Beispiel #1
0
    /** Returns the HTML of the status of the user, including the header */
    public function get_status_html(Website $website)
    {
        $status_text = $this->user->getStatusText();
        if ($status_text) {
            $status_text = '<em>' . nl2br(htmlSpecialChars($status_text)) . '</em>';
        }
        // It's safe to display the edit links, as only moderators and up can
        // view account pages of banned/deleted users.
        // Check if account is banned
        if ($this->user->getStatus() == Authentication::STATUS_BANNED) {
            // Banned
            return <<<EOT
                <div class="error">
                    {$website->tReplaced("users.status.banned.this_account", $status_text)}.
                    {$website->t("users.user_page_hidden")}
                    <a class="arrow" href="{$website->getUrlPage("edit_account_status", $this->user->getId())}">
                        {$website->t("main.edit")}
                    </a>
                </div>
EOT;
        }
        // Check if account is deleted
        if ($this->user->getStatus() == Authentication::STATUS_DELETED) {
            return <<<EOT
                <div class="error">
                    {$website->tReplaced("users.status.deleted.this_account", $status_text)}.
                    {$website->t("users.user_page_hidden")}
                    <a class="arrow" href="{$website->getUrlPage("edit_account_status", $this->user->getId())}">
                        {$website->t("main.edit")}
                    </a>
                </div>
EOT;
        }
        return '';
    }
Beispiel #2
0
 /**
  * Call this when logging in an user. If password is correct, the last
  * login date is updated. If the password storage method was outdated, the
  * password is rehashed.
  *
  * @param User $user The user.
  * @param string $password_unhashed The password entered by the user.
  */
 protected function loginCheck(User $user, $password_unhashed)
 {
     if ($this->userRepo == null) {
         // Unable to log in when userRepo is not present
         return false;
     }
     $password_hashed = $user->getPasswordHashed();
     $loggedIn = false;
     if (strLen($password_hashed) == 32 && $password_hashed[0] != '$') {
         // Still md5(sha1($pass)), update
         if (md5(sha1($password_unhashed)) == $password_hashed) {
             // Gets saved later on, when updating the last login
             $user->setPassword($password_unhashed);
             $loggedIn = true;
         }
     }
     // Try to use modern password verification
     if (!$loggedIn) {
         $loggedIn = crypt($password_unhashed, $password_hashed) === $password_hashed;
     }
     if ($loggedIn) {
         $status = $user->getStatus();
         // Check whether the account is deleted
         if ($status == Authentication::STATUS_DELETED) {
             // Act like the account doesn't exist
             return false;
         }
         // Check whether the account is banned
         if ($status == Authentication::STATUS_BANNED) {
             $text = $this->website->getText();
             $text->addError($text->tReplaced("users.status.banned.your_account", $user->getStatusText()));
             return false;
         }
         // Check password strength
         if ($user->isWeakPassword($password_unhashed)) {
             $text = $this->website->getText();
             $text->addError($text->t("users.your_password_is_insecure"), Link::of($text->getUrlPage("edit_password"), $text->t("users.password.edit")));
         }
         // Update last login date (and possibly password hash, see above) if successfull
         $user->setLastLogin(new DateTime());
         $this->userRepo->save($user);
     }
     return $loggedIn;
 }