function logout()
{
fireEvent("Logout");
Acl::clearAcl();
Transaction::clear();
session_destroy();
}
function authenticate($blogid, $loginid, $password, $blogapi = false)
{
$session = array();
Acl::clearAcl();
$pool = DBModel::getInstance();
$blogApiPassword = Setting::getBlogSettingGlobal("blogApiPassword", "");
$pool->reset("Users");
if (strlen($password) == 32 && preg_match('/[0-9a-f]{32}/i', $password)) {
// Traditional md5 Raw login. ( with/without auth token)
$userid = User::getUserIdByEmail($loginid);
if (!empty($userid) && !is_null($userid)) {
$pool->reset('UserSettings');
$pool->setQualifier('userid', 'equals', intval($userid));
$pool->setQualifier('name', 'equals', 'AuthToken', true);
$authtoken = $query->getCell('value');
$pool->reset("Users");
if (!empty($authtoken) && $authtoken === $password) {
// If user requested auth token, use it to confirm.
$session['userid'] = $userid;
} else {
// login with md5 hash
$pool->setQualifier("password", "eq", md5($password), true);
}
} else {
return false;
}
} else {
if ($blogapi && !empty($blogApiPassword)) {
// BlogAPI login
$pool->setQualifierSet(array("password", "eq", md5($password), true), "OR", array($password, "eq", $blogApiPassword, true));
} else {
// Normal login
$pool->setQualifier("password", "eq", md5($password), true);
}
}
if (empty($session)) {
$pool->setQualifier("loginid", "eq", $loginid, true);
$session = $pool->getRow("userid, loginid");
}
if (empty($session)) {
/* You should compare return value with '=== false' which checks with variable types*/
return false;
}
$userid = $session['userid'];
Acl::authorize('textcube', $userid);
$pool->reset("Users");
$pool->setAttribute("lastlogin", Timestamp::getUNIXtime());
$pool->setQualifier("loginid", "eq", $loginid, true);
$pool->update();
// POD::execute("DELETE FROM {$database['prefix']}UserSettings WHERE userid = '$userid' AND name = 'AuthToken' LIMIT 1");
return $userid;
}
function authenticate($blogid, $loginid, $password, $blogapi = false)
{
global $database;
$session = array();
Acl::clearAcl();
$loginid = POD::escapeString($loginid);
$blogApiPassword = Setting::getBlogSettingGlobal("blogApiPassword", "");
if (strlen($password) == 32 && preg_match('/[0-9a-f]{32}/i', $password)) {
// Raw login. ( with/without auth token)
$userid = User::getUserIdByEmail($loginid);
if (!empty($userid) && !is_null($userid)) {
$query = DBModel::getInstance();
$query->reset('UserSettings');
$query->setQualifier('userid', 'equals', intval($userid));
$query->setQualifier('name', 'equals', 'AuthToken', true);
$authtoken = $query->getCell('value');
if (!empty($authtoken) && $authtoken === $password) {
// If user requested auth token, use it to confirm.
$session['userid'] = $userid;
} else {
// login with md5 hash
$secret = 'password = \'' . md5($password) . '\'';
}
} else {
return false;
}
} else {
if ($blogapi && !empty($blogApiPassword)) {
// BlogAPI login
$password = POD::escapeString($password);
$secret = '(password = \'' . md5($password) . '\' OR \'' . $password . '\' = \'' . $blogApiPassword . '\')';
} else {
// Normal login
$secret = 'password = \'' . md5($password) . '\'';
}
}
if (empty($session)) {
$session = POD::queryRow("SELECT userid, loginid, name FROM {$database['prefix']}Users WHERE loginid = '{$loginid}' AND {$secret}");
}
if (empty($session)) {
/* You should compare return value with '=== false' which checks with variable types*/
return false;
}
$userid = $session['userid'];
Acl::authorize('textcube', $userid);
POD::execute("UPDATE {$database['prefix']}Users SET lastlogin = "******" WHERE loginid = '{$loginid}'");
// POD::execute("DELETE FROM {$database['prefix']}UserSettings WHERE userid = '$userid' AND name = 'AuthToken' LIMIT 1");
return $userid;
}
