/** Returns the HTML of the status of the user, including the header */
public function get_status_html(Website $website)
{
$status_text = $this->user->getStatusText();
if ($status_text) {
$status_text = '<em>' . nl2br(htmlSpecialChars($status_text)) . '</em>';
}
// It's safe to display the edit links, as only moderators and up can
// view account pages of banned/deleted users.
// Check if account is banned
if ($this->user->getStatus() == Authentication::STATUS_BANNED) {
// Banned
return <<<EOT
<div class="error">
{$website->tReplaced("users.status.banned.this_account", $status_text)}.
{$website->t("users.user_page_hidden")}
<a class="arrow" href="{$website->getUrlPage("edit_account_status", $this->user->getId())}">
{$website->t("main.edit")}
</a>
</div>
EOT;
}
// Check if account is deleted
if ($this->user->getStatus() == Authentication::STATUS_DELETED) {
return <<<EOT
<div class="error">
{$website->tReplaced("users.status.deleted.this_account", $status_text)}.
{$website->t("users.user_page_hidden")}
<a class="arrow" href="{$website->getUrlPage("edit_account_status", $this->user->getId())}">
{$website->t("main.edit")}
</a>
</div>
EOT;
}
return '';
}
/**
* Call this when logging in an user. If password is correct, the last
* login date is updated. If the password storage method was outdated, the
* password is rehashed.
*
* @param User $user The user.
* @param string $password_unhashed The password entered by the user.
*/
protected function loginCheck(User $user, $password_unhashed)
{
if ($this->userRepo == null) {
// Unable to log in when userRepo is not present
return false;
}
$password_hashed = $user->getPasswordHashed();
$loggedIn = false;
if (strLen($password_hashed) == 32 && $password_hashed[0] != '$') {
// Still md5(sha1($pass)), update
if (md5(sha1($password_unhashed)) == $password_hashed) {
// Gets saved later on, when updating the last login
$user->setPassword($password_unhashed);
$loggedIn = true;
}
}
// Try to use modern password verification
if (!$loggedIn) {
$loggedIn = crypt($password_unhashed, $password_hashed) === $password_hashed;
}
if ($loggedIn) {
$status = $user->getStatus();
// Check whether the account is deleted
if ($status == Authentication::STATUS_DELETED) {
// Act like the account doesn't exist
return false;
}
// Check whether the account is banned
if ($status == Authentication::STATUS_BANNED) {
$text = $this->website->getText();
$text->addError($text->tReplaced("users.status.banned.your_account", $user->getStatusText()));
return false;
}
// Check password strength
if ($user->isWeakPassword($password_unhashed)) {
$text = $this->website->getText();
$text->addError($text->t("users.your_password_is_insecure"), Link::of($text->getUrlPage("edit_password"), $text->t("users.password.edit")));
}
// Update last login date (and possibly password hash, see above) if successfull
$user->setLastLogin(new DateTime());
$this->userRepo->save($user);
}
return $loggedIn;
}