function Authenticate($Username, $Password, $PersistentSession) { // Validate the username and password that have been set $UserID = 0; $UserManager = $this->Context->ObjectFactory->NewContextObject($this->Context, 'UserManager'); $User = $UserManager->GetUserCredentials(0, $Username); if (!$User === null) { $UserID = -2; } elseif ($User) { if ($User->VerificationKey == '') { $User->VerificationKey = DefineVerificationKey(); } if ($this->PasswordHash->CheckPassword($User, $Password)) { if (!$User->PERMISSION_SIGN_IN) { $UserID = -1; } else { $UserID = $User->UserID; $VerificationKey = $User->VerificationKey; // 1. Update the user's information $UserManager->UpdateUserLastVisit($UserID, $VerificationKey); // 2. Log the user's IP address $UserManager->AddUserIP($UserID); // Assign the session value $this->AssignSessionUserID($UserID); // Set the 'remember me' cookies if ($PersistentSession) { $this->SetCookieCredentials($UserID, $VerificationKey); } } } } return $UserID; }
/** * Return the key used for CSRF protection. * @return String */ function GetCsrfValidationKey() { $Key = $this->GetVariable('SessionPostBackKey', 'string'); if ($Key == '') { $Key = DefineVerificationKey(); $this->SetVariable('SessionPostBackKey', $Key); } return $Key; }
function Authenticate($Username, $Password, $PersistentSession) { // Validate the username and password that have been set $Username = FormatStringForDatabaseInput($Username); $Password = FormatStringForDatabaseInput($Password); $UserID = 0; // Retrieve matching username/password values $s = $this->Context->ObjectFactory->NewContextObject($this->Context, 'SqlBuilder'); $s->SetMainTable('User', 'u'); $s->AddJoin('Role', 'r', 'RoleID', 'u', 'RoleID', 'left join'); $s->AddSelect(array('UserID', 'VerificationKey'), 'u'); $s->AddSelect('PERMISSION_SIGN_IN', 'r'); $s->AddWhere('u', 'Name', '', $Username, '='); $s->AddWhere('u', 'Password', '', $Password, '=', 'and', 'md5', 1, 1); $s->AddWhere('u', 'Password', '', $Password, '=', 'or'); $s->EndWhereGroup(); $UserResult = $this->Context->Database->Select($s, 'Authenticator', 'Authenticate', 'An error occurred while attempting to validate your credentials'); if (!$UserResult) { $UserID = -2; } elseif ($this->Context->Database->RowCount($UserResult) > 0) { $CanSignIn = 0; $VerificationKey = ''; while ($rows = $this->Context->Database->GetRow($UserResult)) { $VerificationKey = ForceString($rows['VerificationKey'], ''); if ($VerificationKey == '') { $VerificationKey = DefineVerificationKey(); } $UserID = ForceInt($rows['UserID'], 0); $CanSignIn = ForceBool($rows['PERMISSION_SIGN_IN'], 0); } if (!$CanSignIn) { $UserID = -1; } else { // Update the user's information $this->UpdateLastVisit($UserID, $VerificationKey); // Assign the session value $this->AssignSessionUserID($UserID); // Set the 'remember me' cookies if ($PersistentSession) { $this->SetCookieCredentials($UserID, $VerificationKey); } } } return $UserID; }
function RequestPasswordReset($Username) { $Username = FormatStringForDatabaseInput($Username, ''); $Email = false; if ($Username == '') { $this->Context->WarningCollector->Add($this->Context->GetDefinition('ErrInvalidUsername')); } else { // Attempt to retrieve email address $s = $this->Context->ObjectFactory->NewContextObject($this->Context, 'SqlBuilder'); $s->SetMainTable('User', 'u'); $s->AddSelect(array('Email', 'Name', 'UserID'), 'u'); $s->AddWhere('u', 'Name', '', $Username, '='); $UserResult = $this->Context->Database->Select($s, $this->Name, 'RequestPasswordReset', 'An error occurred while retrieving account information.'); if ($this->Context->Database->RowCount($UserResult) == 0) { $this->Context->WarningCollector->Add($this->Context->GetDefinition('ErrAccountNotFound')); } else { $Name = ''; $Email = ''; $UserID = 0; while ($rows = $this->Context->Database->GetRow($UserResult)) { $UserID = ForceInt($rows['UserID'], 0); $Email = ForceString($rows['Email'], ''); $Name = FormatStringForDisplay($rows['Name'], 1); } // Now that we have the email, generate an email verification key $EmailVerificationKey = DefineVerificationKey(); // Insert the email verification key into the user table $s->Clear(); $s->SetMainTable('User', 'u'); $s->AddFieldNameValue('EmailVerificationKey', $EmailVerificationKey, 1); $s->AddWhere('u', 'UserID', '', $UserID, '='); $this->Context->Database->Update($s, $this->Name, 'RequestPasswordReset', 'An error occurred while managing your account information.'); // If there are no errors, send the user an email if ($this->Context->WarningCollector->Count() == 0) { // Retrieve the email body $File = $this->Context->Configuration['LANGUAGES_PATH'] . $this->Context->Configuration['LANGUAGE'] . '/email_password_request.txt'; $EmailBody = @file_get_contents($File); if (!