Esempio n. 1
0
 public function PasswordReset($UserID, $Password)
 {
     // Encrypt the password before saving
     $PasswordHash = new Gdn_PasswordHash();
     $Password = $PasswordHash->HashPassword($Password);
     $this->SQL->Update('User')->Set('Password', $Password)->Where('UserID', $UserID)->Put();
     $this->SaveAttribute($UserID, 'PasswordResetKey', '');
     return $this->Get($UserID);
 }
 /**
  * Signin process that multiple authentication methods.
  *
  * @access public
  * @since 2.0.0
  * @author Tim Gunter
  * 
  * @param string $Method
  * @param array $Arg1
  * @return string Rendered XHTML template.
  */
 public function SignIn($Method = FALSE, $Arg1 = FALSE)
 {
     Gdn::Session()->EnsureTransientKey();
     $this->AddJsFile('entry.js');
     $this->SetData('Title', T('Sign In'));
     $this->Form->AddHidden('Target', $this->Target());
     $this->Form->AddHidden('ClientHour', date('Y-m-d H:00'));
     // Use the server's current hour as a default.
     // Additional signin methods are set up with plugins.
     $Methods = array();
     $this->SetData('Methods', $Methods);
     $this->SetData('FormUrl', Url('entry/signin'));
     $this->FireEvent('SignIn');
     if ($this->Form->IsPostBack()) {
         $this->Form->ValidateRule('Email', 'ValidateRequired', sprintf(T('%s is required.'), T(UserModel::SigninLabelCode())));
         $this->Form->ValidateRule('Password', 'ValidateRequired');
         if (!$this->Request->IsAuthenticatedPostBack()) {
             $this->Form->AddError('Please try again.');
         }
         // Check the user.
         if ($this->Form->ErrorCount() == 0) {
             $Email = $this->Form->GetFormValue('Email');
             $User = Gdn::UserModel()->GetByEmail($Email);
             if (!$User) {
                 $User = Gdn::UserModel()->GetByUsername($Email);
             }
             if (!$User) {
                 $this->Form->AddError('@' . sprintf(T('User not found.'), strtolower(T(UserModel::SigninLabelCode()))));
             } else {
                 // Check the password.
                 $PasswordHash = new Gdn_PasswordHash();
                 $Password = $this->Form->GetFormValue('Password');
                 try {
                     $PasswordChecked = $PasswordHash->CheckPassword($Password, GetValue('Password', $User), GetValue('HashMethod', $User));
                     // Rate limiting
                     Gdn::UserModel()->RateLimit($User, $PasswordChecked);
                     if ($PasswordChecked) {
                         // Update weak passwords
                         $HashMethod = GetValue('HashMethod', $User);
                         if ($PasswordHash->Weak || $HashMethod && strcasecmp($HashMethod, 'Vanilla') != 0) {
                             $Pw = $PasswordHash->HashPassword($Password);
                             Gdn::UserModel()->SetField(GetValue('UserID', $User), array('Password' => $Pw, 'HashMethod' => 'Vanilla'));
                         }
                         Gdn::Session()->Start(GetValue('UserID', $User), TRUE, (bool) $this->Form->GetFormValue('RememberMe'));
                         if (!Gdn::Session()->CheckPermission('Garden.SignIn.Allow')) {
                             $this->Form->AddError('ErrorPermission');
                             Gdn::Session()->End();
                         } else {
                             $ClientHour = $this->Form->GetFormValue('ClientHour');
                             $HourOffset = Gdn::Session()->User->HourOffset;
                             if (is_numeric($ClientHour) && $ClientHour >= 0 && $ClientHour < 24) {
                                 $HourOffset = $ClientHour - date('G', time());
                             }
                             if ($HourOffset != Gdn::Session()->User->HourOffset) {
                                 Gdn::UserModel()->SetProperty(Gdn::Session()->UserID, 'HourOffset', $HourOffset);
                             }
                             Gdn::UserModel()->FireEvent('AfterSignIn');
                             $this->_SetRedirect();
                         }
                     } else {
                         $this->Form->AddError('Invalid password.');
                     }
                 } catch (Gdn_UserException $Ex) {
                     $this->Form->AddError($Ex);
                 }
             }
         }
     } else {
         if ($Target = $this->Request->Get('Target')) {
             $this->Form->AddHidden('Target', $Target);
         }
         $this->Form->SetValue('RememberMe', TRUE);
     }
     return $this->Render();
 }
Esempio n. 3
0
 public function InsertUserTable()
 {
     $UseCurrentPassword = $this->Data('UseCurrentPassword');
     if ($UseCurrentPassword) {
         $CurrentUser = $this->SQL->GetWhere('User', array('UserID' => Gdn::Session()->UserID))->FirstRow(DATASET_TYPE_ARRAY);
         $CurrentPassword = $CurrentUser['Password'];
         $CurrentHashMethod = $CurrentUser['HashMethod'];
     }
     // Delete the current user table.
