/** * Given an array or string as `$needle` and an existing `$member_id` * this function will return the `$member_id` if the given * password matches this `$member_id`, otherwise null. * * @param array|string $needle * @param integer $member_id * @param boolean $isHashed * @return Entry|null */ public function fetchMemberIDBy($needle, $member_id = null, $isHashed = false) { $valid = true; if (is_array($needle)) { extract($needle); } else { $password = $needle; } if (empty($password)) { extension_Members::$_errors[$this->get('element_name')] = array('message' => __('\'%s\' is a required field.', array($this->get('label'))), 'message-id' => EventMessages::FIELD_MISSING, 'type' => 'missing', 'label' => $this->get('label')); return null; } $data = Symphony::Database()->fetchRow(0, sprintf("\n\t\t\t\t\tSELECT `entry_id`, `password`, `reset`\n\t\t\t\t\tFROM `tbl_entries_data_%d`\n\t\t\t\t\tWHERE %s\n\t\t\t\t\tLIMIT 1\n\t\t\t\t", $this->get('id'), is_null($member_id) ? '1 = 1' : sprintf('`entry_id` = %d', Symphony::Database()->cleanValue($member_id)))); if (!empty($data)) { // The old passwords had salts, so add that the password // for accurate comparsion to determine if migrating needs to happen if ($isHashed === false && strlen($data['password']) === 40 && !is_null($this->get('salt'))) { $compare_password = $this->get('salt') . $password; } else { $compare_password = $password; } // Check if the password's match if (Cryptography::compare($compare_password, $data['password'], $isHashed)) { // Great! They match, but do we need to update the original password // to a more secure algorithm now? if (Cryptography::requiresMigration($data['password'])) { Symphony::Database()->update(array('password' => $this->encodePassword($password)), 'tbl_entries_data_' . $this->get('id'), sprintf('`entry_id` = %d', Symphony::Database()->cleanValue($member_id))); } } else { $valid = false; } } // Check that if the password has been reset that it is still valid if ($valid && $data['reset'] == 'yes') { $valid_id = Symphony::Database()->fetchVar('entry_id', 0, sprintf("\n\t\t\t\t\t\tSELECT `entry_id`\n\t\t\t\t\t\tFROM `tbl_entries_data_%d`\n\t\t\t\t\t\tWHERE `entry_id` = %d\n\t\t\t\t\t\tAND DATE_FORMAT(expires, '%%Y-%%m-%%d %%H:%%i:%%s') > '%s'\n\t\t\t\t\t\tLIMIT 1\n\t\t\t\t\t", $this->get('id'), $data['entry_id'], DateTimeObj::get('Y-m-d H:i:s', strtotime('now - ' . $this->get('code_expiry'))))); // If we didn't get an entry_id back, then it's because it was expired if (is_null($valid_id)) { extension_Members::$_errors[$this->get('element_name')] = array('message' => __('Recovery code has expired.'), 'type' => 'invalid', 'label' => $this->get('label')); } else { $fields = array('reset' => 'no', 'expires' => null); Symphony::Database()->update($fields, 'tbl_entries_data_' . $this->get('id'), ' `entry_id` = ' . $valid_id); } } if ($valid) { return $member_id; } extension_Members::$_errors[$this->get('element_name')] = array('message' => __('Invalid %s.', array($this->get('label'))), 'message-id' => MemberEventMessages::MEMBER_INVALID, 'type' => 'invalid', 'label' => $this->get('label')); return null; }
/** * Overload the Symphony::login function to bypass some code that * forces use of the Administration class (which of course is not * available in Shell). Hopefully this is fixed in the core Symphony code * */ public static function login($username, $password, $isHash = false) { $username = self::Database()->cleanValue($username); $password = self::Database()->cleanValue($password); if (strlen(trim($username)) > 0 && strlen(trim($password)) > 0) { $author = \AuthorManager::fetch('id', 'ASC', 1, null, sprintf("\n `username` = '%s'\n ", $username)); if (!empty($author) && \Cryptography::compare($password, current($author)->get('password'), $isHash)) { self::$Author = current($author); // Only migrate hashes if there is no update available as the update might change the tbl_authors table. if (\Cryptography::requiresMigration(self::$Author->get('password'))) { throw new ShellException('User details require updating. Please login to the admin interface.'); } self::$Cookie->set('username', $username); self::$Cookie->set('pass', self::$Author->get('password')); self::Database()->update(array('last_seen' => \DateTimeObj::get('Y-m-d H:i:s')), 'tbl_authors', sprintf(" `id` = %d", self::$Author->get('id'))); return true; } } return false; }
