public function __construct()
{
$user_id = IsSetPost(USERS_USERID);
if (!$user_id)
{
throw new UserActionException("a user must be selected to update");
}
if (!is_numeric($user_id))
{
throw new UserActionException("a user id must be numeric");
}
$password = IsSetPost(USERS_PASSWORD);
if (!$password)
{
throw new UserActionException("a password must be set");
}
if (!is_string($password))
{
throw new UserActionException("a password must a string");
}
if (strlen($password) > 20)
{
throw new UserActionException("a password cannot be longer than 20 characters");
}
if (strlen($password) < 5)
{
throw new UserActionException("a password cannot be shorter than 5 characters");
}
$new_data[USERS_SALT] = GetNewSalt();
$new_data[USERS_PASSWORD] = GetSecondOrderHash(
$password,
$new_data[USERS_SALT]);
try
{
$user_factory =& FCore::LoadDBFactory(BN_DBFACTORY_USERMODEL);
$user_factory->update($new_data, $user_id);
}
catch(Exception $e)
{
throw new UserActionException($e->getMessage());
}
}
public function do_create()
{
$user_factory =& FCore::LoadDBFactory(BN_DBFACTORY_USERMODEL);
$data_rules = $user_factory->get_db_data_rules(
DataRules::METHOD_POST, false);
$this->data = GrabDataFromGlobal($data_rules);
$this->data[USERS_ISMASTER] = "0";
$this->data[USERS_SCHEMEUSING] = 'default';
$this->data[USERS_CREATEDWHEN] = array(
DBFactory::INSERT_ESCAPE_VAL => false,
DBFactory::INSERT_QUOTE => false,
DBFactory::INSERT_VALUE => "NOW()"
);
$password = IsSetPost(USERS_PASSWORD);
$this->data[USERS_SALT] = GetNewSalt();
$this->data[USERS_PASSWORD] = GetSecondOrderHash($password, $this->data[USERS_SALT]);
try
{
$data_rules->validate_data($this->data);
}
catch(Exception $e)
{
$this->data[USERS_PASSWORD] = $password;
throw new UserActionException($e->getMessage());
}
try
{
$this->data[USERS_USERID] = $user_factory->insert($this->data);
}
catch(DBFactoryException $e)
{
$this->data[USERS_PASSWORD] = $password;
throw new UserActionException($e->getPrevious()->getMessage());
}
catch(Exception $e)
{
$this->data[USERS_PASSWORD] = $password;
throw new UserActionException($e->getMessage());
}
}
/**
* checks the login password, returns false if failed. sets $_SESSION['validated']
* if successful
* @param <string> $passAttempt
* @param <string> $salt
* @param <string> $password
* @return <boolean>
*/
public function CheckLoginAttempt(
$username, $passAttempt, $salt, $password)
{
if (isset($_SESSION[SESSION_TIMEOUT_UNTIL]))
{
if ($_SESSION[SESSION_TIMEOUT_UNTIL] > time())
{
return false;
}
unset($_SESSION[SESSION_TIMEOUT_UNTIL]);
}
if (isset($_SESSION[SESSION_LOGIN_ATTEMPTS]))
{
if ($_SESSION[SESSION_LOGIN_ATTEMPTS] >=
FCore::$LOGIN_MAX_ATTEMPTS)
{
unset($_SESSION[SESSION_LOGIN_ATTEMPTS]);
$_SESSION[SESSION_TIMEOUT_UNTIL] =
time() + FCore::$LOGIN_TIME_FROZE;
return false;
}
$_SESSION[SESSION_LOGIN_ATTEMPTS]++;
}
else
{
$_SESSION[SESSION_LOGIN_ATTEMPTS] = 1;
}
if ($password != GetSecondOrderHash($passAttempt, $salt))
{
return false;
}
if (isset($_SESSION[SESSION_LOGIN_ATTEMPTS]))
{
unset($_SESSION[SESSION_LOGIN_ATTEMPTS]);
}
$_SESSION[SESSION_VALIDATED] = 1;
return true;
}