     $this->SQL->Truncate('User');
     // Load the new user table.
     $UserTableInfo =& $this->Data['Tables']['User'];
     if (!$this->ImportExists('User', 'HashMethod')) {
         $this->_InsertTable('User', array('HashMethod' => $this->GetPasswordHashMethod()));
     } else {
         $this->_InsertTable('User');
     }
     $UserTableInfo['Inserted'] = TRUE;
     $AdminEmail = GetValue('OverwriteEmail', $this->Data);
     $SqlArgs = array(':Email' => $AdminEmail);
     $SqlSet = '';
     if ($UseCurrentPassword) {
         $SqlArgs[':Password'] = $CurrentPassword;
         $SqlArgs[':HashMethod'] = $CurrentHashMethod;
         $SqlSet = ', Password = :Password, HashMethod = :HashMethod';
     }
     // If doing a password reset, save out the new admin password:
     if (strcasecmp($this->GetPasswordHashMethod(), 'reset') == 0) {
         if (!isset($SqlArgs[':Password'])) {
             $PasswordHash = new Gdn_PasswordHash();
             $Hash = $PasswordHash->HashPassword(GetValue('OverwritePassword', $this->Data));
             $SqlSet .= ', Password = :Password, HashMethod = :HashMethod';
             $SqlArgs[':Password'] = $Hash;
             $SqlArgs[':HashMthod'] = 'Vanilla';
         }
         // Write it out.
         $this->Query("update :_User set Admin = 1{$SqlSet} where Email = :Email", $SqlArgs);
     } else {
         // Set the admin user flag.
         $this->Query("update :_User set Admin = 1{$SqlSet} where Email = :Email", $SqlArgs);
     }
     // Start the new session.
     $User = Gdn::UserModel()->GetByEmail(GetValue('OverwriteEmail', $this->Data));
     if (!$User) {
         $User = Gdn::UserModel()->GetByUsername(GetValue('OverwriteEmail', $this->Data));
     }
     $PasswordHash = new Gdn_PasswordHash();
     if ($this->Data('UseCurrentPassword') || $PasswordHash->CheckPassword(GetValue('OverwritePassword', $this->Data), GetValue('Password', $User), GetValue('HashMethod', $User))) {
         Gdn::Session()->Start(GetValue('UserID', $User), TRUE);
     }
     return TRUE;
 }
Esempio n. 4
0
 /**
  *
  *
  * @return bool
  */
 public function insertUserTable()
 {
     $CurrentUser = $this->SQL->getWhere('User', array('UserID' => Gdn::session()->UserID))->firstRow(DATASET_TYPE_ARRAY);
     $CurrentPassword = $CurrentUser['Password'];
     $CurrentHashMethod = $CurrentUser['HashMethod'];
     $CurrentTransientKey = gdn::session()->transientKey();
     // Delete the current user table.
     $this->SQL->Truncate('User');
     // Load the new user table.
     $UserTableInfo =& $this->Data['Tables']['User'];
     if (!$this->importExists('User', 'HashMethod')) {
         $this->_InsertTable('User', array('HashMethod' => $this->GetPasswordHashMethod()));
     } else {
         $this->_InsertTable('User');
     }
     $UserTableInfo['Inserted'] = true;
     $AdminEmail = val('OverwriteEmail', $this->Data);
     $SqlArgs = array(':Email' => $AdminEmail);
     $SqlSet = '';
     $SqlArgs[':Password'] = $CurrentPassword;
     $SqlArgs[':HashMethod'] = $CurrentHashMethod;
     $SqlSet = ', Password = :Password, HashMethod = :HashMethod';
     // If doing a password reset, save out the new admin password:
     if (strcasecmp($this->GetPasswordHashMethod(), 'reset') == 0) {
         if (!isset($SqlArgs[':Password'])) {
             $PasswordHash = new Gdn_PasswordHash();
             $Hash = $PasswordHash->HashPassword(val('OverwritePassword', $this->Data));
             $SqlSet .= ', Password = :Password, HashMethod = :HashMethod';
             $SqlArgs[':Password'] = $Hash;
             $SqlArgs[':HashMthod'] = 'Vanilla';
         }
         // Write it out.
         $this->query("update :_User set Admin = 1{$SqlSet} where Email = :Email", $SqlArgs);
     } else {
         // Set the admin user flag.
         $this->query("update :_User set Admin = 1{$SqlSet} where Email = :Email", $SqlArgs);
     }
     // Start the new session.
