private function isConnected()
 {
     $id = $this->get("id");
     if ($id != null) {
         $userModel = new UserModel();
         $user = $userModel->getById($id);
         /** @var UserEntity $user */
         if ($user) {
             if (!$user->getActive()) {
                 return false;
             }
             if ($user->getAuthentification() == UserModel::AUTHENTIFICATION_BY_PASSWORD) {
                 $password = $this->get("password");
                 if ($password != null) {
                     $passwordModel = new PasswordModel();
                     $passwordEntity = $passwordModel->getByUser($user);
                     return $passwordEntity->getPassword() === $password;
                 }
             } else {
                 if ($user->getAuthentification() == UserModel::AUTHENTIFICATION_BY_EXTERNAL) {
                     return true;
                 }
             }
         }
     }
     return false;
 }
 /**
  * Logs a user in, using the local Craft user-base if possible, or falling back to legacy user-base data.
  *
  * @param string $username   The user’s username.
  * @param string $password   The user’s submitted password.
  * @param bool   $rememberMe Whether the user should be remembered.
  *
  * @throws Exception
  * @return bool Whether the user was logged in successfully.
  */
 public function login($username, $password, $rememberMe = false)
 {
     // First, try logging in a native User.
     $nativeSuccess = craft()->userSession->login($username, $password, $rememberMe);
     if ($nativeSuccess === true) {
         return LegacyLoginPlugin::NativeUserType;
     }
     // Okay, we'll try to match and validate a legacy user...
     // First, validate the provided username/password.
     $usernameModel = new UsernameModel(['username' => $username]);
     $passwordModel = new PasswordModel(['password' => $password]);
     if (!$usernameModel->validate() || !$passwordModel->validate()) {
         LegacyLoginPlugin::log($username . ' tried to log in unsuccessfully, but there was a validation issue with the username or password.', LogLevel::Warning);
         return false;
     }
     // Okay, we have a valid username and password... Can we authenticate a legacy user?
     $allowedServices = craft()->config->get('allowedServices', 'legacylogin');
     // Bail if we're mis-configured
     if (!is_array($allowedServices)) {
         return false;
     }
     // Try each service in sequence...
     foreach ($allowedServices as $service) {
         switch ($service) {
             case LegacyLoginPlugin::BigCommerceLegacyUserType:
                 if (LegacyLogin_BigCommerceHelper::login($username, $password, $rememberMe)) {
                     return LegacyLoginPlugin::BigCommerceLegacyUserType;
                 }
                 break;
             case LegacyLoginPlugin::EE2LegacyUserType:
                 if (LegacyLogin_Ee2Helper::login($username, $password, $rememberMe)) {
                     return LegacyLoginPlugin::EE2LegacyUserType;
                 }
                 break;
             case LegacyLoginPlugin::WellspringLegacyUserType:
                 if (LegacyLogin_WellspringHelper::login($username, $password, $rememberMe)) {
                     return LegacyLoginPlugin::WellspringLegacyUserType;
                 }
                 break;
             case LegacyLoginPlugin::WordPressLegacyUserType:
                 if (LegacyLogin_WordPressHelper::login($username, $password, $rememberMe)) {
                     return LegacyLoginPlugin::WordPressLegacyUserType;
                 }
                 break;
         }
     }
     // Alas, it just wasn't meant to be.
