/**
* Cancels a user account by deleting all the information related to them.
* @param array $aVal
* @return Phpfox_Error if password doesnt match | false if user does not have enough permissions or password is not set
*/
public function cancelAccount($aVal)
{
Phpfox::isUser(true);
define('PHPFOX_CANCEL_ACCOUNT', true);
if (!isset($aVal['password']) && !Phpfox::getUserBy('fb_user_id') && !Phpfox::getUserBy('janrain_user_id')) {
return Phpfox_Error::set(Phpfox::getPhrase('user.please_enter_your_password'));
}
if (!Phpfox::getUserParam('user.can_delete_own_account')) {
return Phpfox_Error::set(Phpfox::getPhrase('user.you_are_not_allowed_to_delete_your_own_account'));
}
// confirm $aVal[password] == user password
// get user's data
$aRow = $this->database()->select('password_salt, password')->from(Phpfox::getT('user'))->where('user_id = ' . Phpfox::getUserId())->execute('getSlaveRow');
if (!Phpfox::getUserBy('fb_user_id') && !Phpfox::getUserBy('janrain_user_id')) {
$error = false;
if (strlen($aRow['password']) > 32) {
$Hash = new Core\Hash();
if (!$Hash->check($aVal['password'], $aRow['password'])) {
Phpfox_Error::set(Phpfox::getPhrase('user.invalid_password'));
$error = true;
}
} else {
if (!Phpfox::getLib('hash')->setHash($aVal['password'], $aRow['password_salt']) != $aRow['password']) {
$error = true;
}
}
if ($sPlugin = Phpfox_Plugin::get('user.service_cancellations_process_cancelaccount_invalid_password')) {
eval($sPlugin);
}
if ($error) {
return Phpfox_Error::set(Phpfox::getPhrase('user.invalid_password'));
}
}
Phpfox::getService('user.cancellations.process')->feedbackCancellation($aVal);
// mass callback
Phpfox::massCallback('onDeleteUser', Phpfox::getUserId());
// log out adter having deleted all the info
Phpfox::getService('user.auth')->logout();
Phpfox_Url::instance()->send('', null, Phpfox::getPhrase('user.your_account_has_been_deleted'));
return true;
}
public function updatePassword($aVals)
{
Phpfox::isUser(true);
if (empty($aVals['old_password'])) {
return Phpfox_Error::set(Phpfox::getPhrase('user.missing_old_password'));
}
if (empty($aVals['new_password'])) {
return Phpfox_Error::set(Phpfox::getPhrase('user.missing_new_password'));
}
if (empty($aVals['confirm_password'])) {
return Phpfox_Error::set(Phpfox::getPhrase('user.confirm_your_new_password'));
}
if ($aVals['confirm_password'] != $aVals['new_password']) {
return Phpfox_Error::set(Phpfox::getPhrase('user.your_confirmed_password_does_not_match_your_new_password'));
}
$aUser = Phpfox::getService('user')->getUser(Phpfox::getUserId());
if (strlen($aUser['password']) > 32) {
$Hash = new Core\Hash();
if (!$Hash->check($aVals['old_password'], $aUser['password'])) {
return Phpfox_Error::set(Phpfox::getPhrase('user.your_current_password_does_not_match_your_old_password'));
}
} else {
if (Phpfox::getLib('hash')->setHash($aVals['old_password'], $aUser['password_salt']) != $aUser['password']) {
return Phpfox_Error::set(Phpfox::getPhrase('user.your_current_password_does_not_match_your_old_password'));
}
}
$sSalt = $this->_getSalt();
$aInsert = array();
$aInsert['password'] = Phpfox::getLib('hash')->setHash($aVals['new_password'], $sSalt);
$aInsert['password_salt'] = $sSalt;
$this->database()->update($this->_sTable, $aInsert, 'user_id = ' . Phpfox::getUserId());
list($bLogged, $aUser) = Phpfox::getService('user.auth')->login($aUser['email'], $aVals['new_password'], false, 'email');