     $User = Gdn::userModel()->GetByEmail(val('OverwriteEmail', $this->Data));
     if (!$User) {
         $User = Gdn::userModel()->GetByUsername(val('OverwriteEmail', $this->Data));
     }
     Gdn::session()->start(val('UserID', $User), true);
     gdn::session()->transientKey($CurrentTransientKey);
     return true;
 }
 public function PasswordReset($UserID, $Password)
 {
     // Encrypt the password before saving
     $PasswordHash = new Gdn_PasswordHash();
     $Password = $PasswordHash->HashPassword($Password);
     $this->SQL->Update('User')->Set('Password', $Password)->Set('HashMethod', 'Vanilla')->Where('UserID', $UserID)->Put();
     $this->SaveAttribute($UserID, 'PasswordResetKey', '');
     $this->EventArguments['UserID'] = $UserID;
     $this->FireEvent('AfterPasswordReset');
     return $this->GetID($UserID);
 }
Esempio n. 6
0
 public function InsertUserTable()
 {
     // Delete the current user table.
     $this->Query('truncate table :_User');
     // Load the new user table.
     $UserTableInfo =& $this->Data['Tables']['User'];
     $this->_InsertTable('User', array('HashMethod' => $this->GetPasswordHashMethod()));
     $UserTableInfo['Inserted'] = TRUE;
     // Set the admin user flag.
     $AdminEmail = GetValue('OverwriteEmail', $this->Data);
     $this->Query('update :_User set Admin = 1 where Email = :Email', array(':Email' => $AdminEmail));
     // If doing a password reset, save out the new admin password:
     if (strcasecmp($this->GetPasswordHashMethod(), 'reset') == 0) {
         $PasswordHash = new Gdn_PasswordHash();
         $Hash = $PasswordHash->HashPassword(GetValue('OverwritePassword', $this->Data));
         // Write it out.
         $AdminEmail = GetValue('OverwriteEmail', $this->Data);
         $this->Query('update :_User set Admin = 1, Password = :Hash, HashMethod = "vanilla" where Email = :Email', array(':Hash' => $Hash, ':Email' => $AdminEmail));
     } else {
         // Set the admin user flag.
         $AdminEmail = GetValue('OverwriteEmail', $this->Data);
         $this->Query('update :_User set Admin = 1 where Email = :Email', array(':Email' => $AdminEmail));
     }
     // Authenticate the admin user as the current user.
     $PasswordAuth = Gdn::Authenticator()->AuthenticateWith('password');
     //$PasswordAuth->FetchData($PasswordAuth, array('Email' => GetValue('OverwriteEmail', $this->Data), 'Password' => GetValue('OverwritePassword', $this->Data)));
     $PasswordAuth->Authenticate(GetValue('OverwriteEmail', $this->Data), GetValue('OverwritePassword', $this->Data));
     Gdn::Session()->Start();
     return TRUE;
 }
 public function InsertUserTable()
 {
     $UserCurrentPassword = $this->Data('UseCurrentPassword');
     // Delete the current user table.
     $this->Query('truncate table :_User');
     // Load the new user table.
     $UserTableInfo =& $this->Data['Tables']['User'];
     $this->_InsertTable('User', array('HashMethod' => $this->GetPasswordHashMethod()));
     $UserTableInfo['Inserted'] = TRUE;
     $AdminEmail = GetValue('OverwriteEmail', $this->Data);
     $SqlArgs = array(':Email' => $AdminEmail);
     $SqlSet = '';
     if ($UserCurrentPassword) {
         $SqlArgs[':Password'] = Gdn::Session()->User->Password;
         $SqlArgs[':HashMethod'] = Gdn::Session()->User->HashMethod;
         $SqlSet = ', Password = :Password, HashMethod = :HashMethod';
     }
     // If doing a password reset, save out the new admin password:
     if (strcasecmp($this->GetPasswordHashMethod(), 'reset') == 0) {
         if (!isset($SqlArgs[':Password'])) {
             $PasswordHash = new Gdn_PasswordHash();
             $Hash = $PasswordHash->HashPassword(GetValue('OverwritePassword', $this->Data));
             $SqlSet .= ', Password = :Password, HashMethod = :HashMethod';
             $SqlArgs[':Password'] = $Hash;
             $SqlArgs[':HashMthod'] = 'Vanilla';
         }
         // Write it out.
         $this->Query("update :_User set Admin = 1{$SqlSet} where Email = :Email", $SqlArgs);
     } else {
         // Set the admin user flag.
         $this->Query("update :_User set Admin = 1{$SqlSet} where Email = :Email", $SqlArgs);
     }
     // Authenticate the admin user as the current user.
     $PasswordAuth = Gdn::Authenticator()->AuthenticateWith('password');
     //$PasswordAuth->FetchData($PasswordAuth, array('Email' => GetValue('OverwriteEmail', $this->Data), 'Password' => GetValue('OverwritePassword', $this->Data)));
     $PasswordAuth->Authenticate(GetValue('OverwriteEmail', $this->Data), GetValue('OverwritePassword', $this->Data));
     Gdn::Session()->Start();
     return TRUE;
 }