/**
* Check if the given password is the same as the one stored in this record.
* See {@link Member->checkPassword()}.
*
* @param String $password Cleartext password
* @return Boolean
*/
function checkPassword($password) {
$spec = Security::encrypt_password(
$password,
$this->Salt,
$this->PasswordEncryption
);
$e = $spec['encryptor'];
return $e->compare($this->Password, $spec['password']);
}
/**
* Event handler called before writing to the database.
*/
function onBeforeWrite()
{
if ($this->SetPassword) {
$this->Password = $this->SetPassword;
}
// If a member with the same "unique identifier" already exists with a different ID, don't allow merging.
// Note: This does not a full replacement for safeguards in the controller layer (e.g. in a registration form),
// but rather a last line of defense against data inconsistencies.
$identifierField = self::$unique_identifier_field;
if ($this->{$identifierField}) {
// Note: Same logic as Member_Validator class
$idClause = $this->ID ? sprintf(" AND \"Member\".\"ID\" <> %d", (int) $this->ID) : '';
$existingRecord = DataObject::get_one('Member', sprintf("\"%s\" = '%s' %s", $identifierField, Convert::raw2sql($this->{$identifierField}), $idClause));
if ($existingRecord) {
throw new ValidationException(new ValidationResult(false, sprintf(_t('Member.ValidationIdentifierFailed', 'Can\'t overwrite existing member #%d with identical identifier (%s = %s))', PR_MEDIUM, 'The values in brackets show a fieldname mapped to a value, usually denoting an existing email address'), $existingRecord->ID, $identifierField, $this->{$identifierField})));
}
}
// We don't send emails out on dev/tests sites to prevent accidentally spamming users.
// However, if TestMailer is in use this isn't a risk.
if ((Director::isLive() || Email::mailer() instanceof TestMailer) && $this->isChanged('Password') && $this->record['Password'] && Member::$notify_password_change) {
$this->sendInfo('changePassword');
}
// The test on $this->ID is used for when records are initially created.
// Note that this only works with cleartext passwords, as we can't rehash
// existing passwords.
if (!$this->ID && $this->Password || $this->isChanged('Password')) {
// Password was changed: encrypt the password according the settings
$encryption_details = Security::encrypt_password($this->Password, $this->Salt, $this->PasswordEncryption, $this);
// Overwrite the Password property with the hashed value
$this->Password = $encryption_details['password'];
$this->Salt = $encryption_details['salt'];
$this->PasswordEncryption = $encryption_details['algorithm'];
// If we haven't manually set a password expiry
if (!$this->isChanged('PasswordExpiry')) {
// then set it for us
if (self::$password_expiry_days) {
$this->PasswordExpiry = date('Y-m-d', time() + 86400 * self::$password_expiry_days);
} else {
$this->PasswordExpiry = null;
}
}
}
// save locale
if (!$this->Locale) {
$this->Locale = i18n::get_locale();
}
parent::onBeforeWrite();
}
/**
* Event handler called before writing to the database
*
* If an email's filled out look for a record with the same email and if
* found update this record to merge with that member.
*/
function onBeforeWrite()
{
if ($this->SetPassword) {
$this->Password = $this->SetPassword;
}
if ($this->Email) {
if ($this->ID) {
$idClause = "AND `Member`.ID <> {$this->ID}";
} else {
$idClause = "";
}
$existingRecord = DataObject::get_one("Member", "Email = '" . addslashes($this->Email) . "' {$idClause}");
// Debug::message("Found an existing member for email $this->Email");
if ($existingRecord) {
$newID = $existingRecord->ID;
if ($this->ID) {
DB::query("UPDATE Group_Members SET MemberID = {$newID} WHERE MemberID = {$this->ID}");
}
$this->ID = $newID;
// Merge existing data into the local record
foreach ($existingRecord->getAllFields() as $k => $v) {
if (!isset($this->changed[$k]) || !$this->changed[$k]) {
$this->record[$k] = $v;
}
}
}
}
if (Director::isLive() && isset($this->changed['Password']) && $this->changed['Password'] && $this->record['Password'] && Member::$notify_password_change) {
$this->sendInfo('changePassword');
}
if (isset($this->changed['Password']) && $this->changed['Password']) {
// Password was changed: encrypt the password according the settings
$encryption_details = Security::encrypt_password($this->Password);
$this->Password = $encryption_details['password'];
$this->Salt = $encryption_details['salt'];
$this->PasswordEncryption = $encryption_details['algorithm'];
$this->changed['Salt'] = true;
$this->changed['PasswordEncryption'] = true;
}
parent::onBeforeWrite();
}
/**
* Event handler called before writing to the database.
