public function save()
 {
     $stmt = CW::$app->db->executeQuery("SELECT `password` FROM `users` WHERE `id` = {$this->userId}");
     $result = $stmt->fetchAll(\PDO::FETCH_ASSOC);
     $oldPass = 0 < count($result) ? $result[0]['password'] : null;
     if (null === $oldPass) {
         return false;
     }
     if ($this->newPassword === $this->confirmPassword && Security::verifyHash($this->oldPassword, $oldPass)) {
         $stmt = CW::$app->db->prepare("UPDATE `users` SET `password` = :newPassword WHERE `id` = :userId");
         return $stmt->execute([':newPassword' => Security::hash($this->newPassword), ':userId' => $this->userId]);
     }
     return false;
 }
Beispiel #2
0
 public function login($email, $password, $remember = false)
 {
     if ($this->isLogged()) {
         return true;
     }
     $loginSuccess = false;
     $stmt = \CW::$app->db->prepare('SELECT id, username, email, password, profile_img_id FROM `users` WHERE `email` = :email');
     $stmt->execute([':email' => $email]);
     $result = $stmt->fetchAll(\PDO::FETCH_ASSOC);
     if (0 < count($result)) {
         $result = $result[0];
         $loginSuccess = \components\Security::verifyHash($password, $result['password']);
         if ($loginSuccess) {
             $this->_login($result['id'], $result['username'], $result['profile_img_id'], $remember);
         }
     }
     return $loginSuccess;
 }
Beispiel #3
0
 public function dispatch($route)
 {
     if (is_string($route)) {
         $route = $this->getPath($route);
     }
     $contrId = $contrName = $route['contr'];
     $contrName[0] = chr(ord($contrName) ^ 32);
     $action = $actionName = $route['action'];
     $actionName[0] = chr(ord($actionName) ^ 32);
     $controllerClass = "controllers\\{$contrName}Controller";
     $classPath = CW::$app->params['sitePath'] . str_replace('\\', '/', $controllerClass) . '.php';
     if (!file_exists($classPath)) {
         throw new NotFoundException();
     }
     $controllerClass = "\\{$controllerClass}";
     $this->controllerInst = new $controllerClass($contrId, $action);
     $actionMethod = "do{$actionName}";
     if (!$this->controllerInst->hasMethod($actionMethod)) {
         throw new NotFoundException();
     }
     $rules = $this->controllerInst->rules();
     $actionRules = isset($rules[$action]) ? $rules[$action] : (isset($rules['*']) ? $rules['*'] : null);
     if (null !== $actionRules) {
         if (isset($actionRules['response_type'])) {
             $this->controllerInst->responseType = $actionRules['response_type'];
             $this->response->setContentType($actionRules['response_type']);
         }
         if (isset($actionRules['methods']) && !in_array(strtolower($_SERVER['REQUEST_METHOD']), $actionRules['methods'])) {
             throw new WrongMethodException();
         }
         if (isset($actionRules['roles']) && in_array(Controller::REQUIRED_LOGIN, $actionRules['roles']) && !$this->user->inRole($actionRules['roles'])) {
             if (!$this->request->isAjax()) {
                 $this->controllerInst->forward('site/login');
                 return;
             }
             throw new ForbiddenException();
         }
     }
     $this->controllerInst->beforeAction($action);
     if ($this->controllerInst->hasCsrfValidation && (!$this->request->param('_csrf') || !Security::verifyHash($_SESSION['_csrf'], $this->request->param('_csrf')))) {
         throw new ForbiddenException();
     }
     $view = $this->controllerInst->{$actionMethod}();
     $this->renderView($view, $action, $contrName);
 }