/** * Attempts to log an Author in given a username and password. * If the password is not hashed, it will be hashed using the sha1 * algorithm. The username and password will be sanitized before * being used to query the Database. If an Author is found, they * will be logged in and the sanitized username and password (also hashed) * will be saved as values in the `$Cookie`. * * @see toolkit.General#hash() * @param string $username * The Author's username. This will be sanitized before use. * @param string $password * The Author's password. This will be sanitized and then hashed before use * @param boolean $isHash * If the password provided is already hashed, setting this parameter to * true will stop it becoming rehashed. By default it is false. * @return boolean * True if the Author was logged in, false otherwise */ public function login($username, $password, $isHash = false) { $username = self::Database()->cleanValue($username); $password = self::Database()->cleanValue($password); if (strlen(trim($username)) > 0 && strlen(trim($password)) > 0) { $author = AuthorManager::fetch('id', 'ASC', 1, null, sprintf("\n\t\t\t\t\t\t`username` = '%s'\n\t\t\t\t\t", $username)); if (!empty($author) && Cryptography::compare($password, current($author)->get('password'), $isHash)) { $this->Author = current($author); // Only migrate hashes if there is no update available as the update might change the tbl_authors table. if (!Administration::instance()->isUpgradeAvailable() && Cryptography::requiresMigration($this->Author->get('password'))) { $this->Author->set('password', Cryptography::hash($password)); self::Database()->update(array('password' => $this->Author->get('password')), 'tbl_authors', " `id` = '" . $this->Author->get('id') . "'"); } $this->Cookie->set('username', $username); $this->Cookie->set('pass', $this->Author->get('password')); self::Database()->update(array('last_seen' => DateTimeObj::get('Y-m-d H:i:s')), 'tbl_authors', sprintf(" `id` = %d", $this->Author->get('id'))); return true; } } return false; }
/** * Attempts to log an Author in given a username and password. * If the password is not hashed, it will be hashed using the sha1 * algorithm. The username and password will be sanitized before * being used to query the Database. If an Author is found, they * will be logged in and the sanitized username and password (also hashed) * will be saved as values in the `$Cookie`. * * @see toolkit.Cryptography#hash() * @throws DatabaseException * @param string $username * The Author's username. This will be sanitized before use. * @param string $password * The Author's password. This will be sanitized and then hashed before use * @param boolean $isHash * If the password provided is already hashed, setting this parameter to * true will stop it becoming rehashed. By default it is false. * @return boolean * True if the Author was logged in, false otherwise */ public static function login($username, $password, $isHash = false) { $username = trim(self::Database()->cleanValue($username)); $password = trim(self::Database()->cleanValue($password)); if (strlen($username) > 0 && strlen($password) > 0) { $author = AuthorManager::fetch('id', 'ASC', 1, null, sprintf("`username` = '%s'", $username)); if (!empty($author) && Cryptography::compare($password, current($author)->get('password'), $isHash)) { self::$Author = current($author); // Only migrate hashes if there is no update available as the update might change the tbl_authors table. if (self::isUpgradeAvailable() === false && Cryptography::requiresMigration(self::$Author->get('password'))) { self::$Author->set('password', Cryptography::hash($password)); self::Database()->update(array('password' => self::$Author->get('password')), 'tbl_authors', sprintf(" `id` = %d", self::$Author->get('id'))); } self::$Cookie->set('username', $username); self::$Cookie->set('pass', self::$Author->get('password')); self::Database()->update(array('last_seen' => DateTimeObj::get('Y-m-d H:i:s')), 'tbl_authors', sprintf(" `id` = %d", self::$Author->get('id'))); // Only set custom author language in the backend if (class_exists('Administration', false)) { Lang::set(self::$Author->get('language')); } return true; } } return false; }