public function loadResetPassword($parameters) { if (!isset($parameters['k'])) { return $this->loadModule('admin', 'home', 'default', true, true); } $user = new DinklyUser($this->db); $user->initWith(array('auto_login_hash' => $parameters['k'])); if (!$user->getId()) { return $this->loadModule('admin', 'login', 'forgot_password', true); } if (!strtotime($user->getAutoLoginExpire()) > time()) { DinklyFlash::set('reset_error', 'Sorry, the link has expired.'); return $this->loadModule('admin', 'login', 'forgot_password', true); } if (isset($_POST['password']) && isset($_POST['password-confirm'])) { if ($_POST['password'] != $_POST['password-confirm']) { DinklyFlash::set('reset_error', 'Passwords did not match'); } elseif (strlen($_POST['password']) < 8) { DinklyFlash::set('reset_error', 'Password must be at least 8 characters long'); } else { $user->setPassword($_POST['password']); $user->setAutoLoginHash(''); $user->setAutoLoginExpire(''); $user->save(); DinklyFlash::set('reset_success', ' Your password was successfully set. Please login using your new password.'); return $this->loadModule('admin', 'login', 'default', true); } } return true; }
/** * Verify with database the user credentials are correct and log in if so * * * @param string $username: input username of user attempting to log in * @param string $input_password: input password of user attempting to log in * * @return bool: true if correct credentials and logged on, false otherwise */ public static function authenticate($username, $input_password) { $dbo = self::fetchDB(); $sql = "select * from dinkly_user where username=" . $dbo->quote($username); $result = $dbo->query($sql)->fetchAll(); //We found a match for the username if ($result != array()) { $user = new DinklyUser(); $user->init($result[0]['id']); $hashed_password = $result[0]['password']; if (function_exists('password_verify')) { $valid_password = password_verify($input_password, $hashed_password) == $hashed_password; } else { $valid_password = crypt($input_password, $hashed_password) == $hashed_password; } if ($valid_password) { $count = $user->getLoginCount() + 1; $user->setLastLoginAt(date('Y-m-d G:i:s')); $user->setLoginCount($count); $user->save(); self::setLoggedIn(true, $result[0]['id'], $result[0]['username'], $user->getGroups()); return true; } } return false; }