/**
* Kill the session
* @return [type] [description]
*/
protected function _destroy_session($session_id = false)
{
PerchUtil::debug('destroying session');
if ($session_id) {
$sql = 'DELETE FROM ' . PERCH_DB_PREFIX . 'members_sessions WHERE sessionID=' . $this->db->pdb($session_id);
$this->db->execute($sql);
}
PerchUtil::setcookie(PERCH_MEMBERS_COOKIE, '', 0, '/', '', '', true);
}
public function receive_new_vote($SubmittedForm)
{
$input = $SubmittedForm->data;
if ($input['commentID']) {
$Comment = $this->find($input['commentID']);
if (is_object($Comment)) {
$Settings = $this->api->get('Settings');
if ($input['vote'] == 'up') {
$value = (int) $Settings->get('perch_comments_upvote')->val();
} else {
$value = 0 - (int) $Settings->get('perch_comments_downvote')->val();
}
if (isset($_COOKIE[$input['cookie']]) && $_COOKIE[$input['cookie']] != '') {
$voterID = $_COOKIE[$input['cookie']];
} else {
$voterID = $this->_get_new_voterID();
PerchUtil::setcookie($input['cookie'], $voterID, strtotime('+1 YEAR'), $input['cookie_path']);
}
$Comment->register_vote($value, $voterID);
}
}
}
public function authenticate($username, $password)
{
// Passwords should never be longer than 72 characters
if (strlen($password) > 72) {
return false;
}
$username = filter_var($username, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
if ($this->activate()) {
if (PERCH_PARANOID) {
// reset any expired lockouts for this user
$sql = 'UPDATE ' . $this->table . ' SET userLastFailedLogin=NULL, userFailedLoginAttempts=0
WHERE BINARY userUsername='******'
AND userLastFailedLogin<' . $this->db->pdb(date('Y-m-d H:i:s', strtotime('-' . PERCH_AUTH_LOCKOUT_DURATION)));
$this->db->execute($sql);
}
$sql = 'SELECT u.*, r.* FROM ' . $this->table . ' u, ' . PERCH_DB_PREFIX . 'user_roles r
WHERE u.roleID=r.roleID AND u.userEnabled=1 AND ';
if (PERCH_PARANOID) {
$sql .= 'BINARY userUsername='******' AND userFailedLoginAttempts<' . (int) PERCH_MAX_FAILED_LOGINS;
} else {
$sql .= 'userUsername='******' LIMIT 1';
$result = $this->db->get_row($sql);
if (is_array($result)) {
PerchUtil::debug('User exists, checking password.');
// presume password fail.
$password_match = false;
$stored_password = $result['userPassword'];
$Hasher = PerchUtil::get_password_hasher();
// data array for user details - gets committed if passwords check out.
$data = array();
// check password type
if (substr($stored_password, 0, 3) == '$P$') {
PerchUtil::debug('Stronger password hash.');
// stronger hash, check password
if ($Hasher->CheckPassword($password, $stored_password)) {
$password_match = true;
PerchUtil::debug('Password is ok.');
} else {
PerchUtil::debug('Password failed to match.');
}
} else {
// old MD5 password
PerchUtil::debug('Old MD5 password.');
if ($stored_password == md5($password)) {
$password_match = true;
PerchUtil::debug('Password is ok. Upgrading.');
//upgrade!
$hashed_password = $Hasher->HashPassword($password);
$data['userPassword'] = $hashed_password;
} else {
PerchUtil::debug('MD5 password failed to match.');
}
}
if ($password_match) {
$this->set_details($result);
$data['userHash'] = md5(uniqid());
$data['userLastLogin'] = date('Y-m-d H:i:s');
$data['userFailedLoginAttempts'] = 0;
$data['userLastFailedLogin'] = null;
$this->update($data);
$this->result['userHash'] = $data['userHash'];
$this->set_details($result);
PerchSession::regenerate();
PerchSession::set('userID', $result['userID']);
PerchSession::set('userHash', $data['userHash']);
$this->logged_in = true;
$this->_load_privileges();
if (!$this->has_priv('perch.login')) {
PerchUtil::debug('User role does not have login privs');
$this->logout();
return false;
}
// Set cookie for front-end might-be-authed check
PerchUtil::setcookie('cmsa', 1, strtotime('+30 days'), '/');
$Perch = Perch::fetch();
$Perch->event('user.login', $this);
return true;
}
// Username checks out, but wrong password.
