/** * Performs the logic for logging into the LWS backend CMS. * * @param sfRequest $request A request object */ public function executeIndex(sfWebRequest $request) { $this->setLayout('login'); if ($request->isMethod('POST')) { $dao = new DAO(); $pw = md5($dao->getEscapedSQLString(trim($request->getPostParameter('pw')))); $email = $dao->getEscapedSQLString(trim(strtolower($request->getPostParameter('email')))); $dao->query("\n \t\t\tSELECT be_user.*, role \n \t\t\tFROM be_user INNER JOIN be_role USING(role_id) \n \t\t\tWHERE email='{$email}' AND password='******' LIMIT 1\n \t\t"); if ($dao->queryOK()) { $user = $dao->next(); $dao->query("SELECT last_login_ts FROM be_user WHERE email='{$user['email']}'"); // I know that there is a record in the DB with this email, so no need to check $ts_row = $dao->next(); $last_login = is_null($ts_row['last_login_ts']) ? 'N/A' : date('M jS Y @ g:i A', $ts_row['last_login_ts']); $dao->query("UPDATE be_user SET last_login_ts=UNIX_TIMESTAMP() WHERE email='{$user['email']}'"); $this->getUser()->setAttribute('be_user', array('first_name' => $user['first_name'], 'last_name' => $user['last_name'], 'full_name' => "{$user['first_name']} {$user['last_name']}", 'email' => $user['email'], 'role' => $user['role'], 'phone' => $user['phone'], 'phone_ext' => $user['phone_ext'], 'last_login' => $last_login, 'password' => $user['password'])); $this->getUser()->setAuthenticated(true); $this->getUser()->addCredential($user['role']); } else { if ($this->getUser()->hasAttribute('be_user')) { $this->getUser()->getAttributeHolder()->remove('be_user'); } $this->getUser()->setAuthenticated(false); $this->getUser()->setFlash('login_error', 'Invalid email and/or password!'); } // allows users to go directly to requested page after login $uri = $this->getContext()->getRouting()->getCurrentInternalUri(true); $this->redirect($uri); } return sfView::SUCCESS; }
private static function verificarCredenciais($sql) { $sucesso = false; self::$novoLogin = false; if (isset($_POST["user_login"])) { self::$login = (string) $_POST["user_login"]; } else { if (isset($_SESSION["user_login"])) { self::$login = (string) $_SESSION["user_login"]; } else { self::$login = ""; } } if (isset($_POST["senha_login"])) { self::$senha = (string) $_POST["senha_login"]; } else { if (isset($_SESSION["senha_login"])) { self::$senha = (string) $_SESSION["senha_login"]; } else { self::$senha = ""; } } if (self::$login and self::$senha) { self::$conexao = self::obterConexao(); if (self::$conexao) { $parametros = array("login" => self::$login, "senha" => md5(self::$senha)); $model_usuario_sistema = new ModelUsuario_Sistema($parametros); $usuario = DAO::query($sql, $model_usuario_sistema); if ($usuario) { $usuario = $usuario[0]; $sucesso = true; if (!isset($_SESSION["user_login"]) && !isset($_SESSION["senha_login"]) && $usuario->get('data_ultimo_acesso')) { $usuarioDAO = new Usuario_SistemaDAO(); $usuarioDAO->atualizarDataUltimoAcesso($usuario); } $_SESSION["user_login"] = $usuario->get("login"); $_SESSION["user_nome"] = $usuario->get("nome"); $_SESSION["senha_login"] = self::$senha; $_SESSION["id"] = $usuario->get("id"); $_SESSION["id_centro_custo"] = $usuario->get("id_centro_custo"); $_SESSION["centro_custo"] = $usuario->get("centro_custo"); $_SESSION["id_tipo_centro_custo"] = $usuario->get("tipo_centro_custo"); $_SESSION["id_centro_custo_superior"] = $usuario->get("id_superior"); $_SESSION["centro_custo_superior"] = $usuario->get("centro_superior"); $_SESSION["id_tipo_centro_custo_superior"] = $usuario->get("tipo_centro_custo_superior"); $_SESSION["id_cargo"] = $usuario->get("id_cargo"); $_SESSION["cargo"] = $usuario->get("cargo"); $_SESSION["data_ultimo_acesso"] = $usuario->get("data_ultimo_acesso"); $_SESSION["cpf"] = $usuario->get("cpf"); self::$novoLogin = ((string) isset($_REQUEST["user_login"]) || (string) isset($_REQUEST["url"])) && (string) isset($_REQUEST["senha_login"]) ? "1" : "0"; } else { $_SESSION["erro_login"] = "******"; } } else { $_SESSION["erro_login"] = DB::errorMessage(self::$conexao); } } return $sucesso; }
