Exemple #1
0
 public function login($type = 'public', $redirect = true)
 {
     // Initialize
     global $config;
     // Get user row
     if (!($user_row = DB::queryFirstRow("SELECT * FROM users WHERE username = %s", strtolower($_POST['username'])))) {
         $this->invalid_login($type);
     }
     // Check password
     $client = new encrypt();
     if ($client->get_password_hash($_POST['password'], $user_row['id']) != $user_row['password']) {
         $this->invalid_login($type);
     }
     // Get session ID
     do {
         $session_id = generate_random_string(60);
         $exists = DB::queryFirstRow("SELECT * FROM auth_sessions WHERE auth_hash = %s", hash('sha512', $session_id)) ? 1 : 0;
     } while ($exists > 0);
     // Check for 2FA
     $require_2fa = false;
     if ($config['enable_2fa'] == 'all') {
         $require_2fa = true;
     } elseif ($config['enable_2fa'] == 'admin' && $user_row['group_id'] == 1) {
         $require_2fa = true;
     }
     // Generate 2FA hash, if needed
     if ($require_2fa === true) {
         $status_2fa = 0;
         $hash_2fa = generate_random_string(60);
         // Send e-mail
         $url = "http://" . $_SERVER['HTTP_HOST'] . '/2fa/' . $hash_2fa;
         mail($user_row['email'], "2FA Authentication - {$config['site_name']}", "You are receiving this e-mail because you just tried to login to {$config['site_name']}, which required 2FA.  To proceed with your login, please click on the below URL:\r\n\r\n\t{$url}\r\n\r\nThank you,\r\n{$config['site_name']}\r\n");
     } else {
         $status_2fa = 1;
         $hash_2fa = '';
     }
     // Create session
     DB::insert('auth_sessions', array('userid' => $user_row['id'], 'last_active' => time(), 'auth_hash' => hash('sha512', $session_id), '2fa_status' => $status_2fa, '2fa_hash' => $hash_2fa));
     // Set cookie
     $cookie_name = COOKIE_NAME . 'auth_hash';
     setcookie($cookie_name, $session_id);
     // Update alerts
     DB::query("UPDATE alerts SET is_new = 0 WHERE is_new = 2 AND userid = %d", $user_row['id']);
     DB::query("UPDATE alerts SET is_new = 2 WHERE is_new = 1 AND userid = %d", $user_row['id']);
     // Redirect user
     if ($status_2fa == 0) {
         $route = $type == 'admin' ? 'admin/2fa' : '2fa';
         $template = new template($route);
         echo $template->parse();
         exit(0);
     } elseif ($type == 'admin' && $redirect === true) {
         header("Location: " . SITE_URI . "/admin/index");
         exit(0);
     }
     // Return
     return $user_row['id'];
 }
Exemple #2
0
 public function update()
 {
     // Initialize
     global $template, $config;
     // Checks
     if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
         $template->add_message("Invalid e-mail address, {$_POST['email']}", 'error');
     }
     // Set variables
     $updates = array();
     if ($config['username_field'] == 'email') {
         $_POST['new_username'] = $_POST['email'];
     }
     $old_username = DB::queryFirstField("SELECT username FROM users WHERE id = %d", $this->userid);
     // Set updates array
     if ($old_username != $_POST['new_username']) {
         if ($row = DB::queryFirstRow("SELECT * FROM users WHERE username = %s", strtolower($_POST['new_username']))) {
             $template->add_message("Unable to change username, as username already exists, {$_POST['new_username']}", 'error');
         } else {
             $updates['username'] = strtolower($_POST['new_username']);
         }
     }
     // Set other variables
     if (isset($_POST['is_admin'])) {
         $updates['group_id'] = $_POST['is_admin'] == 1 ? 1 : 2;
     }
     if (isset($_POST['is_active'])) {
         $updates['status'] = $_POST['is_active'] == 1 ? 'active' : 'inactive';
     }
     if (isset($_POST['full_name'])) {
         $updates['full_name'] = $_POST['full_name'];
     }
     $updates['email'] = strtolower($_POST['email']);
     // Update password, if needed
     if ($_POST['password'] != '' && $_POST['password'] == $_POST['password2']) {
         $client = new encrypt();
         $updates['password'] = $client->get_password_hash($_POST['password'], $this->userid);
     }
     // Get custom fields
     $custom_fields = array();
     $rows = DB::query("SELECT * FROM users_custom_fields ORDER BY id");
     foreach ($rows as $row) {
         $var = 'custom' . $row['id'];
         if (!isset($_POST[$var])) {
             continue;
         }
         $custom_fields[$var] = $_POST[$var];
     }
     $updates['custom_fields'] = serialize($custom_fields);
     // Update database
     if ($template->has_errors != 1) {
         DB::update('users', $updates, "id = %d", $this->userid);
         return true;
     } else {
         return false;
     }
 }