/**
* Reset password
*
* @param string $mail Subscriber mail
* @param string $new_pwd Subscriber password
* @return integer
*/
public function reset($mail, $new_pwd)
{
$id = $this->db->query_var('SELECT id FROM ' . $this->table . ' WHERE mail = ' . $this->db->escape(strtolower($mail)));
if ($id) {
$array = array('password' => X4Utils_helper::hashing($new_pwd));
$result = $this->update($id, $array);
return intval($result[1]);
} else {
return 0;
}
}
/**
* Register User profile
*
* @access private
* @param array $_post _POST array
* @return void
*/
private function profiling($_post)
{
$msg = null;
// ther'is no permission check because each user can only change his profile
// handle _post
$post = array('lang' => $_post['lang'], 'username' => $_post['username'], 'description' => strip_tags($_post['description']), 'mail' => $_post['mail'], 'phone' => $_post['phone']);
// check for password update
if (!empty($_post['password'])) {
$post['password'] = X4Utils_helper::hashing($_post['password']);
}
$user = new User_model();
// check if username or email address are already used by another user
$check = (bool) $user->exists($post['username'], $post['mail'], $_SESSION['xuid']);
if ($check) {
$msg = AdmUtils_helper::set_msg($false, '', $this->dict->get_word('_USER_ALREADY_EXISTS', 'msg'));
} else {
// update profile
$result = $user->update($_SESSION['xuid'], $post);
// if user changes his password then send a reminder
if ($result[1] && !empty($_post['password'])) {
// build subject and message
$s = array('DOMAIN', 'USERNAME', 'PASSWORD');
$r = array($this->site->site->domain, $_post['username'], $_post['password']);
$subject = str_replace($s, $r, _SUBJECT_PROFILE);
$msg = str_replace($s, $r, _MSG_PROFILE);
$to = array(array('mail' => $_post['mail'], 'name' => $_post['username']));
// send
X4Mailer_helper::mailto(MAIL, false, $subject, $msg, $to);
}
// set message
$this->dict->get_words();
$msg = AdmUtils_helper::set_msg($result);
// set update
if ($result[1]) {
$msg->update[] = array('element' => 'topic', 'url' => urldecode(BASE_URL . 'profile'), 'title' => null);
}
}
$this->response($msg);
}
/**
* Perform login
*
* @param array $_post _POST array
* @param integer $id_area Area ID
* @return void
*/
public function do_login($_post, $id_area)
{
if ($_SESSION['failed'] < 5) {
// fields to set in sessions
$fields = array('mail' => 'mail', 'username' => 'username', 'id' => 'uid', 'last_in' => 'last_in');
// conditions
$conditions = array('id_area' => $id_area, 'username' => $_post['username']);
// remember me
$conditions['password'] = isset($_post['hpwd']) && $_post['password'] == '12345678' ? $_post['hpwd'] : X4Utils_helper::hashing($_post['password']);
// log in
$login = X4Auth_helper::log_in('users', $conditions, $fields);
if ($login) {
$_SESSION['failed'] = 0;
// post login operations
$_SESSION['site'] = SITE;
$_SESSION['id_area'] = $id_area;
// set cookie for remember me
if (isset($_post['remember_me'])) {
setcookie(COOKIE . '_login', $conditions['username'] . '-' . $conditions['password'], time() + 2592000, '/', $_SERVER['HTTP_HOST']);
}
$mod = new X4Auth_model('users');
// log
if (LOGS) {
$mod->logger($_SESSION['uid'], $id_area, 'users', 'log in');
}
$area = $mod->get_by_id($id_area, 'areas', 'name');
// redirect
header('Location: ' . BASE_URL . $area->name);
die;
} else {
// increase failure counter
$_SESSION['failed']++;
if (LOGS) {
$mod = new X4Auth_model('users');
$mod->logger(0, $id_area, 'users', 'log in failed for ' . $_post['username']);
}
}
}