     LegacyLoginPlugin::log($username . ' could not be authenticated as a legacy user.', LogLevel::Warning);
     return false;
 }
Ejemplo n.º 3
0
 public function load()
 {
     parent::load();
     $m = new PasswordModel();
     if ($this->isPost() && isset($_POST['id']) && isset($_POST['email']) && is_numeric($_POST['id'])) {
         $playerId = intval($_POST['id']);
         $email = $_POST['email'];
         $this->pageState = $m->isPlayerIdHasEmail($playerId, $email) ? 3 : 2;
         if ($this->pageState == 3) {
             $name = $m->getPlayerName($playerId);
             $newPassword = substr(md5(dechex($playerId * mt_rand(10, 100))), mt_rand(1, 5), 7);
             $n = dechex(hexdec($newPassword) ^ hexdec(substr(md5($name), 2, 7)));
             $link = WebHelper::getbaseurl() . "password.php?id=" . $playerId . "&n=" . $n . "&c=" . substr(md5(dechex($playerId) . $name . "777"), 7, 7);
             $to = $email;
             $from = $this->appConfig['system']['email'];
             $subject = forget_password_subject;
             $message = sprintf(forget_password_body, $name, $name, $newPassword, $link, $link);
             WebHelper::sendmail($to, $from, $subject, $message);
         }
     } else {
         if (isset($_GET['id']) && is_numeric($_GET['id'])) {
             $this->playerId = intval($_GET['id']);
             $this->pageState = $m->isPlayerIdExists($this->playerId) ? 1 : 0 - 1;
             if (isset($_GET['n']) && trim($_GET['n']) != "" && isset($_GET['c'])) {
                 if ($this->pageState == 1) {
                     $name = $m->getPlayerName($this->playerId);
                     if (trim($_GET['c']) == substr(md5(dechex($this->playerId) . $name . "777"), 7, 7)) {
                         $newPassword = dechex(hexdec($_GET['n']) ^ hexdec(substr(md5($name), 2, 7)));
                         $m->setPlayerPassword($this->playerId, $newPassword);
                         $this->pageState = 4;
                     } else {
                         $this->pageState = 5;
                     }
                 } else {
                     $this->pageState = 5;
                 }
             }
         }
     }
     $m->dispose();
 }
 /**
  * Starts an elevated user session for the current user.
  *
  * @param string $password the current user’s password
  *
  * @return bool Whether the password was valid, and the user session has been elevated
  */
 public function startElevatedSession($password)
 {
     // Get the current user
     $user = $this->getUser();
     if (!$user) {
         return false;
     }
     // Validate the password
     $passwordModel = new PasswordModel();
     $passwordModel->password = $password;
     if ($passwordModel->validate() && craft()->users->validatePassword($user->password, $password)) {
         // Set the elevated session expiration date
         $this->setState(self::ELEVATED_SESSION_TIMEOUT_VAR, time() + craft()->config->getElevatedSessionDuration());
         return true;
     }
     return false;
 }
Ejemplo n.º 5
0
 /**
  * Sets a user record up for a new password without saving it.
  *
  * @param UserModel  $user                        The user who is getting a new password.
  * @param UserRecord $userRecord                  The user’s record.
  * @param bool       $updatePasswordResetRequired Whether the user’s
  *                                                {@link UserModel::passwordResetRequired passwordResetRequired}
  *                                                attribute should be set `false`. Default is `true`.
  * @param bool       $forceDifferentPassword      Whether to force a new password to be different from any existing
  *                                                password.
  *
  * @return bool
  */
 private function _setPasswordOnUserRecord(UserModel $user, UserRecord $userRecord, $updatePasswordResetRequired = true, $forceDifferentPassword = false)
 {
     // Validate the password first
     $passwordModel = new PasswordModel();
     $passwordModel->password = $user->newPassword;
     $validates = false;
     // If it's a new user AND we allow public registration, set it on the 'password' field and not 'newpassword'.
     if (!$user->id && craft()->systemSettings->getSetting('users', 'allowPublicRegistration')) {
         $passwordErrorField = 'password';
     } else {
         $passwordErrorField = 'newPassword';
     }
     if ($passwordModel->validate()) {
         if ($forceDifferentPassword) {
             // See if the passwords are the same.
             if (craft()->security->checkPassword($user->newPassword, $userRecord->password)) {
                 $user->addErrors(array($passwordErrorField => Craft::t('That password is the same as your old password. Please choose a new one.')));
             } else {
                 $validates = true;
             }
         } else {
             $validates = true;
         }
         if ($validates) {
             // Fire an 'onBeforeSetPassword' event
             $event = new Event($this, array('password' => $user->newPassword, 'user' => $user));
             $this->onBeforeSetPassword($event);
             // Is the event is giving us the go-ahead?
             $validates = $event->performAction;
         }
     }
     if ($validates) {
         $hash = craft()->security->hashPassword($user->newPassword);
         $userRecord->password = $user->password = $hash;
         $userRecord->invalidLoginWindowStart = null;
         $userRecord->invalidLoginCount = $user->invalidLoginCount = null;
         $userRecord->verificationCode = null;
         $userRecord->verificationCodeIssuedDate = null;
         // If it's an existing user, reset the passwordResetRequired bit.
         if ($updatePasswordResetRequired && $user->id) {
             $userRecord->passwordResetRequired = $user->passwordResetRequired = false;
         }
         $userRecord->lastPasswordChangeDate = $user->lastPasswordChangeDate = DateTimeHelper::currentUTCDateTime();
         $user->newPassword = null;
         $success = true;
     } else {
         $user->addErrors(array($passwordErrorField => $passwordModel->getErrors('password')));
         $success = false;
     }
     if ($success) {
         // Fire an 'onSetPassword' event
         $this->onSetPassword(new Event($this, array('user' => $user)));
     }
     return $success;
 }
Ejemplo n.º 6
0
 /**
  * Logs a user in.
