/** * Kill the session * @return [type] [description] */ protected function _destroy_session($session_id = false) { PerchUtil::debug('destroying session'); if ($session_id) { $sql = 'DELETE FROM ' . PERCH_DB_PREFIX . 'members_sessions WHERE sessionID=' . $this->db->pdb($session_id); $this->db->execute($sql); } PerchUtil::setcookie(PERCH_MEMBERS_COOKIE, '', 0, '/', '', '', true); }
public function receive_new_vote($SubmittedForm) { $input = $SubmittedForm->data; if ($input['commentID']) { $Comment = $this->find($input['commentID']); if (is_object($Comment)) { $Settings = $this->api->get('Settings'); if ($input['vote'] == 'up') { $value = (int) $Settings->get('perch_comments_upvote')->val(); } else { $value = 0 - (int) $Settings->get('perch_comments_downvote')->val(); } if (isset($_COOKIE[$input['cookie']]) && $_COOKIE[$input['cookie']] != '') { $voterID = $_COOKIE[$input['cookie']]; } else { $voterID = $this->_get_new_voterID(); PerchUtil::setcookie($input['cookie'], $voterID, strtotime('+1 YEAR'), $input['cookie_path']); } $Comment->register_vote($value, $voterID); } } }
public function authenticate($username, $password) { // Passwords should never be longer than 72 characters if (strlen($password) > 72) { return false; } $username = filter_var($username, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); if ($this->activate()) { if (PERCH_PARANOID) { // reset any expired lockouts for this user $sql = 'UPDATE ' . $this->table . ' SET userLastFailedLogin=NULL, userFailedLoginAttempts=0 WHERE BINARY userUsername='******' AND userLastFailedLogin<' . $this->db->pdb(date('Y-m-d H:i:s', strtotime('-' . PERCH_AUTH_LOCKOUT_DURATION))); $this->db->execute($sql); } $sql = 'SELECT u.*, r.* FROM ' . $this->table . ' u, ' . PERCH_DB_PREFIX . 'user_roles r WHERE u.roleID=r.roleID AND u.userEnabled=1 AND '; if (PERCH_PARANOID) { $sql .= 'BINARY userUsername='******' AND userFailedLoginAttempts<' . (int) PERCH_MAX_FAILED_LOGINS; } else { $sql .= 'userUsername='******' LIMIT 1'; $result = $this->db->get_row($sql); if (is_array($result)) { PerchUtil::debug('User exists, checking password.'); // presume password fail. $password_match = false; $stored_password = $result['userPassword']; $Hasher = PerchUtil::get_password_hasher(); // data array for user details - gets committed if passwords check out. $data = array(); // check password type if (substr($stored_password, 0, 3) == '$P$') { PerchUtil::debug('Stronger password hash.'); // stronger hash, check password if ($Hasher->CheckPassword($password, $stored_password)) { $password_match = true; PerchUtil::debug('Password is ok.'); } else { PerchUtil::debug('Password failed to match.'); } } else { // old MD5 password PerchUtil::debug('Old MD5 password.'); if ($stored_password == md5($password)) { $password_match = true; PerchUtil::debug('Password is ok. Upgrading.'); //upgrade! $hashed_password = $Hasher->HashPassword($password); $data['userPassword'] = $hashed_password; } else { PerchUtil::debug('MD5 password failed to match.'); } } if ($password_match) { $this->set_details($result); $data['userHash'] = md5(uniqid()); $data['userLastLogin'] = date('Y-m-d H:i:s'); $data['userFailedLoginAttempts'] = 0; $data['userLastFailedLogin'] = null; $this->update($data); $this->result['userHash'] = $data['userHash']; $this->set_details($result); PerchSession::regenerate(); PerchSession::set('userID', $result['userID']); PerchSession::set('userHash', $data['userHash']); $this->logged_in = true; $this->_load_privileges(); if (!$this->has_priv('perch.login')) { PerchUtil::debug('User role does not have login privs'); $this->logout(); return false; } // Set cookie for front-end might-be-authed check PerchUtil::setcookie('cmsa', 1, strtotime('+30 days'), '/'); $Perch = Perch::fetch(); $Perch->event('user.login', $this); return true; } // Username checks out, but wrong password. $data['userFailedLoginAttempts'] = (int) $result['userFailedLoginAttempts'] + 1; $data['userLastFailedLogin'] = date('Y-m-d H:i:s'); $this->set_details($result); $this->update($data); if (PERCH_PARANOID && $data['userFailedLoginAttempts'] == PERCH_MAX_FAILED_LOGINS) { $this->send_lockout_email($result['userID']); } } } PerchUtil::debug('Writing auth fail to log.'); $username = escapeshellcmd(stripslashes($username)); @syslog(LOG_INFO, 'Authentication failure for ' . $username . ' from ' . PerchUtil::get_client_ip()); return false; }
public function authenticate($username, $password) { // Passwords should never be longer than 72 characters if (strlen($password) > 72) { return false; } $username = filter_var($username, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); if ($this->activate()) { $sql = 'SELECT u.*, r.* FROM ' . $this->table . ' u, ' . PERCH_DB_PREFIX . 'user_roles r WHERE u.roleID=r.roleID AND u.userEnabled=1 AND userUsername='******' LIMIT 1'; $result = $this->db->get_row($sql); if (is_array($result)) { PerchUtil::debug('User exists, checking password.'); // presume password fail. $password_match = false; $stored_password = $result['userPassword']; // check which type of password - default is portable if (defined('PERCH_NONPORTABLE_HASHES') && PERCH_NONPORTABLE_HASHES) { $portable_hashes = false; } else { $portable_hashes = true; } $Hasher = new PasswordHash(8, $portable_hashes); // data array for user details - gets committed if passwords check out. $data = array(); // check password type if (substr($stored_password, 0, 3) == '$P$') { PerchUtil::debug('Stronger password hash.'); // stronger hash, check password if ($Hasher->CheckPassword($password, $stored_password)) { $password_match = true; PerchUtil::debug('Password is ok.'); } else { PerchUtil::debug('Password failed to match.'); } } else { // old MD5 password PerchUtil::debug('Old MD5 password.'); if ($stored_password == md5($password)) { $password_match = true; PerchUtil::debug('Password is ok. Upgrading.'); //upgrade! $hashed_password = $Hasher->HashPassword($password); $data['userPassword'] = $hashed_password; } else { PerchUtil::debug('MD5 password failed to match.'); } } if ($password_match) { $this->set_details($result); $data['userHash'] = md5(uniqid()); $data['userLastLogin'] = date('Y-m-d H:i:s'); $this->update($data); $this->result['userHash'] = $data['userHash']; $this->set_details($result); PerchSession::regenerate(); PerchSession::set('userID', $result['userID']); PerchSession::set('userHash', $data['userHash']); $this->logged_in = true; $this->_load_privileges(); if (!$this->has_priv('perch.login')) { PerchUtil::debug('User role does not have login privs'); $this->logout(); return false; } // Set cookie for front-end might-be-authed checked PerchUtil::setcookie('cmsa', 1, strtotime('+30 days'), '/'); $Perch = Perch::fetch(); $Perch->event('user.login', $this); return true; } } } PerchUtil::debug('Writing auth fail to log.'); $username = escapeshellcmd(stripslashes($username)); syslog(LOG_INFO, 'Authentication failure for ' . $username . ' from ' . PerchUtil::get_client_ip()); return false; }