/**
* Authenticate user
*
* @static
* @param string $table User table name
* @param array $conditions array('field_name' => 'field_value')
* @param array $fields array needed to set session eg. array('field_name' => 'session_name')
* @param boolean $last_in if true update last_in field in the user record
* @param boolean $hash if true it uses hashkey to extend sessions life
* @return boolean
*/
public static function log_in($table, $conditions, $fields, $last_in = true, $hash = false)
{
$mod = new X4Auth_model($table);
$user = $mod->log_in($conditions, $fields);
// user exists!
if (!empty($user)) {
// set session values
foreach ($fields as $k => $v) {
$_SESSION[$v] = $user->{$k};
}
// update last login field
if ($last_in) {
$mod->last_in($user->id);
}
if ($hash) {
$new_hash = md5($conditions['username'] . $conditions['password'] . time() . SALT);
$res = $mod->update($user->id, array('hashkey' => $new_hash), 'users');
if ($res[1]) {
setcookie(COOKIE . '_hash', $new_hash, time() + 2592000, '/', $_SERVER['HTTP_HOST']);
}
}
return true;
}
return false;
}
/**
* Check if user need to be logged
*
* @static
* @param integer $id_area area ID
* @param string $location area/controller where redirect user for login
* @return void
*/
public static function logged($id_area = 1, $location = 'admin/login')
{
if (!isset($_SESSION['site']) || $_SESSION['site'] != SITE || $_SESSION['id_area'] != $id_area) {
// check for cookie HASH
$chk = false;
// check hashkey
if (isset($_COOKIE[COOKIE . '_hash']) && $_COOKIE[COOKIE . '_hash'] != '') {
$mod = new X4Auth_model('users');
$chk = $mod->rehash($id_area, $_COOKIE[COOKIE . '_hash']);
}
if (!$chk) {
header('Location: ' . ROOT . $location);
die;
}
}
}
/**
* Reset password
* send an email with new credentials
*
* @param integer $id User ID
* @param string $md5 Encrypted verification code
* @return void
*/
public function reset($id, $md5)
{
$mod = new X4Auth_model('users');
$user = $mod->get_by_id($id, 'users', 'last_in, password, mail, username');
if ($user) {
// user exists
if (md5($user->last_in . SITE . $user->password) == $md5 && time() - strtotime($user->last_in) < 604800) {
$new_pwd = X4Text_helper::random_string(6);
$result = $mod->reset($user->mail, $new_pwd);
if ($result) {
// load dictionary
$this->dict->get_wordarray(array('login', 'pwd_recovery'));
$src = array('XXXUSERNAMEXXX', 'XXXPASSWORDXXX');
$rpl = array($user->username, $new_pwd);
$view = new X4View_core(X4Utils_helper::set_tpl('mail'));
$view->subject = SERVICE . ' - ' . _RECOVERY_SUBJECT;
$view->message = str_replace($src, $rpl, _RECOVERY_BODY_RESET);
// build msg
$body = $view->__toString();
$msg = mb_convert_encoding($body, 'ISO-8859-1', 'auto');
// recipients
$to = array(array('mail' => $user->mail, 'name' => $user->username));
$check = X4Mailer_helper::mailto(MAIL, true, $view->subject, $msg, $to, array());
X4Utils_helper::set_msg($check, _RECOVERY_PWD_OK, _MSG_ERROR);
header('Location: ' . BASE_URL . 'login/recovery');
die;
}
// log
if (LOGS) {
$mod->logger($user->id, 1, 'users', 'recovery password completed for ' . $user->mail);
}
} else {
if (LOGS) {
$mod->logger($user->id, 1, 'users', 'recovery password failed for ' . $user->mail);
}
}
} else {
if (LOGS) {
$mod->logger($user->id, 1, 'users', 'recovery password attempt from unknown id ' . $id);
}
}
X4Utils_helper::set_msg(false, '', _RECOVERY_PWD_ERROR);
header('Location: ' . BASE_URL . 'login/recovery');
die;
}