/** * Reset password * * @param string $mail Subscriber mail * @param string $new_pwd Subscriber password * @return integer */ public function reset($mail, $new_pwd) { $id = $this->db->query_var('SELECT id FROM ' . $this->table . ' WHERE mail = ' . $this->db->escape(strtolower($mail))); if ($id) { $array = array('password' => X4Utils_helper::hashing($new_pwd)); $result = $this->update($id, $array); return intval($result[1]); } else { return 0; } }
/** * Register User profile * * @access private * @param array $_post _POST array * @return void */ private function profiling($_post) { $msg = null; // ther'is no permission check because each user can only change his profile // handle _post $post = array('lang' => $_post['lang'], 'username' => $_post['username'], 'description' => strip_tags($_post['description']), 'mail' => $_post['mail'], 'phone' => $_post['phone']); // check for password update if (!empty($_post['password'])) { $post['password'] = X4Utils_helper::hashing($_post['password']); } $user = new User_model(); // check if username or email address are already used by another user $check = (bool) $user->exists($post['username'], $post['mail'], $_SESSION['xuid']); if ($check) { $msg = AdmUtils_helper::set_msg($false, '', $this->dict->get_word('_USER_ALREADY_EXISTS', 'msg')); } else { // update profile $result = $user->update($_SESSION['xuid'], $post); // if user changes his password then send a reminder if ($result[1] && !empty($_post['password'])) { // build subject and message $s = array('DOMAIN', 'USERNAME', 'PASSWORD'); $r = array($this->site->site->domain, $_post['username'], $_post['password']); $subject = str_replace($s, $r, _SUBJECT_PROFILE); $msg = str_replace($s, $r, _MSG_PROFILE); $to = array(array('mail' => $_post['mail'], 'name' => $_post['username'])); // send X4Mailer_helper::mailto(MAIL, false, $subject, $msg, $to); } // set message $this->dict->get_words(); $msg = AdmUtils_helper::set_msg($result); // set update if ($result[1]) { $msg->update[] = array('element' => 'topic', 'url' => urldecode(BASE_URL . 'profile'), 'title' => null); } } $this->response($msg); }
/** * Perform login * * @param array $_post _POST array * @param integer $id_area Area ID * @return void */ public function do_login($_post, $id_area) { if ($_SESSION['failed'] < 5) { // fields to set in sessions $fields = array('mail' => 'mail', 'username' => 'username', 'id' => 'uid', 'last_in' => 'last_in'); // conditions $conditions = array('id_area' => $id_area, 'username' => $_post['username']); // remember me $conditions['password'] = isset($_post['hpwd']) && $_post['password'] == '12345678' ? $_post['hpwd'] : X4Utils_helper::hashing($_post['password']); // log in $login = X4Auth_helper::log_in('users', $conditions, $fields); if ($login) { $_SESSION['failed'] = 0; // post login operations $_SESSION['site'] = SITE; $_SESSION['id_area'] = $id_area; // set cookie for remember me if (isset($_post['remember_me'])) { setcookie(COOKIE . '_login', $conditions['username'] . '-' . $conditions['password'], time() + 2592000, '/', $_SERVER['HTTP_HOST']); } $mod = new X4Auth_model('users'); // log if (LOGS) { $mod->logger($_SESSION['uid'], $id_area, 'users', 'log in'); } $area = $mod->get_by_id($id_area, 'areas', 'name'); // redirect header('Location: ' . BASE_URL . $area->name); die; } else { // increase failure counter $_SESSION['failed']++; if (LOGS) { $mod = new X4Auth_model('users'); $mod->logger(0, $id_area, 'users', 'log in failed for ' . $_post['username']); } } } header('Location: ' . BASE_URL . 'login'); die; }
/** * Perform login * * @access private * @param array $_post _POST array * @return void */ private function do_login($_post) { // check failure counter if ($_SESSION['failed'] < 5) { // fields to set in sessions $fields = array('mail' => 'mail', 'username' => 'username', 'id' => 'xuid', 'lang' => 'lang', 'last_in' => 'last_in', 'level' => 'level'); // conditions $conditions = array('id_area' => 1, 'username' => $_post['username']); // remember me $conditions['password'] = isset($_post['hpwd']) && $_post['password'] == '12345678' ? $_post['hpwd'] : X4Utils_helper::hashing($_post['password']); // log in $login = X4Auth_helper::log_in('users', $conditions, $fields, true, true); if ($login) { // post login operations $_SESSION['site'] = SITE; $_SESSION['id_area'] = 1; // admin AREA ID // set cookie for remember me if (isset($_post['remember_me'])) { setcookie(COOKIE . '_login', $conditions['username'] . '-' . $conditions['password'], time() + 2592000, '/', $_SERVER['HTTP_HOST']); } // refactory permissions $mod = new Permission_model(); $mod->refactory($_SESSION['xuid']); // log if (LOGS) { $mod = new X4Auth_model('users'); $mod->logger($_SESSION['xuid'], 1, 'users', 'log in'); } // redirect header('Location: ' . $this->site->site->domain . '/' . $_SESSION['lang'] . '/admin'); die; } else { // increase failure counter $_SESSION['failed']++; if (LOGS) { $mod = new X4Auth_model('users'); $mod->logger(0, 1, 'users', 'log in failed for ' . $_post['username']); } } } // redirect header('Location: ' . BASE_URL . 'login'); die; }
/** * Register Edit / New User form data * (if 0 then is a new item) * @param integer $id item ID (if 0 then is a new item) * @param array $_post _POST array * @return void */ private function editing($id, $_post) { $msg = null; // check permission $msg = $id ? AdmUtils_helper::chk_priv_level($_SESSION['xuid'], 'users', $id, 2) : AdmUtils_helper::chk_priv_level($_SESSION['xuid'], '_user_creation', 0, 4); if (is_null($msg)) { // handle _post $post = array('lang' => $_post['lang'], 'id_group' => $_post['id_group'], 'username' => $_post['username'], 'description' => $_post['description'], 'mail' => $_post['mail'], 'phone' => $_post['phone'], 'level' => $_post['level']); // update password if (!empty($_post['password'])) { $post['password'] = X4Utils_helper::hashing($_post['password']); } // check if an user with the same username or password already exists $user = new User_model(); $check = (bool) $user->exists($post['username'], $post['mail'], $id); if ($check) { $msg = AdmUtils_helper::set_msg(false, '', $this->dict->get_word('_USER_ALREADY_EXISTS', 'msg')); } else { $perm = new Permission_model(); if ($id) { // update $result = $user->update($id, $post); // update user privileges on areas $perm->set_aprivs($id, $_post['domain']); // redirect $where = '/detail/' . $id; } else { // insert $result = $user->insert($post); // redirect $where = ''; if ($result[1]) { $id = $result[0]; // set privileges on areas $perm->set_aprivs($id, $_post['domain']); // add privs on new user $array[] = array('action' => 'insert', 'id_what' => $result[0], 'id_user' => $_SESSION['xuid'], 'level' => 4); $res = $perm->pexec('users', $array, $_post['id_area']); // refactory permissions for the user $perm->refactory($id); } } // set message $msg = AdmUtils_helper::set_msg($result); // set what update if ($result[1]) { $msg->update[] = array('element' => 'tdown', 'url' => BASE_URL . 'users' . $where, 'title' => null); } } } $this->response($msg); }