$EmailBody) { $this->Context->ErrorManager->AddError($this->Context, $this->Name, 'AssignRole', 'Failed to read email template (' . $File . ').'); } $e = $this->Context->ObjectFactory->NewContextObject($this->Context, 'Email'); $e->HtmlOn = 0; $e->WarningCollector =& $this->Context->WarningCollector; $e->ErrorManager =& $this->Context->ErrorManager; $e->AddFrom($this->Context->Configuration['SUPPORT_EMAIL'], $this->Context->Configuration['SUPPORT_NAME']); $e->AddRecipient($Email, $Name); $e->Subject = $this->Context->Configuration['APPLICATION_TITLE'] . ' ' . $this->Context->GetDefinition('PasswordResetRequest'); $e->Body = str_replace(array('{user_name}', '{forum_name}', '{password_url}'), array($Name, $this->Context->Configuration['APPLICATION_TITLE'], ConcatenatePath($this->Context->Configuration['BASE_URL'], GetUrl($this->Context->Configuration, 'people.php', '', '', '', '', 'PostBackAction=PasswordResetForm&u=' . $UserID . '&k=' . $EmailVerificationKey))), $EmailBody); $e->Send(); } } } return $this->Context->WarningCollector->Iif($Email, false); }
function GetIdentity() { if (!session_id()) { session_start(); } $UserID = ForceInt(@$_SESSION[$this->Context->Configuration['SESSION_USER_IDENTIFIER']], 0); if ($UserID == 0) { // UserID wasn't found in the session, so attempt to retrieve it from the cookies // Retrieve cookie values $EncryptedUserID = ForceIncomingCookieString($this->Context->Configuration['COOKIE_USER_KEY'], ''); $VerificationKey = ForceIncomingCookieString($this->Context->Configuration['COOKIE_VERIFICATION_KEY'], ''); if ($EncryptedUserID != '' && $VerificationKey != '') { // Compare against db values // Sadly, because this class is meant to be an interface for distributed objects, I can't use any of the error checking in the Lussumo Framework $Query = "select UserID\n\t\t\t\t\tfrom LUM_User\n\t\t\t\t\twhere VerificationKey = '" . FormatStringForDatabaseInput($VerificationKey) . "'"; $Result = $this->Context->Database->Execute($Query, 'Authenticator', 'GetIdentity', 'An error occurred while attempting to validate your remember me credentials'); if ($Result) { $UserID = 0; while ($rows = $this->Context->Database->GetRow($Result)) { if ($EncryptedUserID == md5($rows['UserID'])) { $UserID = ForceInt($rows['UserID'], 0); $EncryptedUserID = $rows['EncryptedUserID']; break; } } if ($UserID > 0) { // 1. Set a new verification key $VerificationKey = DefineVerificationKey(); // 2. Update the user's information $this->UpdateLastVisit($UserID, $VerificationKey); // 3. Set the 'remember me' cookies $this->SetCookieCredentials($EncryptedUserID, $VerificationKey); // 4. Log the user's IP address $this->LogIp($UserID); } } } } // If it has now been found, set up the session. $this->AssignSessionUserID($UserID); return $UserID; }
function Constructor(&$Context) { $this->Control($Context); $this->Delegates = array(); $this->FormPostBackKey = ForceIncomingString('FormPostBackKey', ''); // Get delegates from the context object that were added before this object was instantiated if (array_key_exists($this->Name, $this->Context->DelegateCollection)) { $this->Delegates = array_merge($this->Delegates, $this->Context->DelegateCollection[$this->Name]); } // Define the postback action $this->PostBackAction = ForceIncomingString('PostBackAction', ''); $this->PostBackValidated = 0; $this->PostBackParams = $this->Context->ObjectFactory->NewObject($this->Context, 'Parameters'); if ($this->Context->Session->UserID > 0) { $this->SessionPostBackKey = $this->Context->Session->GetVariable('SessionPostBackKey', 'string'); // If the postback key has not been created, do so now. if ($this->SessionPostBackKey == '') { $this->SessionPostBackKey = DefineVerificationKey(); $this->Context->Session->SetVariable('SessionPostBackKey', $this->SessionPostBackKey); } $this->PostBackParams->Set('FormPostBackKey', $this->SessionPostBackKey, 1, '', 1); } // Set the IsPostBack property (If the postback action is in this control's set of valid actions, then it has been posted back). $this->IsPostBack = is_array($this->ValidActions) && in_array($this->PostBackAction, $this->ValidActions); }