function Authenticate($Username, $Password, $PersistentSession)
{
// Validate the username and password that have been set
$UserID = 0;
$UserManager = $this->Context->ObjectFactory->NewContextObject($this->Context, 'UserManager');
$User = $UserManager->GetUserCredentials(0, $Username);
if (!$User === null) {
$UserID = -2;
} elseif ($User) {
if ($User->VerificationKey == '') {
$User->VerificationKey = DefineVerificationKey();
}
if ($this->PasswordHash->CheckPassword($User, $Password)) {
if (!$User->PERMISSION_SIGN_IN) {
$UserID = -1;
} else {
$UserID = $User->UserID;
$VerificationKey = $User->VerificationKey;
// 1. Update the user's information
$UserManager->UpdateUserLastVisit($UserID, $VerificationKey);
// 2. Log the user's IP address
$UserManager->AddUserIP($UserID);
// Assign the session value
$this->AssignSessionUserID($UserID);
// Set the 'remember me' cookies
if ($PersistentSession) {
$this->SetCookieCredentials($UserID, $VerificationKey);
}
}
}
}
return $UserID;
}
/**
* Return the key used for CSRF protection.
* @return String
*/
function GetCsrfValidationKey()
{
$Key = $this->GetVariable('SessionPostBackKey', 'string');
if ($Key == '') {
$Key = DefineVerificationKey();
$this->SetVariable('SessionPostBackKey', $Key);
}
return $Key;
}
function Authenticate($Username, $Password, $PersistentSession)
{
// Validate the username and password that have been set
$Username = FormatStringForDatabaseInput($Username);
$Password = FormatStringForDatabaseInput($Password);
$UserID = 0;
// Retrieve matching username/password values
$s = $this->Context->ObjectFactory->NewContextObject($this->Context, 'SqlBuilder');
$s->SetMainTable('User', 'u');
$s->AddJoin('Role', 'r', 'RoleID', 'u', 'RoleID', 'left join');
$s->AddSelect(array('UserID', 'VerificationKey'), 'u');
$s->AddSelect('PERMISSION_SIGN_IN', 'r');
$s->AddWhere('u', 'Name', '', $Username, '=');
$s->AddWhere('u', 'Password', '', $Password, '=', 'and', 'md5', 1, 1);
$s->AddWhere('u', 'Password', '', $Password, '=', 'or');
$s->EndWhereGroup();
$UserResult = $this->Context->Database->Select($s, 'Authenticator', 'Authenticate', 'An error occurred while attempting to validate your credentials');
if (!$UserResult) {
$UserID = -2;
} elseif ($this->Context->Database->RowCount($UserResult) > 0) {
$CanSignIn = 0;
$VerificationKey = '';
while ($rows = $this->Context->Database->GetRow($UserResult)) {
$VerificationKey = ForceString($rows['VerificationKey'], '');
if ($VerificationKey == '') {
$VerificationKey = DefineVerificationKey();
}
$UserID = ForceInt($rows['UserID'], 0);
$CanSignIn = ForceBool($rows['PERMISSION_SIGN_IN'], 0);
}
if (!$CanSignIn) {
$UserID = -1;
} else {
// Update the user's information
$this->UpdateLastVisit($UserID, $VerificationKey);
// Assign the session value
$this->AssignSessionUserID($UserID);
// Set the 'remember me' cookies
if ($PersistentSession) {
$this->SetCookieCredentials($UserID, $VerificationKey);
}
}
}
return $UserID;
}
function RequestPasswordReset($Username)
{
$Username = FormatStringForDatabaseInput($Username, '');
$Email = false;
if ($Username == '') {
$this->Context->WarningCollector->Add($this->Context->GetDefinition('ErrInvalidUsername'));
} else {
// Attempt to retrieve email address
$s = $this->Context->ObjectFactory->NewContextObject($this->Context, 'SqlBuilder');
$s->SetMainTable('User', 'u');
$s->AddSelect(array('Email', 'Name', 'UserID'), 'u');
$s->AddWhere('u', 'Name', '', $Username, '=');
$UserResult = $this->Context->Database->Select($s, $this->Name, 'RequestPasswordReset', 'An error occurred while retrieving account information.');
if ($this->Context->Database->RowCount($UserResult) == 0) {
$this->Context->WarningCollector->Add($this->Context->GetDefinition('ErrAccountNotFound'));
} else {
$Name = '';
$Email = '';
$UserID = 0;
while ($rows = $this->Context->Database->GetRow($UserResult)) {
$UserID = ForceInt($rows['UserID'], 0);
$Email = ForceString($rows['Email'], '');
$Name = FormatStringForDisplay($rows['Name'], 1);
}
// Now that we have the email, generate an email verification key
$EmailVerificationKey = DefineVerificationKey();
// Insert the email verification key into the user table
$s->Clear();
$s->SetMainTable('User', 'u');
$s->AddFieldNameValue('EmailVerificationKey', $EmailVerificationKey, 1);
$s->AddWhere('u', 'UserID', '', $UserID, '=');
$this->Context->Database->Update($s, $this->Name, 'RequestPasswordReset', 'An error occurred while managing your account information.');
