public static function selectEmail($email, $code)
{
self::deleteBulk(NULL, NULL);
// clear garbage
try {
$rows = simpleSelect("Invitation", INVITATION_SELECT_EMAIL, array($email));
foreach ($rows as $invitation) {
$invitation->fixDates();
// == works in the case where $code = NULL
if ($code == $invitation->code || compareField($code, $invitation->code)) {
return $invitation;
// first is OK; after Invitation they become a worker!
}
}
return NULL;
} catch (PDOException $pe) {
logMessage("Invitation::selectEmail({$email}, {$code})", $pe->getMessage());
}
}
public static function password_authenticate($email, $password)
{
try {
$dbh = getPDOConnection();
$stmt = $dbh->prepare("SELECT workerid, isDisabled, passwordHash, resetCodeHash FROM worker WHERE lower(email) = lower(?)");
$stmt->execute(array($email));
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
if (count($rows) == 0) {
throw new LoginException('Can not find worker account.');
} else {
if (count($rows) > 1) {
throw new LoginException('There are more than one worker account with the same email address.');
}
}
$workerid = $rows[0]['workerid'];
$isDisabled = $rows[0]['isDisabled'];
$passwordHash = $rows[0]['passwordHash'];
$resetCodeHash = $rows[0]['resetCodeHash'];
if ($isDisabled == TRUE) {
throw new LoginException('Worker account is disabled.');
}
if (compareField($password, $passwordHash)) {
$dbh->beginTransaction();
$stmt = $dbh->prepare("UPDATE worker SET lastLoginTime = CURRENT_TIMESTAMP WHERE workerid = ?");
$stmt->execute(array($workerid));
$dbh->commit();
// we login
logout();
// paranoia
session_cache_limiter('nocache');
session_start();
$worker = Worker::selectID($workerid);
$_SESSION[AUTHENTICATED] = $worker;
$_SESSION[AUTHENTICATED_TEMP] = NULL;
// paranoia
return;
} else {
if (is_null($passwordHash) && compareField($password, $resetCodeHash)) {
$dbh->beginTransaction();
$stmt = $dbh->prepare("UPDATE worker SET lastLoginTime = CURRENT_TIMESTAMP, resetCodeHash = NULL WHERE workerid = ?");
$stmt->execute(array($workerid));
$dbh->commit();
// we login, but only to the temp
logout();
// paranoia
session_cache_limiter('nocache');
session_start();
$worker = Worker::selectID($workerid);
$_SESSION[AUTHENTICATED_TEMP] = $worker;
// only permit access to pw change
throw new RequirePasswordReset($workerid);
} else {
throw new LoginException('Worker failed to login.');
}
}
} catch (PDOException $pe) {
// do NOT log password
logMessage('WorkerLogin::password_authenticate(' . $email . ", {$password})", $pe->getMessage());
throw new LoginException('Worker failed to login.');
}
}