*/
public function onBeforeWrite()
{
if ($this->SetPassword) {
$this->Password = $this->SetPassword;
}
// If a member with the same "unique identifier" already exists with a different ID, don't allow merging.
// Note: This does not a full replacement for safeguards in the controller layer (e.g. in a registration form),
// but rather a last line of defense against data inconsistencies.
$identifierField = Member::config()->unique_identifier_field;
if ($this->{$identifierField}) {
// Note: Same logic as Member_Validator class
$filter = array("\"{$identifierField}\"" => $this->{$identifierField});
if ($this->ID) {
$filter[] = array('"Member"."ID" <> ?' => $this->ID);
}
$existingRecord = DataObject::get_one('Member', $filter);
if ($existingRecord) {
throw new ValidationException(ValidationResult::create(false, _t('Member.ValidationIdentifierFailed', 'Can\'t overwrite existing member #{id} with identical identifier ({name} = {value}))', 'Values in brackets show "fieldname = value", usually denoting an existing email address', array('id' => $existingRecord->ID, 'name' => $identifierField, 'value' => $this->{$identifierField}))));
}
}
// We don't send emails out on dev/tests sites to prevent accidentally spamming users.
// However, if TestMailer is in use this isn't a risk.
if ((Director::isLive() || Email::mailer() instanceof TestMailer) && $this->isChanged('Password') && $this->record['Password'] && $this->config()->notify_password_change) {
$e = Member_ChangePasswordEmail::create();
$e->populateTemplate($this);
$e->setTo($this->Email);
$e->send();
}
// The test on $this->ID is used for when records are initially created.
// Note that this only works with cleartext passwords, as we can't rehash
// existing passwords.
if (!$this->ID && $this->Password || $this->isChanged('Password')) {
// Password was changed: encrypt the password according the settings
$encryption_details = Security::encrypt_password($this->Password, $this->Salt, $this->PasswordEncryption ? $this->PasswordEncryption : Security::config()->password_encryption_algorithm, $this);
// Overwrite the Password property with the hashed value
$this->Password = $encryption_details['password'];
$this->Salt = $encryption_details['salt'];
$this->PasswordEncryption = $encryption_details['algorithm'];
// If we haven't manually set a password expiry
if (!$this->isChanged('PasswordExpiry')) {
// then set it for us
if (self::config()->password_expiry_days) {
$this->PasswordExpiry = date('Y-m-d', time() + 86400 * self::config()->password_expiry_days);
} else {
$this->PasswordExpiry = null;
}
}
}
// save locale
if (!$this->Locale) {
$this->Locale = i18n::get_locale();
}
parent::onBeforeWrite();
}
public function setLosenord($losenord)
{
$this->losenord = Security::encrypt_password($this->getId(), $losenord);
}
/**
* Check if the given password is the same as the one stored in this record
*/
function checkPassword($password)
{
$encryption_details = Security::encrypt_password($password, $this->Salt, $this->PasswordEncryption);
return $this->Password === $encryption_details['password'];
}
/**
* Försöker logga in med epost och lösenord.
