public function __construct($sTable) { parent::__construct(); $oUserModel = new UserCoreModel(); $sMail = $this->httpRequest->post('mail'); if (!($iProfileId = $oUserModel->getId($sMail, null, $sTable))) { sleep(1); // Security against brute-force attack to avoid drowning the server and the database \PFBC\Form::setError('form_forgot_password', t('Oops, this "%0%" is not associated with any %site_name% account. Please, make sure that you entered the e-mail address used in creating your account.', escape(substr($sMail, 0, PH7_MAX_EMAIL_LENGTH)))); } else { $oUserModel->setNewHashValidation($iProfileId, Various::genRnd(), $sTable); (new UserCore())->clearReadProfileCache($iProfileId, $sTable); // Clean the profile data (for the new hash) $oData = $oUserModel->readProfile($iProfileId, $sTable); /** We place the text outside of Uri::get() otherwise special characters will be deleted and the parameters passed in the url will be unusable thereafter. **/ $sResetUrl = Uri::get('lost-password', 'main', 'reset', $this->httpRequest->get('mod')) . PH7_SH . $oData->email . PH7_SH . $oData->hashValidation; $this->view->content = t('Hello %0%!<br />Somebody (from the IP address %1%) has requested a new password for their account.', $oData->username, Ip::get()) . '<br />' . t('If you requested for this, click on the link below, otherwise ignore this email and your password will remain unchanged.') . '<br /><a href="' . $sResetUrl . '">' . $sResetUrl . '</a>'; $sMessageHtml = $this->view->parseMail(PH7_PATH_SYS . 'global/' . PH7_VIEWS . PH7_TPL_NAME . '/mail/sys/mod/lost-password/confirm-lost-password.tpl', $oData->email); $aInfo = ['to' => $oData->email, 'subject' => t('Request for new password - %site_name%')]; unset($oData); if (!(new Mail())->send($aInfo, $sMessageHtml)) { \PFBC\Form::setError('form_forgot_password', Form::errorSendingEmail()); } else { \PFBC\Form::setSuccess('form_forgot_password', t('Successfully requested a new password, email sent!')); } } unset($oUserModel); }
public function __construct() { parent::__construct(); $oUserModel = new UserCoreModel(); $oSecurityModel = new SecurityModel(); $sEmail = $this->httpRequest->post('mail'); $sPassword = $this->httpRequest->post('password'); /** Check if the connection is not locked **/ $bIsLoginAttempt = (bool) DbConfig::getSetting('isUserLoginAttempt'); $iMaxAttempts = (int) DbConfig::getSetting('maxUserLoginAttempts'); $iTimeDelay = (int) DbConfig::getSetting('loginUserAttemptTime'); if ($bIsLoginAttempt && !$oSecurityModel->checkLoginAttempt($iMaxAttempts, $iTimeDelay, $sEmail, $this->view)) { \PFBC\Form::setError('form_login_user', Form::loginAttemptsExceededMsg($iTimeDelay)); return; // Stop execution of the method. } // Check Login $sLogin = $oUserModel->login($sEmail, $sPassword); if ($sLogin === 'email_does_not_exist' || $sLogin === 'password_does_not_exist') { sleep(1); // Security against brute-force attack to avoid drowning the server and the database if ($sLogin === 'email_does_not_exist') { $this->session->set('captcha_enabled', 1); // Enable Captcha \PFBC\Form::setError('form_login_user', t('Oops! "%0%" is not associated with any %site_name% account.', escape(substr($sEmail, 0, PH7_MAX_EMAIL_LENGTH)))); $oSecurityModel->addLoginLog($sEmail, 'Guest', 'No Password', 'Failed! Incorrect Username'); } elseif ($sLogin === 'password_does_not_exist') { $oSecurityModel->addLoginLog($sEmail, 'Guest', $sPassword, 'Failed! Incorrect Password'); if ($bIsLoginAttempt) { $oSecurityModel->addLoginAttempt(); } $this->session->set('captcha_enabled', 1); // Enable Captcha $sWrongPwdTxt = t('Oops! This password you entered is incorrect.') . '<br />'; $sWrongPwdTxt .= t('Please try again (make sure your caps lock is off).') . '<br />'; $sWrongPwdTxt .= t('Forgot your password? <a href="%0%">Request a new one</a>.', Uri::get('lost-password', 'main', 'forgot', 'user')); \PFBC\Form::setError('form_login_user', $sWrongPwdTxt); } } else { $oSecurityModel->clearLoginAttempts(); $this->session->remove('captcha_enabled'); $iId = $oUserModel->getId($sEmail); $oUserData = $oUserModel->readProfile($iId); if ($this->httpRequest->postExists('remember')) { // We hash again the password (new Framework\Cookie\Cookie())->set(array('member_remember' => Security::hashCookie($oUserData->password), 'member_id' => $oUserData->profileId)); } $oUser = new UserCore(); if (true !== ($mStatus = $oUser->checkAccountStatus($oUserData))) { \PFBC\Form::setError('form_login_user', $mStatus); } else { $oUser->setAuth($oUserData, $oUserModel, $this->session); Header::redirect(Uri::get('user', 'account', 'index'), t('You are successfully logged!')); } } }
/** * Set an user authentication. * * @param integer $iId * @param object \PH7\UserCoreModel $oUserModel * @return void */ public function setLogin($iId, UserCoreModel $oUserModel) { $oUserData = $oUserModel->readProfile($iId); $oUser = new UserCore(); if (true === ($sErrMsg = $oUser->checkAccountStatus($oUserData))) { $oUser->setAuth($oUserData, $oUserModel, new Framework\Session\Session()); } unset($oUser, $oUserModel); true !== $sErrMsg ? $this->oDesign->setFlashMsg($sErrMsg) : t('Hi %0%, welcome to %site_name%', '<em>' . $oUserData->firstName . '</em>'); }