header('Location: ' . BASE_URL . 'login');
die;
}
/**
* Perform login
*
* @access private
* @param array $_post _POST array
* @return void
*/
private function do_login($_post)
{
// check failure counter
if ($_SESSION['failed'] < 5) {
// fields to set in sessions
$fields = array('mail' => 'mail', 'username' => 'username', 'id' => 'xuid', 'lang' => 'lang', 'last_in' => 'last_in', 'level' => 'level');
// conditions
$conditions = array('id_area' => 1, 'username' => $_post['username']);
// remember me
$conditions['password'] = isset($_post['hpwd']) && $_post['password'] == '12345678' ? $_post['hpwd'] : X4Utils_helper::hashing($_post['password']);
// log in
$login = X4Auth_helper::log_in('users', $conditions, $fields, true, true);
if ($login) {
// post login operations
$_SESSION['site'] = SITE;
$_SESSION['id_area'] = 1;
// admin AREA ID
// set cookie for remember me
if (isset($_post['remember_me'])) {
setcookie(COOKIE . '_login', $conditions['username'] . '-' . $conditions['password'], time() + 2592000, '/', $_SERVER['HTTP_HOST']);
}
// refactory permissions
$mod = new Permission_model();
$mod->refactory($_SESSION['xuid']);
// log
if (LOGS) {
$mod = new X4Auth_model('users');
$mod->logger($_SESSION['xuid'], 1, 'users', 'log in');
}
// redirect
header('Location: ' . $this->site->site->domain . '/' . $_SESSION['lang'] . '/admin');
die;
} else {
// increase failure counter
$_SESSION['failed']++;
if (LOGS) {
$mod = new X4Auth_model('users');
$mod->logger(0, 1, 'users', 'log in failed for ' . $_post['username']);
}
}
}
// redirect
header('Location: ' . BASE_URL . 'login');
die;
}
/**
* Register Edit / New User form data
*
(if 0 then is a new item)
* @param integer $id item ID (if 0 then is a new item)
* @param array $_post _POST array
* @return void
*/
private function editing($id, $_post)
{
$msg = null;
// check permission
$msg = $id ? AdmUtils_helper::chk_priv_level($_SESSION['xuid'], 'users', $id, 2) : AdmUtils_helper::chk_priv_level($_SESSION['xuid'], '_user_creation', 0, 4);
if (is_null($msg)) {
// handle _post
$post = array('lang' => $_post['lang'], 'id_group' => $_post['id_group'], 'username' => $_post['username'], 'description' => $_post['description'], 'mail' => $_post['mail'], 'phone' => $_post['phone'], 'level' => $_post['level']);
// update password
if (!empty($_post['password'])) {
$post['password'] = X4Utils_helper::hashing($_post['password']);
}
// check if an user with the same username or password already exists
$user = new User_model();
$check = (bool) $user->exists($post['username'], $post['mail'], $id);
if ($check) {
$msg = AdmUtils_helper::set_msg(false, '', $this->dict->get_word('_USER_ALREADY_EXISTS', 'msg'));
} else {
$perm = new Permission_model();
if ($id) {
// update
$result = $user->update($id, $post);
// update user privileges on areas
$perm->set_aprivs($id, $_post['domain']);
// redirect
$where = '/detail/' . $id;
} else {
// insert
$result = $user->insert($post);
// redirect
$where = '';
if ($result[1]) {
$id = $result[0];
// set privileges on areas
$perm->set_aprivs($id, $_post['domain']);
// add privs on new user
$array[] = array('action' => 'insert', 'id_what' => $result[0], 'id_user' => $_SESSION['xuid'], 'level' => 4);
$res = $perm->pexec('users', $array, $_post['id_area']);
// refactory permissions for the user
$perm->refactory($id);
}
}
// set message
$msg = AdmUtils_helper::set_msg($result);
// set what update
if ($result[1]) {
$msg->update[] = array('element' => 'tdown', 'url' => BASE_URL . 'users' . $where, 'title' => null);
}
}
}
$this->response($msg);
}
