Example #1
0
 /**
  * Get a CSRF Token value as stored in the session, or create one if it doesn't yet exist
  *
  * @param int|string|null $id Optional unique ID for this token
  * @return string
  *
  */
 public function getTokenValue($id = '')
 {
     $tokenName = $this->getTokenName($id);
     $tokenValue = $this->session->get($this, $tokenName);
     if (empty($tokenValue)) {
         // $tokenValue = md5($this->page->path() . mt_rand() . microtime()) . md5($this->page->name . $this->config->userAuthSalt . mt_rand());
         $pass = new Password();
         $tokenValue = $pass->randomBase64String(32);
         $this->session->set($this, $tokenName, $tokenValue);
     }
     return $tokenValue;
 }
 /**
  * Login a user with the given name and password
  *
  * Also sets them to the current user
  *
  * @param string $name
  * @param string $pass Raw, non-hashed password
  * @return User Return the $user if the login was successful or null if not. 
  *
  */
 public function ___login($name, $pass)
 {
     $name = $this->wire('sanitizer')->pageName($name);
     if (!$this->allowLogin($name)) {
         $this->loginFailure($name, "User is not allowed to login");
         return null;
     }
     $user = strlen($name) ? $this->wire('users')->get("name={$name}") : null;
     if ($user && $user->id && $user->id != $this->wire('config')->guestUserPageID && $this->authenticate($user, $pass)) {
         $this->trackChange('login', $this->wire('user'), $user);
         session_regenerate_id(true);
         $this->set('_user', 'id', $user->id);
         $this->set('_user', 'ts', time());
         if ($this->config->sessionChallenge) {
             // create new challenge
             $pass = new Password();
             $challenge = $pass->randomBase64String(32);
             $this->set('_user', 'challenge', $challenge);
             // set challenge cookie to last 30 days (should be longer than any session would feasibly last)
             setcookie(session_name() . '_challenge', $challenge, time() + 60 * 60 * 24 * 30, '/', null, false, true);
         }
         if ($this->config->sessionFingerprint) {
             // remember a fingerprint that tracks the user's IP and user agent
             $this->set('_user', 'fingerprint', $this->getFingerprint());
         }
         $this->setFuel('user', $user);
         $this->get('CSRF')->resetAll();
         $this->loginSuccess($user);
         return $user;
     } else {
         if (!$user || !$user->id) {
             $reason = "Unknown user: {$name}";
         } else {
             if ($user->id == $this->wire('config')->guestUserPageID) {
                 $reason = "Guest user may not login";
             } else {
                 $reason = "Invalid password";
             }
         }
         $this->loginFailure($name, $reason);
     }
     return null;
 }
Example #3
0
 /**
  * Login a user with the given name and password
  *
  * Also sets them to the current user
  *
  * @param string $name
  * @param string $pass Raw, non-hashed password
  * @return User Return the $user if the login was successful or null if not. 
  *
  */
 public function ___login($name, $pass)
 {
     if (!$this->allowLogin($name)) {
         return null;
     }
     $name = $this->wire('sanitizer')->username($name);
     $user = $this->wire('users')->get("name={$name}");
     if ($user->id && $this->authenticate($user, $pass)) {
         $this->trackChange('login', $this->wire('user'), $user);
         session_regenerate_id(true);
         $this->set('_user', 'id', $user->id);
         $this->set('_user', 'ts', time());
         if ($this->config->sessionChallenge) {
             // create new challenge
             $pass = new Password();
             $challenge = $pass->randomBase64String(32);
             $this->set('_user', 'challenge', $challenge);
             // set challenge cookie to last 30 days (should be longer than any session would feasibly last)
             setcookie(session_name() . '_challenge', $challenge, time() + 60 * 60 * 24 * 30, '/', null, false, true);
         }
         if ($this->config->sessionFingerprint) {
             // remember a fingerprint that tracks the user's IP and user agent
             $this->set('_user', 'fingerprint', md5($this->getIP(true) . $_SERVER['HTTP_USER_AGENT']));
         }
         $this->setFuel('user', $user);
         $this->get('CSRF')->resetAll();
         $this->loginSuccess($user);
         return $user;
     }
     return null;
 }