/** * Cette méthode permet de créer l'objet de connexion à une base de données * * @param string $pool Nom du pool de connection * @param string $dbname Nom de la base de données * @return DatabaseInterface */ static function createConnexion($pool, $dbname){ global $_CONST; if (isset($dbname) && isset($_CONST["POOL"][$pool]["ABSTRACTION"])){ $driverOptions = array(); // Connexion if($_CONST["POOL"][$pool]["ABSTRACTION"] == "PDO"){ // Classe d'abstraction DAO utilisant PDO require_once("drivers/DAO.class.php"); // Gestion des options du driver PDO if(isset($_CONST["POOL"][$pool]["FORCE_ENCODING"]) && $_CONST["POOL"][$pool]["FORCE_ENCODING"]!='') { if(defined('PDO::MYSQL_ATTR_INIT_COMMAND')) { $driverOptions[PDO::MYSQL_ATTR_INIT_COMMAND] = "SET NAMES ".$_CONST["POOL"][$pool]["FORCE_ENCODING"]; $fix_force_encoding_bug = false; } else { $fix_force_encoding_bug = true; } } if(isset($_CONST["POOL"][$pool]["PERSISTENT"]) && $_CONST["POOL"][$pool]["PERSISTENT"]===true) { $driverOptions[PDO::ATTR_PERSISTENT] = true; } // Ouverture d'une connexion avec PDO $connexion = new DAO($_CONST["POOL"][$pool]["TYPE"], $dbname, $_CONST["POOL"][$pool]["USER"], $_CONST["POOL"][$pool]["PASS"], $_CONST["POOL"][$pool]["HOST"], $_CONST["POOL"][$pool]["PORT"], $driverOptions); if(isset($fix_force_encoding_bug) && $fix_force_encoding_bug) { $connexion->query("SET NAMES ".$_CONST["POOL"][$pool]["FORCE_ENCODING"]); } }elseif($_CONST["POOL"][$pool]["ABSTRACTION"] == "MYSQL"){ /** Classe d'abstraction MYSQL */ require_once("drivers/Mysqlux.class.php"); // Ouverture d'une connexion avec MYSQL $connexion = new Mysqlux($_CONST["POOL"][$pool]["TYPE"],$dbname, $_CONST["POOL"][$pool]["USER"], $_CONST["POOL"][$pool]["PASS"], $_CONST["POOL"][$pool]["HOST"], $_CONST["POOL"][$pool]["PORT"], $driverOptions); if(isset($_CONST["POOL"][$pool]["FORCE_ENCODING"]) && $_CONST["POOL"][$pool]["FORCE_ENCODING"]!='') { $connexion->query("SET NAMES ".$_CONST["POOL"][$pool]["FORCE_ENCODING"]); } }else{ // Génération d'une DataBaseException throw new DataBaseException("Erreur de connection '".$dbname."'","La couche d'abastraction '".$_CONST["POOL"][$pool]["ABSTRACTION"]."' n'est pas impléméntée !",""); } $connexion->logType = isset($_CONST["POOL"][$pool]["LOG"]) ? $_CONST["POOL"][$pool]["LOG"] : null; }else{ // Génération d'une DataBaseException throw new DataBaseException("Erreur de connection '".$dbname."'","La base de données '".$dbname."' n'est pas configurée !",""); } return $connexion; }
public function executeUpdatePassword(sfWebRequest $request) { $form = $request->getPostParameters(); if (md5($form['cpw']) == $form['user_pw']) { $dao = new DAO(); $dao->query("UPDATE be_user SET password=MD5('{$form['npw']}') WHERE email='{$form['user_email']}'"); if ($dao->updateOK()) { $html = 'Your password has been changed successfully.'; } else { $err = $dao->getError(); $html = "Your password has not been changed.<br />{$err}"; } } else { $html = 'Your supplied current password is invalid. Your password was not changed.'; } $response = $this->getResponse(); $response->setContentType('text/html'); $response->sendHttpHeaders(); return $this->renderText($html); }