  *
  * If $rememberMe is set to `true`, the user will be logged in for the duration specified by the
  * [rememberedUserSessionDuration](http://buildwithcraft.com/docs/config-settings#rememberedUserSessionDuration)
  * config setting. Otherwise it will last for the duration specified by the
  * [userSessionDuration](http://buildwithcraft.com/docs/config-settings#userSessionDuration)
  * config setting.
  *
  * @param string $username   The user’s username.
  * @param string $password   The user’s submitted password.
  * @param bool   $rememberMe Whether the user should be remembered.
  *
  * @throws Exception
  * @return bool Whether the user was logged in successfully.
  */
 public function login($username, $password, $rememberMe = false)
 {
     // Validate the username/password first.
     $usernameModel = new UsernameModel();
     $passwordModel = new PasswordModel();
     $usernameModel->username = $username;
     $passwordModel->password = $password;
     // Require a userAgent string and an IP address to help prevent direct socket connections from trying to login.
     if (!craft()->request->userAgent || !$_SERVER['REMOTE_ADDR']) {
         Craft::log('Someone tried to login with loginName: ' . $username . ', without presenting an IP address or userAgent string.', LogLevel::Warning);
         $this->logout(true);
         $this->requireLogin();
     }
     // Validate the model.
     if ($usernameModel->validate() && $passwordModel->validate()) {
         // Authenticate the credentials.
         $this->_identity = new UserIdentity($username, $password);
         $this->_identity->authenticate();
         // Was the login successful?
         if ($this->_identity->errorCode == UserIdentity::ERROR_NONE) {
             // See if the 'rememberUsernameDuration' config item is set. If so, save the name to a cookie.
             $rememberUsernameDuration = craft()->config->get('rememberUsernameDuration');
             if ($rememberUsernameDuration) {
                 $this->saveCookie('username', $username, DateTimeHelper::timeFormatToSeconds($rememberUsernameDuration));
             } else {
                 // Just in case...
                 $this->deleteStateCookie('username');
             }
             // Get how long this session is supposed to last.
             $this->authTimeout = craft()->config->getUserSessionDuration($rememberMe);
             $id = $this->_identity->getId();
             $states = $this->_identity->getPersistentStates();
             // Fire an 'onBeforeLogin' event
             $this->onBeforeLogin(new Event($this, array('username' => $usernameModel->username)));
             // Run any before login logic.
             if ($this->beforeLogin($id, $states, false)) {
                 $this->changeIdentity($id, $this->_identity->getName(), $states);
                 // Fire an 'onLogin' event
                 $this->onLogin(new Event($this, array('username' => $usernameModel->username)));
                 if ($this->authTimeout) {
                     if ($this->allowAutoLogin) {
                         $user = craft()->users->getUserById($id);
                         if ($user) {
                             // Save the necessary info to the identity cookie.
                             $sessionToken = StringHelper::UUID();
                             $hashedToken = craft()->security->hashData(base64_encode(serialize($sessionToken)));
                             $uid = craft()->users->handleSuccessfulLogin($user, $hashedToken);
                             $data = array($this->getName(), $sessionToken, $uid, $rememberMe ? 1 : 0, craft()->request->getUserAgent(), $this->saveIdentityStates());
                             $this->_identityCookie = $this->saveCookie('', $data, $this->authTimeout);
                         } else {
                             throw new Exception(Craft::t('Could not find a user with Id of {userId}.', array('{userId}' => $this->getId())));
                         }
                     } else {
                         throw new Exception(Craft::t('{class}.allowAutoLogin must be set true in order to use cookie-based authentication.', array('{class}' => get_class($this))));
                     }
                 }
                 $this->_sessionRestoredFromCookie = false;
                 $this->_userRow = null;
                 // Run any after login logic.
