/** Is the user valid? Valid means that the account is validated or hasn't exhausted it's validation period. $errmsg: Returs the reason why the account is or isn't valid $errno: Returns an error code identifying the error */ function isUserValid(&$errmsg = null, &$errno = 0) { global $account_status_to_text; $db = AbstractDb::getObject(); $retval = false; $account_status = $this->getAccountStatus(); if ($account_status == ACCOUNT_STATUS_ALLOWED) { $retval = true; } else { if ($account_status == ACCOUNT_STATUS_VALIDATION) { $sql = "SELECT CASE WHEN ((CURRENT_TIMESTAMP - reg_date) > networks.validation_grace_time) THEN true ELSE false END AS validation_grace_time_expired, EXTRACT(EPOCH FROM networks.validation_grace_time) as validation_grace_time FROM users JOIN networks ON (users.account_origin = networks.network_id) WHERE (user_id='{$this->id}')"; $db->execSqlUniqueRes($sql, $user_info, false); if ($user_info['validation_grace_time_expired'] == 't') { $errmsg = sprintf(getErrorText(ERR_VALIDATION_EXPIRED), $user_info['validation_grace_time'] / 60); $errno = ERR_VALIDATION_EXPIRED; $retval = false; } else { $errmsg = _("Your account is currently valid."); $retval = true; } } else { $errmsg = getErrorText(ERR_ACCOUNT_INVALID) . $account_status_to_text[$account_status]; $errno = ERR_ACCOUNT_INVALID; $retval = false; } } return $retval; }
/** * Attempts to login a user against the authentication source * * If successfull, returns a User object * * @param string $username A valid identifying token for the source. Not * necessarily unique. For local user, bots username * and email are valid. * @param string $password Clear text password. * @param string $errmsg Reference of error message * @param int $errno Reference to error code * * @return object The actual User object if login was successfull, false * otherwise. */ public function login($username, $password, &$errmsg = null, &$errno = 0) { //echo "DEBUG: login($username, $password, $errmsg)<br/>"; $db = AbstractDb::getObject(); // Init values $retval = false; $username = $db->escapeString($username); if (empty($username)) { $errmsg .= sprintf(getErrorText(ERR_NO_USERNAME)); $errno = ERR_NO_USERNAME; $retval = false; } else { /* gbastien: this is not reusable!!, why not use password directly? */ //$password_hash = User::passwordHash($_REQUEST['password']); $password_hash = User::passwordHash($password); $password = $db->escapeString($password); $username = $this->getNetwork()->getUsernamesCaseSensitive() ? $username : strtolower($username); $compareto = $this->getNetwork()->getUsernamesCaseSensitive() ? 'username' : 'lower(username)'; $sql = "SELECT user_id FROM users WHERE ({$compareto} = '{$username}' OR lower(email) = '{$username}') AND account_origin='" . $this->getNetwork()->getId() . "' AND pass='******'"; $db->execSqlUniqueRes($sql, $user_info, false); if ($user_info != null) { $user = User::getObject($user_info['user_id']); if ($user->isUserValid($errmsg, $errno)) { $retval =& $user; $errmsg = _("Login successfull"); } else { $retval = false; //Reason for refusal is already in $errmsg } } else { /* * This is only used to discriminate if the problem was a * non-existent user or a wrong password. */ $user_info = null; $db->execSqlUniqueRes("SELECT * FROM users WHERE ({$compareto} = '{$username}' OR lower(email) = '{$username}') AND account_origin='" . $this->getNetwork()->getId() . "'", $user_info, false); if ($user_info == null) { $errmsg = getErrorText(ERR_UNKNOWN_USERNAME); $errno = ERR_UNKNOWN_USERNAME; } else { $errmsg = getErrorText(ERR_WRONG_PASSWORD); $errno = ERR_WRONG_PASSWORD; } $retval = false; } } User::setCurrentUser($retval); return $retval; }
echo $test["test"]["cert"]["hash"]; ?> </td> <td><?php echo date("j. n. Y", $test["test"]["cert"]["validFrom_time_t"]); ?> </td> <td><?php echo date("j. n. Y", $test["test"]["cert"]["validTo_time_t"]); ?> </td> <?php } else { ?> <td colspan="4">Chyba - <?php echo getErrorText($test["test"]["status"]); ?> .</td> <?php } ?> </tr> <?php } ?> </table> <hr> Vygenerováno v <?php echo date("G:i j. n. Y");