$data['userFailedLoginAttempts'] = (int) $result['userFailedLoginAttempts'] + 1;
$data['userLastFailedLogin'] = date('Y-m-d H:i:s');
$this->set_details($result);
$this->update($data);
if (PERCH_PARANOID && $data['userFailedLoginAttempts'] == PERCH_MAX_FAILED_LOGINS) {
$this->send_lockout_email($result['userID']);
}
}
}
PerchUtil::debug('Writing auth fail to log.');
$username = escapeshellcmd(stripslashes($username));
@syslog(LOG_INFO, 'Authentication failure for ' . $username . ' from ' . PerchUtil::get_client_ip());
return false;
}
public function authenticate($username, $password)
{
// Passwords should never be longer than 72 characters
if (strlen($password) > 72) {
return false;
}
$username = filter_var($username, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
if ($this->activate()) {
$sql = 'SELECT u.*, r.* FROM ' . $this->table . ' u, ' . PERCH_DB_PREFIX . 'user_roles r
WHERE u.roleID=r.roleID AND u.userEnabled=1 AND userUsername='******' LIMIT 1';
$result = $this->db->get_row($sql);
if (is_array($result)) {
PerchUtil::debug('User exists, checking password.');
// presume password fail.
$password_match = false;
$stored_password = $result['userPassword'];
// check which type of password - default is portable
if (defined('PERCH_NONPORTABLE_HASHES') && PERCH_NONPORTABLE_HASHES) {
$portable_hashes = false;
} else {
$portable_hashes = true;
}
$Hasher = new PasswordHash(8, $portable_hashes);
// data array for user details - gets committed if passwords check out.
$data = array();
// check password type
if (substr($stored_password, 0, 3) == '$P$') {
PerchUtil::debug('Stronger password hash.');
// stronger hash, check password
if ($Hasher->CheckPassword($password, $stored_password)) {
$password_match = true;
PerchUtil::debug('Password is ok.');
} else {
PerchUtil::debug('Password failed to match.');
}
} else {
// old MD5 password
PerchUtil::debug('Old MD5 password.');
if ($stored_password == md5($password)) {
$password_match = true;
PerchUtil::debug('Password is ok. Upgrading.');
//upgrade!
$hashed_password = $Hasher->HashPassword($password);
$data['userPassword'] = $hashed_password;
} else {
PerchUtil::debug('MD5 password failed to match.');
}
}
if ($password_match) {
$this->set_details($result);
$data['userHash'] = md5(uniqid());
$data['userLastLogin'] = date('Y-m-d H:i:s');
$this->update($data);
$this->result['userHash'] = $data['userHash'];
$this->set_details($result);
PerchSession::regenerate();
PerchSession::set('userID', $result['userID']);
PerchSession::set('userHash', $data['userHash']);
$this->logged_in = true;
$this->_load_privileges();
if (!$this->has_priv('perch.login')) {
PerchUtil::debug('User role does not have login privs');
$this->logout();
return false;
}
// Set cookie for front-end might-be-authed checked
PerchUtil::setcookie('cmsa', 1, strtotime('+30 days'), '/');
$Perch = Perch::fetch();
$Perch->event('user.login', $this);
return true;
}
}
}
PerchUtil::debug('Writing auth fail to log.');
$username = escapeshellcmd(stripslashes($username));
syslog(LOG_INFO, 'Authentication failure for ' . $username . ' from ' . PerchUtil::get_client_ip());
return false;
}
