/** * Check the old pass is Ok or not * * @param array $attribute * @param array $params * @return boolean */ public function checkOldPass($attribute, $params) { $u = User::model()->findbyPk(user()->id); if ($u != null) { if (!PassHash::authenticate($this->old_password, $u->password)) { $this->addError($attribute, t('cms', 'Old password is not correct!')); return false; } } else { $this->addError($attribute, t('cms', 'No User Found!')); return false; } }
/** * This function check the user Authentication * * @return int */ public function authenticate() { // Check username based on email or username $username = strtolower($this->username); if (strpos($username, '@') !== false) { $user = User::model()->find('LOWER(email)=?', array($username)); } else { $user = User::model()->find('LOWER(username)=?', array($username)); } if ($user === null) { $this->errorCode = self::ERROR_USERNAME_INVALID; } else { if (!PassHash::authenticate($this->password, $user->password)) { $this->errorCode = self::ERROR_PASSWORD_INVALID; } else { if ($user->status == ConstantDefine::USER_STATUS_ACTIVE) { $this->_id = $user->user_id; $this->username = $user->username; //If the site allow auto Login, create token to recheck for Cookies if (Yii::app()->user->allowAutoLogin) { $autoLoginToken = sha1(uniqid(mt_rand(), true)); $this->setState('autoLoginToken', $autoLoginToken); $connection = Yii::app()->db; //delete old keys $command = $connection->createCommand('DELETE FROM {{autologin_tokens}} WHERE user_id=:user_id'); $command->bindValue(':user_id', $user->user_id, PDO::PARAM_STR); $command->execute(); //set new $command = $connection->createCommand('INSERT INTO {{autologin_tokens}}(user_id,token) VALUES(:user_id,:token)'); $command->bindValue(':user_id', $user->user_id, PDO::PARAM_STR); $command->bindValue(':token', $autoLoginToken, PDO::PARAM_STR); $command->execute(); } //Start to set the recent_login time for this user $user->recent_login = time(); $user->save(); //Set additional User Information //Set the Error Code to None for Success $this->errorCode = self::ERROR_NONE; } else { $this->errorCode = ConstantDefine::USER_ERROR_NOT_ACTIVE; } } } unset($user); return $this->errorCode; }