// If there are no errors, send the user an email
if ($this->Context->WarningCollector->Count() == 0) {
// Retrieve the email body
$File = $this->Context->Configuration['LANGUAGES_PATH'] . $this->Context->Configuration['LANGUAGE'] . '/email_password_request.txt';
$EmailBody = @file_get_contents($File);
if (!$EmailBody) {
$this->Context->ErrorManager->AddError($this->Context, $this->Name, 'AssignRole', 'Failed to read email template (' . $File . ').');
}
$e = $this->Context->ObjectFactory->NewContextObject($this->Context, 'Email');
$e->HtmlOn = 0;
$e->WarningCollector =& $this->Context->WarningCollector;
$e->ErrorManager =& $this->Context->ErrorManager;
$e->AddFrom($this->Context->Configuration['SUPPORT_EMAIL'], $this->Context->Configuration['SUPPORT_NAME']);
$e->AddRecipient($Email, $Name);
$e->Subject = $this->Context->Configuration['APPLICATION_TITLE'] . ' ' . $this->Context->GetDefinition('PasswordResetRequest');
$e->Body = str_replace(array('{user_name}', '{forum_name}', '{password_url}'), array($Name, $this->Context->Configuration['APPLICATION_TITLE'], ConcatenatePath($this->Context->Configuration['BASE_URL'], GetUrl($this->Context->Configuration, 'people.php', '', '', '', '', 'PostBackAction=PasswordResetForm&u=' . $UserID . '&k=' . $EmailVerificationKey))), $EmailBody);
$e->Send();
}
}
}
return $this->Context->WarningCollector->Iif($Email, false);
}
function GetIdentity()
{
if (!session_id()) {
session_start();
}
$UserID = ForceInt(@$_SESSION[$this->Context->Configuration['SESSION_USER_IDENTIFIER']], 0);
if ($UserID == 0) {
// UserID wasn't found in the session, so attempt to retrieve it from the cookies
// Retrieve cookie values
$EncryptedUserID = ForceIncomingCookieString($this->Context->Configuration['COOKIE_USER_KEY'], '');
$VerificationKey = ForceIncomingCookieString($this->Context->Configuration['COOKIE_VERIFICATION_KEY'], '');
if ($EncryptedUserID != '' && $VerificationKey != '') {
// Compare against db values
// Sadly, because this class is meant to be an interface for distributed objects, I can't use any of the error checking in the Lussumo Framework
$Query = "select UserID\n\t\t\t\t\tfrom LUM_User\n\t\t\t\t\twhere VerificationKey = '" . FormatStringForDatabaseInput($VerificationKey) . "'";
$Result = $this->Context->Database->Execute($Query, 'Authenticator', 'GetIdentity', 'An error occurred while attempting to validate your remember me credentials');
if ($Result) {
$UserID = 0;
while ($rows = $this->Context->Database->GetRow($Result)) {
if ($EncryptedUserID == md5($rows['UserID'])) {
$UserID = ForceInt($rows['UserID'], 0);
$EncryptedUserID = $rows['EncryptedUserID'];
break;
}
}
if ($UserID > 0) {
// 1. Set a new verification key
$VerificationKey = DefineVerificationKey();
// 2. Update the user's information
$this->UpdateLastVisit($UserID, $VerificationKey);
// 3. Set the 'remember me' cookies
$this->SetCookieCredentials($EncryptedUserID, $VerificationKey);
// 4. Log the user's IP address
$this->LogIp($UserID);
}
}
}
}
// If it has now been found, set up the session.
$this->AssignSessionUserID($UserID);
return $UserID;
}
function Constructor(&$Context)
{
$this->Control($Context);
$this->Delegates = array();
$this->FormPostBackKey = ForceIncomingString('FormPostBackKey', '');
// Get delegates from the context object that were added before this object was instantiated
if (array_key_exists($this->Name, $this->Context->DelegateCollection)) {
$this->Delegates = array_merge($this->Delegates, $this->Context->DelegateCollection[$this->Name]);
}
// Define the postback action
$this->PostBackAction = ForceIncomingString('PostBackAction', '');
$this->PostBackValidated = 0;
$this->PostBackParams = $this->Context->ObjectFactory->NewObject($this->Context, 'Parameters');
if ($this->Context->Session->UserID > 0) {
$this->SessionPostBackKey = $this->Context->Session->GetVariable('SessionPostBackKey', 'string');
// If the postback key has not been created, do so now.
if ($this->SessionPostBackKey == '') {
$this->SessionPostBackKey = DefineVerificationKey();
$this->Context->Session->SetVariable('SessionPostBackKey', $this->SessionPostBackKey);
}
$this->PostBackParams->Set('FormPostBackKey', $this->SessionPostBackKey, 1, '', 1);
}
// Set the IsPostBack property (If the postback action is in this control's set of valid actions, then it has been posted back).
$this->IsPostBack = is_array($this->ValidActions) && in_array($this->PostBackAction, $this->ValidActions);
}