$this->database()->insert(Phpfox::getT('user_ip'), array('user_id' => Phpfox::getUserId(), 'type_id' => 'update_password', 'ip_address' => Phpfox::getIp(), 'time_stamp' => PHPFOX_TIME));
($sPlugin = Phpfox_Plugin::get('user.service_process_updatepassword')) ? eval($sPlugin) : false;
return $bLogged ? true : false;
}
public function login($sLogin, $sPassword, $bRemember = false, $sType = 'email', $bNoPasswordCheck = false)
{
$sSelect = 'user_id, email, user_name, password, password_salt, status_id';
/* Used to control the return in case we detect a brute force attack */
$bReturn = false;
$sLogin = $this->database()->escape($sLogin);
if ($sPlugin = Phpfox_Plugin::get('user.service_auth_login__start')) {
eval($sPlugin);
if (isset($mReturn)) {
return $mReturn;
}
}
$aRow = $this->database()->select($sSelect)->from($this->_sTable)->where($sType == 'both' ? "email = '" . $sLogin . "' OR user_name = '" . $sLogin . "'" : ($sType == 'email' ? "email" : "user_name") . " = '" . $sLogin . "'")->execute('getRow');
if ($sPlugin = Phpfox_Plugin::get('user.service_auth_login_skip_email_verification')) {
eval($sPlugin);
}
if (!defined('PHPFOX_INSTALLER') && isset($aRow['status_id']) && $aRow['status_id'] == 1 && !isset($bEmailVerification)) {
Phpfox::getLib('session')->set('cache_user_id', $aRow['user_id']);
if (defined('PHPFOX_MUST_PAY_FIRST')) {
Phpfox_Url::instance()->send('subscribe.register', array('id' => PHPFOX_MUST_PAY_FIRST, 'login' => '1'));
}
Phpfox_Url::instance()->send('user.verify', null, Phpfox::getPhrase('user.you_need_to_verify_your_email_address_before_logging_in', array('email' => $aRow['email'])));
}
if (!isset($aRow['user_name'])) {
switch (Phpfox::getParam('user.login_type')) {
case 'user_name':
$sMessage = Phpfox::getPhrase('user.invalid_user_name');
break;
case 'email':
$sMessage = Phpfox::getPhrase('user.invalid_email');
break;
default:
$sMessage = Phpfox::getPhrase('user.invalid_login_id');
}
Phpfox_Error::set($sMessage);
if ($sPlugin = Phpfox_Plugin::get('user.service_auth_login__no_user_name')) {
eval($sPlugin);
}
//return array(false, $aRow);
$bReturn = true;
} else {
$bDoPhpfoxLoginCheck = true;
if ($sPlugin = Phpfox_Plugin::get('user.service_auth_login__password')) {
eval($sPlugin);
}
if (strlen($aRow['password']) > 32) {
$Hash = new Core\Hash();
if (!$Hash->check($sPassword, $aRow['password'])) {
Phpfox_Error::set(Phpfox::getPhrase('user.invalid_password'));
$bReturn = true;
}
} else {
if (!$bNoPasswordCheck && $bDoPhpfoxLoginCheck && Phpfox::getLib('hash')->setHash($sPassword, $aRow['password_salt']) != $aRow['password']) {
Phpfox_Error::set(Phpfox::getPhrase('user.invalid_password'));
//return array(false, $aRow);
$bReturn = true;
}
}
}
/* Add the check for the brute force here */
if (!empty($aRow) && !defined('PHPFOX_INSTALLER') && Phpfox::getParam('user.brute_force_time_check') > 0) {
/* Check if the account is already locked */
$iLocked = $this->database()->select('brute_force_locked_at')->from(Phpfox::getT('user_field'))->where('user_id = ' . $aRow['user_id'])->execute('getSlaveField');
$iUnlockTimeOut = $iLocked + Phpfox::getParam('user.brute_force_cool_down') * 60;
$iRemaining = $iUnlockTimeOut - PHPFOX_TIME;
$iTimeFrom = PHPFOX_TIME - 60 * Phpfox::getParam('user.brute_force_time_check');
$iAttempts = $this->database()->select('COUNT(*)')->from(Phpfox::getT('user_ip'))->where('user_id = ' . $aRow['user_id'] . ' AND type_id = "login_failed" AND time_stamp > ' . $iTimeFrom)->execute('getSlaveField');
