/** * Authenticate user * * @static * @param string $table User table name * @param array $conditions array('field_name' => 'field_value') * @param array $fields array needed to set session eg. array('field_name' => 'session_name') * @param boolean $last_in if true update last_in field in the user record * @param boolean $hash if true it uses hashkey to extend sessions life * @return boolean */ public static function log_in($table, $conditions, $fields, $last_in = true, $hash = false) { $mod = new X4Auth_model($table); $user = $mod->log_in($conditions, $fields); // user exists! if (!empty($user)) { // set session values foreach ($fields as $k => $v) { $_SESSION[$v] = $user->{$k}; } // update last login field if ($last_in) { $mod->last_in($user->id); } if ($hash) { $new_hash = md5($conditions['username'] . $conditions['password'] . time() . SALT); $res = $mod->update($user->id, array('hashkey' => $new_hash), 'users'); if ($res[1]) { setcookie(COOKIE . '_hash', $new_hash, time() + 2592000, '/', $_SERVER['HTTP_HOST']); } } return true; } return false; }
/** * Check if user need to be logged * * @static * @param integer $id_area area ID * @param string $location area/controller where redirect user for login * @return void */ public static function logged($id_area = 1, $location = 'admin/login') { if (!isset($_SESSION['site']) || $_SESSION['site'] != SITE || $_SESSION['id_area'] != $id_area) { // check for cookie HASH $chk = false; // check hashkey if (isset($_COOKIE[COOKIE . '_hash']) && $_COOKIE[COOKIE . '_hash'] != '') { $mod = new X4Auth_model('users'); $chk = $mod->rehash($id_area, $_COOKIE[COOKIE . '_hash']); } if (!$chk) { header('Location: ' . ROOT . $location); die; } } }
/** * Reset password * send an email with new credentials * * @param integer $id User ID * @param string $md5 Encrypted verification code * @return void */ public function reset($id, $md5) { $mod = new X4Auth_model('users'); $user = $mod->get_by_id($id, 'users', 'last_in, password, mail, username'); if ($user) { // user exists if (md5($user->last_in . SITE . $user->password) == $md5 && time() - strtotime($user->last_in) < 604800) { $new_pwd = X4Text_helper::random_string(6); $result = $mod->reset($user->mail, $new_pwd); if ($result) { // load dictionary $this->dict->get_wordarray(array('login', 'pwd_recovery')); $src = array('XXXUSERNAMEXXX', 'XXXPASSWORDXXX'); $rpl = array($user->username, $new_pwd); $view = new X4View_core(X4Utils_helper::set_tpl('mail')); $view->subject = SERVICE . ' - ' . _RECOVERY_SUBJECT; $view->message = str_replace($src, $rpl, _RECOVERY_BODY_RESET); // build msg $body = $view->__toString(); $msg = mb_convert_encoding($body, 'ISO-8859-1', 'auto'); // recipients $to = array(array('mail' => $user->mail, 'name' => $user->username)); $check = X4Mailer_helper::mailto(MAIL, true, $view->subject, $msg, $to, array()); X4Utils_helper::set_msg($check, _RECOVERY_PWD_OK, _MSG_ERROR); header('Location: ' . BASE_URL . 'login/recovery'); die; } // log if (LOGS) { $mod->logger($user->id, 1, 'users', 'recovery password completed for ' . $user->mail); } } else { if (LOGS) { $mod->logger($user->id, 1, 'users', 'recovery password failed for ' . $user->mail); } } } else { if (LOGS) { $mod->logger($user->id, 1, 'users', 'recovery password attempt from unknown id ' . $id); } } X4Utils_helper::set_msg(false, '', _RECOVERY_PWD_ERROR); header('Location: ' . BASE_URL . 'login/recovery'); die; }