                 $this->afterLogin(false);
             }
             return !$this->getIsGuest();
         }
     }
     Craft::log($username . ' tried to log in unsuccessfully.', LogLevel::Warning);
     return false;
 }
Ejemplo n.º 7
0
 /**
  * @param $userId
  * @param $user
  * @param $publicRegistration
  * @return bool
  */
 private function _validateSensitiveFields($userId, UserModel $user, $publicRegistration)
 {
     $email = craft()->request->getPost('email');
     $password = craft()->request->getPost('password');
     // If this is an existing user
     if ($userId) {
         // If the user changed their email, make sure they have validated with their password.
         if ($email && $email != $user->email) {
             if ($password) {
                 if ($this->_validateCurrentPassword($password)) {
                     if (!$email) {
                         $user->addError('email', Craft::t('Email address is required.'));
                     } else {
                         $user->email = $email;
                     }
                 } else {
                     Craft::log('Tried to change password for userId: ' . $user->id . ', but the current password does not match what the user supplied.', LogLevel::Warning);
                     $user->addError('currentPassword', Craft::t('Incorrect current password.'));
                 }
             } else {
                 Craft::log('Tried to change the email for userId: ' . $user->id . ', but the did not supply the existing password.', LogLevel::Warning);
                 $user->addError('currentPassword', Craft::t('You must supply your existing password.'));
             }
         }
     }
     // If public registration is enabled, make sure it's a new user before we set the password.
     if ($publicRegistration && !$user->id && !craft()->request->isCpRequest()) {
         $password = (string) craft()->request->getPost('password');
         // Validate the password.
         $passwordModel = new PasswordModel();
         $passwordModel->password = $password;
         if ($passwordModel->validate()) {
             $user->password = $password;
         } else {
             $user->addError('password', $passwordModel->getError('password'));
         }
     } else {
         // Only an existing logged-in user or admins can change passwords.
         if (craft()->userSession->isAdmin() || $user->isCurrent()) {
             $newPassword = craft()->request->getPost('newPassword');
             // Only actually validate/set it if these are not empty
             if ($newPassword && $password) {
                 if ($this->_validateCurrentPassword($password)) {
                     $newPasswordModel = new PasswordModel();
                     $newPasswordModel->password = $newPassword;
                     if ($newPasswordModel->validate()) {
                         $user->newPassword = (string) $newPassword;
                     } else {
                         $user->addError('newPassword', $newPasswordModel->getError('password'));
                     }
                 } else {
                     $user->addError('currentPassword', Craft::t('Incorrect current password.'));
                     Craft::log('Tried to change password for userId: ' . $user->id . ', but the current password does not match what the user supplied.', LogLevel::Warning);
                 }
             } else {
                 if ($newPassword && !$password) {
                     $user->addError('currentPassword', Craft::t('You must supply your existing password.'));
                     Craft::log('Tried to change password for userId: ' . $user->id . ', but the did not supply the existing password.', LogLevel::Warning);
                 }
             }
         }
     }
     return !$user->hasErrors();
 }
Ejemplo n.º 8
0
 /**
  * Sets a user's password once they've verified they have access to their email.
  *
  * @throws HttpException|Exception
  * @return null
  */
 public function actionSetPassword()
 {
     if (craft()->userSession->isLoggedIn()) {
         craft()->userSession->logout();
     }
     $code = craft()->request->getRequiredParam('code');
     $id = craft()->request->getRequiredParam('id');
     $user = craft()->users->getUserByUid($id);
     if ($user) {
         $isCodeValid = craft()->users->isVerificationCodeValidForUser($user, $code);
     }
     if (!$user || !$isCodeValid) {
         throw new HttpException('200', Craft::t('Invalid verification code.'));
     }
     $url = craft()->config->getSetPasswordPath($code, $id, $user);
     if (craft()->request->isPostRequest()) {
         $newPassword = craft()->request->getRequiredPost('newPassword');
         $passwordModel = new PasswordModel();
         $passwordModel->password = $newPassword;
         if ($passwordModel->validate()) {
             $user->newPassword = $newPassword;
             if (craft()->users->changePassword($user)) {
                 // Do we need to auto-login?
                 if (craft()->config->get('autoLoginAfterAccountActivation') === true) {
                     craft()->userSession->impersonate($user->id);
                 }
                 // If the user can't access the CP, then send them to the front-end setPasswordSuccessPath.