$aReplace = array('iCoolDown' => Phpfox::getParam('user.brute_force_cool_down'), 'sForgotLink' => Phpfox_Url::instance()->makeUrl('user.password.request'), 'iUnlockTimeOut' => ceil($iRemaining / 60));
if ($iRemaining > 0) {
Phpfox_Error::reset();
Phpfox_Error::set(Phpfox::getPhrase('user.brute_force_account_locked', $aReplace));
return array(false, $aRow);
}
if ($iAttempts >= Phpfox::getParam('user.brute_force_attempts_count')) {
$this->database()->update(Phpfox::getT('user_field'), array('brute_force_locked_at' => PHPFOX_TIME), 'user_id = ' . $aRow['user_id']);
Phpfox_Error::reset();
/* adjust new remaining time*/
$aReplace['iUnlockTimeOut'] = Phpfox::getParam('user.brute_force_cool_down');
Phpfox_Error::set(Phpfox::getPhrase('user.brute_force_account_locked', $aReplace));
$bReturn = true;
}
}
if ($bReturn == true) {
/* Log the attempt */
$this->database()->insert(Phpfox::getT('user_ip'), array('user_id' => isset($aRow['user_id']) ? $aRow['user_id'] : '0', 'type_id' => 'login_failed', 'ip_address' => Phpfox::getIp(), 'time_stamp' => PHPFOX_TIME));
return array(false, $aRow);
}
// ban check
$oBan = Phpfox::getService('ban');
if (!$oBan->check('email', $aRow['email'])) {
Phpfox_Error::set(Phpfox::getPhrase('ban.global_ban_message'));
}
if (!$oBan->check('ip', Phpfox_Request::instance()->getIp())) {
// this is a new phrase, text: "Your IP address is not allowed"
Phpfox_Error::set(Phpfox::getPhrase('ban.not_allowed_ip_address'));
}
$aBanned = Phpfox::getService('ban')->isUserBanned($aRow);
if ($aBanned['is_banned']) {
if (isset($aBanned['reason']) && !empty($aBanned['reason'])) {
$aBanned['reason'] = str_replace(''', "'", Phpfox::getLib('parse.output')->parse($aBanned['reason']));
$sReason = preg_replace('/\\{phrase var=\'(.*)\'\\}/ise', "'' . Phpfox::getPhrase('\\1',array(), false, null, '" . Phpfox::getUserBy('language_id') . "') . ''", $aBanned['reason']);
Phpfox_Error::set($sReason);
} else {
Phpfox_Error::set(Phpfox::getPhrase('ban.global_ban_message'));
}
}
if (Phpfox_Error::isPassed()) {
if ($sPlugin = Phpfox_Plugin::get('user.service_auth_login__cookie_start')) {
eval($sPlugin);
}
$sPasswordHash = Phpfox::getLib('hash')->setRandomHash(Phpfox::getLib('hash')->setHash($aRow['password'], $aRow['password_salt']));
// Set cookie (yummy)
$iTime = $bRemember ? PHPFOX_TIME + 3600 * 24 * 365 : 0;
Phpfox::setCookie($this->_sNameCookieUserId, $aRow['user_id'], $iTime, Phpfox::getParam('core.force_secure_site') ? true : false);
Phpfox::setCookie($this->_sNameCookieHash, $sPasswordHash, $iTime, Phpfox::getParam('core.force_secure_site') ? true : false);
if (!defined('PHPFOX_INSTALLER')) {
Phpfox::getLib('session')->remove(Phpfox::getParam('core.theme_session_prefix') . 'theme');
}
$this->database()->update($this->_sTable, array('last_login' => PHPFOX_TIME), 'user_id = ' . $aRow['user_id']);
$this->database()->insert(Phpfox::getT('user_ip'), array('user_id' => $aRow['user_id'], 'type_id' => 'login', 'ip_address' => Phpfox::getIp(), 'time_stamp' => PHPFOX_TIME));
if (Phpfox::getParam('core.auth_user_via_session')) {
$this->database()->delete(Phpfox::getT('session'), 'user_id = ' . (int) $aRow['user_id']);
$this->database()->insert(Phpfox::getT('session'), array('user_id' => $aRow['user_id'], 'last_activity' => PHPFOX_TIME, 'id_hash' => Phpfox_Request::instance()->getIdHash()));
}
if ($sPlugin = Phpfox_Plugin::get('user.service_auth_login__cookie_end')) {
eval($sPlugin);
}
return array(true, $aRow);
}
if ($sPlugin = Phpfox_Plugin::get('user.service_auth_login__end')) {
eval($sPlugin);
}
return array(false, $aRow);
}
