public function register_user() { $username = $this->username; $name = $this->name == null ? $this->username : $this->name; $password = $this->password; $mail = $this->mail; $errors = array(); $hasher = new \CODOF\Pass(8, false); $hash = $hasher->HashPassword($password); if (strlen($hash) >= 20) { $fields = array("username" => $username, "name" => $name, "pass" => $hash, "mail" => $mail, "created" => time(), "last_access" => time(), "user_status" => $this->user_status, "avatar" => $this->avatar, "no_posts" => $this->no_posts, "oauth_id" => $this->oauth_id); $qry = 'INSERT INTO codo_users (username, name, pass, mail, created, last_access, user_status, avatar, no_posts, oauth_id) ' . 'VALUES(:username, :name, :pass, :mail, :created, :last_access, :user_status, :avatar, :no_posts, :oauth_id)'; $obj = $this->db->prepare($qry); if (!$obj->execute($fields)) { \CODOF\Log::error("Could not register user! \nError:\n " . print_r($obj->errorInfo(), true) . " \nData:\n" . print_r($fields, true)); $errors[] = "Could not register user"; } else { $this->userid = $this->db->lastInsertId('id'); \DB::table(PREFIX . 'codo_user_roles')->insert(array('uid' => $this->userid, 'rid' => $this->rid, 'is_primary' => 1)); if ($this->user_status == 0) { $this->add_signup_attempt($fields); $this->send_mail($fields, $errors); } //TODO: CurrentUser -> store user //dont know the security implications when $fields is passed with hook \CODOF\Hook::call('on_user_registered'); } } return $errors; }
/** * * Checks if username and password is not empty * Checks if user exists and password matches * Logs the user in * remember_me() is called * * @return type */ public function process_login() { //don't neeed much validation since we use prepared queries $username = strip_tags(trim($this->username)); $hasher = new \CODOF\Pass(8, false); $password = $this->password; $errors = array(); if (strlen($username) == 0) { $errors[]["msg"] = _t("username field cannot be left empty"); } if (strlen($password) == 0) { $errors[]["msg"] = _t("password field cannot be left empty"); } if (strlen($password) < 72 && empty($errors)) { $user = User::getByUsername($username); $ip = $_SERVER['REMOTE_ADDR']; //cannot be trusted at all ;) $ban = new Ban($this->db); if ($user && $ban->is_banned(array($ip, $username, $user->mail))) { $ban_len = ''; if ($ban->expires > 0) { $ban_len = _t("until ") . date('d-m-Y h:m:s', $ban->expires); } return json_encode(array("msg" => _t("You have been banned ") . $ban_len)); } if ($user && $hasher->CheckPassword($password, $user->pass)) { User::login($user->id); $user = User::get(); $user->rememberMe(); return json_encode(array("msg" => "success", "uid" => $user->id, "rid" => $user->rid, "role" => User::getRoleName($user->rid))); } else { \CODOF\Log::info('failed login attempt by ' . $username . 'wrong username/password'); return json_encode(array("msg" => _t("Wrong username or password"))); } } else { return json_encode($errors); } }
/** * * Updates the password of the current user * @param string $new_pass * @return boolean true if password was updated */ public function updatePassword($new_pass) { $hasher = new \CODOF\Pass(8, false); $hash = $hasher->HashPassword($new_pass); //update the new hashed password return $this->set(array("pass" => $hash)); }
$arr['name'] = $_POST['display_name']; // $arr['rid'] = $_POST['role']; $arr['signature'] = $_POST['signature']; unset($arr['id']); $err = 0; $msg = ""; if ($stmt->fetch()) { $err = 1; $msg = "username or email has already been taken!<br>"; } else { if ($_POST['p1'] != "") { if ($_POST['p1'] != $_POST['p2']) { $err = 1; $msg = "The passwords do not match!"; } else { $hasher = new \CODOF\Pass(8, false); $hash = $hasher->HashPassword($_POST['p1']); $arr['pass'] = $hash; } } if (isset($_FILES['user_img']) && !empty($_FILES['user_img']['name'])) { $image = $_FILES['user_img']; \CODOF\File\Upload::$width = 128; \CODOF\File\Upload::$height = 128; \CODOF\File\Upload::$resizeImage = true; \CODOF\File\Upload::$resizeIconPath = DATA_PATH . PROFILE_ICON_PATH; $file_info = \CODOF\File\Upload::do_upload($image, PROFILE_IMG_PATH); if (\CODOF\File\Upload::$error) { $err = 1; $msg = "Error While uploading the image, try with a different image."; } else {