                 if (!$user->can('accessCp')) {
                     $setPasswordSuccessPath = craft()->config->getLocalized('setPasswordSuccessPath');
                     $url = UrlHelper::getSiteUrl($setPasswordSuccessPath);
                 } else {
                     $postCpLoginRedirect = craft()->config->get('postCpLoginRedirect');
                     $url = UrlHelper::getCpUrl($postCpLoginRedirect);
                 }
                 $this->redirect($url);
             }
         }
         craft()->userSession->setNotice(Craft::t('Couldn’t update password.'));
         $this->_processSetPasswordPath($user);
         $errors = array();
         $errors = array_merge($errors, $user->getErrors('newPassword'));
         $errors = array_merge($errors, $passwordModel->getErrors('password'));
         $this->renderTemplate($url, array('errors' => $errors, 'code' => $code, 'id' => $id, 'newUser' => $user->password ? false : true));
     } else {
         $this->_processSetPasswordPath($user);
         $this->renderTemplate($url, array('code' => $code, 'id' => $id, 'newUser' => $user->password ? false : true));
     }
 }
 /**
  * Logs a user in.
  *
  * If $rememberMe is set to `true`, the user will be logged in for the duration specified by the
  * [rememberedUserSessionDuration](http://buildwithcraft.com/docs/config-settings#rememberedUserSessionDuration)
  * config setting. Otherwise it will last for the duration specified by the
  * [userSessionDuration](http://buildwithcraft.com/docs/config-settings#userSessionDuration)
  * config setting.
  *
  * @param string $username   The user’s username.
  * @param string $password   The user’s submitted password.
  * @param bool   $rememberMe Whether the user should be remembered.
  *
  * @throws Exception
  * @return bool Whether the user was logged in successfully.
  */
 public function login($username, $password, $rememberMe = false)
 {
     // Require a userAgent string and an IP address to help prevent direct socket connections from trying to login.
     if (!craft()->request->userAgent || !$_SERVER['REMOTE_ADDR']) {
         Craft::log('Someone tried to login with loginName: ' . $username . ', without presenting an IP address or userAgent string.', LogLevel::Warning);
         $this->logout(true);
         $this->requireLogin();
     }
     // Validate the username/password first.
     $usernameModel = new UsernameModel();
     $passwordModel = new PasswordModel();
     $usernameModel->username = $username;
     $passwordModel->password = $password;
     // Validate the models.
     if ($usernameModel->validate() && $passwordModel->validate()) {
         $this->_identity = new UserIdentity($username, $password);
         // Did we authenticate?
         if ($this->_identity->authenticate()) {
             return $this->loginByUserId($this->_identity->getUserModel()->id, $rememberMe, true);
         }
     }
     Craft::log($username . ' tried to log in unsuccessfully.', LogLevel::Warning);
     return false;
 }
Ejemplo n.º 10
0
 /**
  * Sets a user record up for a new password without saving it.
  *
  * @access private
  * @param UserModel $user
  * @param UserRecord $userRecord
  * @return bool
  */
 private function _setPasswordOnUserRecord(UserModel $user, UserRecord $userRecord)
 {
     // Validate the password first
     $passwordModel = new PasswordModel();
     $passwordModel->password = $user->newPassword;
     if ($passwordModel->validate()) {
         $hashAndType = craft()->security->hashString($user->newPassword);
         $userRecord->password = $user->password = $hashAndType['hash'];
         $userRecord->encType = $user->encType = $hashAndType['encType'];
         $userRecord->status = $user->status = UserStatus::Active;
         $userRecord->invalidLoginWindowStart = null;
         $userRecord->invalidLoginCount = $user->invalidLoginCount = null;
         $userRecord->verificationCode = null;
         $userRecord->verificationCodeIssuedDate = null;
         // If it's an existing user, reset the passwordResetRequired bit.
         if ($user->id) {
             $userRecord->passwordResetRequired = $user->passwordResetRequired = false;
         }
         $userRecord->lastPasswordChangeDate = $user->lastPasswordChangeDate = DateTimeHelper::currentUTCDateTime();
         $user->newPassword = null;
         return true;
     } else {
         // If it's a new user AND we allow public registration, set it on the 'password' field and not 'newpassword'.
         if (!$user->id && craft()->systemSettings->getSetting('users', 'allowPublicRegistration', false)) {
             $user->addErrors(array('password' => $passwordModel->getErrors('password')));
         } else {
             $user->addErrors(array('newPassword' => $passwordModel->getErrors('password')));
         }
         return false;
     }
 }