* Om det lyckas så sparas data om vem som är inloggad, och ett Medlems-objekt returneras
*
* @global $db
* @param type $epost
* @param type $losenord
* @param type $cookie
* @return boolean
* @throws MedlemException
*/
public static function loggaIn($epost, $losenord, $cookie = false)
{
global $db;
$epost = Security::secure_postdata($epost);
$losenord = Security::secure_postdata($losenord);
if ($epost == "" || $losenord == "") {
return false;
}
$sql = "SELECT id\n\t\t\t\tFROM " . self::classToTable(get_class()) . " \n\t\t\t\tWHERE epost='{$epost}'";
$id = $db->value($sql);
if ($id == "") {
throw new MedlemException('E-postadressen kunde inte hittas', -13);
}
$medlem = Medlem::loadById($id);
if ($medlem->epostBekraftad == 0) {
throw new MedlemException('Kontot ej aktiverat', -15);
}
$losenordKrypterat = Security::encrypt_password($id, $losenord);
if ($losenordKrypterat == $medlem->getLosenord()) {
// Lyckad inloggning
$sessionId = self::generateSessionId();
$medlem->setSenastInloggad();
$medlem->setSessionId($sessionId);
$medlem->commit();
$_SESSION["mm_mid"] = $id;
$_SESSION["mm_sid"] = $sessionId;
if ($cookie) {
setcookie("mm_mid", $id, time() + 60 * 60 * 24 * 30, "/");
setcookie("mm_sid", $sessionId, time() + 60 * 60 * 24 * 30, "/");
}
//if foretags_id in db, try to log in as foretagsadmin
$fId = $medlem->getFadmin();
if ($fId > 0) {
$foretag = Foretag::loadById($fId);
$foretag->doubleLogIn($fId);
}
// if levelId is set (ie, the member used to be a pro), it gets reset to zero, and an exception is thrown (which leads to to the user being redirected to the buy page)
if ($medlem->getPaidUntil() < date("Y-m-d")) {
// && $medlem->getLevelId() > 0) { //old stuff removed by krillo 2011-01-19, always lock them out
$level = $medlem->getLevelId();
//$medlem->setLevelId(0);
//$medlem->commit();
throw new MedlemException('Medlemskap har gått ut', -19, $level);
}
return true;
} else {
throw new MedlemException("Felaktigt lösenord", -5);
}
}
public function setLosenord($losenord)
{
if (!$this->id) {
$this->commit();
}
$this->losenord = Security::encrypt_password($this->id, $losenord);
}
/**
* Event handler called before writing to the database.
*/
function onBeforeWrite() {
if($this->SetPassword) $this->Password = $this->SetPassword;
$identifierField = self::$unique_identifier_field;
if($this->$identifierField) {
$idClause = ($this->ID) ? " AND `Member`.ID <> $this->ID" : '';
$SQL_identifierField = Convert::raw2sql($this->$identifierField);
$existingRecord = DataObject::get_one('Member', "$identifierField = '{$SQL_identifierField}'{$idClause}");
if($existingRecord) {
$newID = $existingRecord->ID;
if($this->ID) {
DB::query("UPDATE Group_Members SET MemberID = $newID WHERE MemberID = $this->ID");
}
$this->ID = $newID;
// Merge existing data into the local record
foreach($existingRecord->getAllFields() as $k => $v) {
if(!isset($this->changed[$k]) || !$this->changed[$k]) $this->record[$k] = $v;
}
}
}
// We don't send emails out on dev/tests sites to prevent accidentally spamming users.
// However, if TestMailer is in use this isn't a risk.
if(
(Director::isLive() || Email::mailer() instanceof TestMailer)
&& isset($this->changed['Password'])
&& $this->changed['Password']
&& $this->record['Password']
&& Member::$notify_password_change
) {
$this->sendInfo('changePassword');
}
// The test on $this->ID is used for when records are initially created
if(!$this->ID || (isset($this->changed['Password']) && $this->changed['Password'])) {
// Password was changed: encrypt the password according the settings
$encryption_details = Security::encrypt_password($this->Password);
$this->Password = $encryption_details['password'];
$this->Salt = $encryption_details['salt'];
$this->PasswordEncryption = $encryption_details['algorithm'];
$this->changed['Salt'] = true;
$this->changed['PasswordEncryption'] = true;
// If we haven't manually set a password expiry
if(!isset($this->changed['PasswordExpiry']) || !$this->changed['PasswordExpiry']) {
// then set it for us
if(self::$password_expiry_days) {
$this->PasswordExpiry = date('Y-m-d', time() + 86400 * self::$password_expiry_days);
} else {
$this->PasswordExpiry = null;
}
}
}
// save locale
if(!$this->Locale) {
$this->Locale = i18n::get_locale();
}
parent::onBeforeWrite();
}
