Beispiel #1
0
 public function UpdateField($fieldAlias, $newValue, &$pkVal = NULL)
 {
     $cUser = $this->LookupRecord(array('user_id' => uUserLogin::IsLoggedIn()));
     if ($fieldAlias == 'username') {
         $newValue = trim($newValue);
         if ($newValue === $cUser['username']) {
             return;
         }
         if (!preg_match('/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,4}$/i', $newValue)) {
             uNotices::AddNotice('You must enter a valid email address.', NOTICE_TYPE_ERROR);
             return;
         }
         if (uUsersList::TestCredentials($cUser['username'], $_POST[$this->CreateSqlField('current_password_email', $pkVal)]) === false) {
             uNotices::AddNotice('The password you entered does not match our records.', NOTICE_TYPE_ERROR);
             return;
         }
         uNotices::AddNotice('You must validate your new email address before you are able to log in with it.');
     }
     if ($fieldAlias == 'password') {
         if (!$newValue) {
             return;
         }
         if ($newValue !== $_POST[$this->CreateSqlField('confirm_password', $pkVal)]) {
             uNotices::AddNotice('Password confirmation did not match, please try again.', NOTICE_TYPE_WARNING);
             return;
         }
         if (uUsersList::TestCredentials($cUser['username'], $_POST[$this->CreateSqlField('current_password', $pkVal)]) === false) {
             uNotices::AddNotice('The password you entered does not match our records.', NOTICE_TYPE_ERROR);
             return;
         }
         uNotices::AddNotice('Your password has been updated.');
     }
     return parent::UpdateField($fieldAlias, $newValue, $pkVal);
 }
Beispiel #2
0
 public static function TryLogin()
 {
     if (isset($_SESSION['current_user'])) {
         return;
     }
     // login not attempted.
     if (!array_key_exists('__login_u', $_POST)) {
         return;
     }
     if (!array_key_exists('__login_p', $_POST)) {
         return;
     }
     $un = $_POST['__login_u'];
     $pw = $_POST['__login_p'];
     unset($_POST['__login_p']);
     if (($userID = uUsersList::TestCredentials($un, $pw)) !== false) {
         self::SetLogin($userID);
         $obj = utopia::GetInstance(__CLASS__);
         $rec = $obj->LookupRecord($userID, true);
         // check if password is the most secure we can have.
         if ($rec && !uCrypt::IsStrongest($pw, $rec['password'])) {
             $pk = $rec['user_id'];
             $obj->UpdateField('password', uCrypt::Encrypt($pw), $pk);
         }
         $obj->UpdateFieldRaw('last_login', 'NOW()', $userID);
         if (isset($_REQUEST['remember_me'])) {
             session_set_cookie_params(604800, PATH_REL_ROOT);
             session_regenerate_id(true);
             $_SESSION['SESSION_LIFETIME'] = 604800;
         }
         uEvents::TriggerEvent('AfterLogin');
     } else {
         uNotices::AddNotice('Username and password do not match.', NOTICE_TYPE_ERROR);
     }
 }