public function save()
{
$stmt = CW::$app->db->executeQuery("SELECT `password` FROM `users` WHERE `id` = {$this->userId}");
$result = $stmt->fetchAll(\PDO::FETCH_ASSOC);
$oldPass = 0 < count($result) ? $result[0]['password'] : null;
if (null === $oldPass) {
return false;
}
if ($this->newPassword === $this->confirmPassword && Security::verifyHash($this->oldPassword, $oldPass)) {
$stmt = CW::$app->db->prepare("UPDATE `users` SET `password` = :newPassword WHERE `id` = :userId");
return $stmt->execute([':newPassword' => Security::hash($this->newPassword), ':userId' => $this->userId]);
}
return false;
}
public function login($email, $password, $remember = false)
{
if ($this->isLogged()) {
return true;
}
$loginSuccess = false;
$stmt = \CW::$app->db->prepare('SELECT id, username, email, password, profile_img_id FROM `users` WHERE `email` = :email');
$stmt->execute([':email' => $email]);
$result = $stmt->fetchAll(\PDO::FETCH_ASSOC);
if (0 < count($result)) {
$result = $result[0];
$loginSuccess = \components\Security::verifyHash($password, $result['password']);
if ($loginSuccess) {
$this->_login($result['id'], $result['username'], $result['profile_img_id'], $remember);
}
}
return $loginSuccess;
}
public function dispatch($route)
{
if (is_string($route)) {
$route = $this->getPath($route);
}
$contrId = $contrName = $route['contr'];
$contrName[0] = chr(ord($contrName) ^ 32);
$action = $actionName = $route['action'];
$actionName[0] = chr(ord($actionName) ^ 32);
$controllerClass = "controllers\\{$contrName}Controller";
$classPath = CW::$app->params['sitePath'] . str_replace('\\', '/', $controllerClass) . '.php';
if (!file_exists($classPath)) {
throw new NotFoundException();
}
$controllerClass = "\\{$controllerClass}";
$this->controllerInst = new $controllerClass($contrId, $action);
$actionMethod = "do{$actionName}";
if (!$this->controllerInst->hasMethod($actionMethod)) {
throw new NotFoundException();
}
$rules = $this->controllerInst->rules();
$actionRules = isset($rules[$action]) ? $rules[$action] : (isset($rules['*']) ? $rules['*'] : null);
if (null !== $actionRules) {
if (isset($actionRules['response_type'])) {
$this->controllerInst->responseType = $actionRules['response_type'];
$this->response->setContentType($actionRules['response_type']);
}
if (isset($actionRules['methods']) && !in_array(strtolower($_SERVER['REQUEST_METHOD']), $actionRules['methods'])) {
throw new WrongMethodException();
}
if (isset($actionRules['roles']) && in_array(Controller::REQUIRED_LOGIN, $actionRules['roles']) && !$this->user->inRole($actionRules['roles'])) {
if (!$this->request->isAjax()) {
$this->controllerInst->forward('site/login');
return;
}
throw new ForbiddenException();
}
}
$this->controllerInst->beforeAction($action);
if ($this->controllerInst->hasCsrfValidation && (!$this->request->param('_csrf') || !Security::verifyHash($_SESSION['_csrf'], $this->request->param('_csrf')))) {
throw new ForbiddenException();
}
$view = $this->controllerInst->{$actionMethod}();
$this->renderView($view, $action, $contrName);
}