->validate_password($password, $userInfo['UserPassword']) === false) {
$_SESSION['auth'] = false;
reportError("0", __("Password incorrect. Please try again."));
}
}
$_SESSION['auth'] = true;
$_SESSION['db'] = $db;
}
}
## Check server meets specs (as specs might have changed in this release)
?>
<p><?php
echo __("First we need to check if your server meets Xibo's requirements.");
?>
</p>
<div class="checks">
