/**
* Logs this stake leader into the session given username and password
* @var $eml = The email address
* @var $pwd = The plaintext password (will be salted and hashed)
* @return If successful, the StakeLeader object. Otherwise null.
*/
public static function Login($eml, $pwd)
{
// Sanitize input
$eml = DB::Safe($eml);
// First, we need to obtain this stake leader's unique salt
$r = DB::Run("SELECT `Salt` FROM `Credentials` WHERE `Email`='{$eml}' AND `StakeLeaderID` > 0 LIMIT 1");
if (mysql_num_rows($r) == 0) {
return null;
}
$salt = mysql_result($r, 0);
// Now hash input according to our hashing algorithm and leader's salt
$pwd = hashPwd($pwd, $salt);
// See if the email/password combination are correct
$try = DB::Run("SELECT StakeLeaderID FROM Credentials WHERE Email='{$eml}' AND Password='******' AND StakeLeaderID > 0 LIMIT 1");
if (mysql_num_rows($try) == 0) {
return null;
}
// At this point, valid credentials were entered. Proceed...
$stakeLeaderID = mysql_result($try, 0);
$stakeLeader = StakeLeader::Load($stakeLeaderID);
// Update LastActivity
$stakeLeader->UpdateLastActivity();
// Since they've logged in, no more need for existing
// password reset tokens. Delete any strays for security.
$q = "DELETE FROM PwdResetTokens WHERE CredentialsID={$stakeLeader->CredentialsID()}";
DB::Run($q);
// Save the session. This is the actual "logging in" part.
session_regenerate_id();
// Helps prevent session hijacking
$_SESSION["stakeLeaderID"] = $stakeLeaderID;
$_SESSION["timestamp"] = time();
$_SESSION["ipaddress"] = $_SERVER['REMOTE_ADDR'];
return $stakeLeader;
}
public function Start()
{
// Necessary fields must be basically valid
if ($this->Started > 0 || $this->Finished > 0 || !$this->StakeID && !$this->WardID || !$this->SenderID || !$this->Message || !$this->Recipients || count($this->Recipients) == 0) {
return false;
}
// Populate the sender name and email fields for preservation purposes
if ($this->IsMemberSender()) {
$mem = Member::Load($this->SenderID);
$this->SenderName = $mem->FirstName() . " " . $mem->LastName;
$this->SenderPhone = $mem->PhoneNumber;
} else {
$leader = StakeLeader::Load($this->SenderID);
$this->SenderName = $leader->Title . " " . $leader->FirstName . " " . $leader->LastName;
$this->SenderPhone = $leader->PhoneNumber;
}
// We leave sendsms.php to set and save the "start" timestamp; we don't do it here.
$this->Save();
// See EmailJob.php for any explanation about this last part
$docroot = DOCROOT;
$smspwd = SMS_JOB_PASSWORD;
$cmd = "php {$docroot}/api/sendsms.php {$this->ID} {$smspwd}";
exec("/usr/bin/nohup {$cmd} &> error_log &");
return true;
}
public function Start()
{
// Necessary fields must be filled out
if ($this->Started > 0 || $this->Ended > 0 || !$this->MemberID && !$this->StakeLeaderID || !$this->Subject || !$this->Message || !$this->Recipients) {
return;
}
// Populate the sender name and email fields for preservation purposes
if ($this->IsMemberSender()) {
$mem = Member::Load($this->MemberID);
$this->SenderName = $mem->FirstName() . " " . $mem->LastName;
$this->SenderEmail = $mem->Email;
} else {
$leader = StakeLeader::Load($this->StakeLeaderID);
$this->SenderName = $leader->Title . " " . $leader->LastName;
$this->SenderEmail = $leader->Email;
}
// We leave sendemails.php to set and save the "start" timestamp; we don't do it here.
$this->Save();
// Call the worker process to run in the background. We pass in the ID
// of the EmailJob so it can load all its info and process it. The worker
// process sends the emails at a throttled rate.
// The & tells it to go into the background, and the /dev/null thing
// means any output can be discarded. The funky string "DKQl..." is a
// password for internal use to help verify that the request is a valid one
// from a legit source.
$docroot = DOCROOT;
$pwd = EMAIL_JOB_PASSWORD;
$cmd = "php {$docroot}/api/sendemails.php {$this->ID} {$pwd}";
exec("/usr/bin/nohup {$cmd} &> error_log &");
}
}
// Verify that the credentials ID matches the token
$credID = DB::Safe($credID);
$token = DB::Safe($token);
$r = DB::Run("SELECT 1 FROM `PwdResetTokens` WHERE `CredentialsID`='{$credID}' AND `Token`='{$token}' LIMIT 1");
if (mysql_num_rows($r) == 0) {
Response::Send(400, "Account ID and token do not appear to match. Maybe try again from the link in your email?");
}
// Get account object (Member or Leader) -- first we have to determine which type it is
$q2 = DB::Run("SELECT * FROM Credentials WHERE ID='{$credID}' LIMIT 1");
$r = mysql_fetch_array($q2);
$memberID = $r['MemberID'];
$leaderID = $r['StakeLeaderID'];
$user = null;
if ($memberID && !$leaderID) {
$user = @Member::Load($memberID);
} else {
if ($leaderID && !$memberID) {
$user = @StakeLeader::Load($leaderID);
}
}
if (!$user) {
Response::Send(500, "Could not load account with ID '{$memberID}' or '{$leaderID}', from credentials ID {$credID} -- please report this exact error message. Thanks...");
}
// Reset password.
if (!$user->ChangePassword($pwd1)) {
// This function deletes the token from the DB for us
Response::Send(500, "Could not reset your password for some reason... please report this.");
}
// In the clear!
Response::Send(200);
