/**
* Get a CSRF Token value as stored in the session, or create one if it doesn't yet exist
*
* @param int|string|null $id Optional unique ID for this token
* @return string
*
*/
public function getTokenValue($id = '')
{
$tokenName = $this->getTokenName($id);
$tokenValue = $this->session->get($this, $tokenName);
if (empty($tokenValue)) {
// $tokenValue = md5($this->page->path() . mt_rand() . microtime()) . md5($this->page->name . $this->config->userAuthSalt . mt_rand());
$pass = new Password();
$tokenValue = $pass->randomBase64String(32);
$this->session->set($this, $tokenName, $tokenValue);
}
return $tokenValue;
}
/**
* Login a user with the given name and password
*
* Also sets them to the current user
*
* @param string $name
* @param string $pass Raw, non-hashed password
* @return User Return the $user if the login was successful or null if not.
*
*/
public function ___login($name, $pass)
{
$name = $this->wire('sanitizer')->pageName($name);
if (!$this->allowLogin($name)) {
$this->loginFailure($name, "User is not allowed to login");
return null;
}
$user = strlen($name) ? $this->wire('users')->get("name={$name}") : null;
if ($user && $user->id && $user->id != $this->wire('config')->guestUserPageID && $this->authenticate($user, $pass)) {
$this->trackChange('login', $this->wire('user'), $user);
session_regenerate_id(true);
$this->set('_user', 'id', $user->id);
$this->set('_user', 'ts', time());
if ($this->config->sessionChallenge) {
// create new challenge
$pass = new Password();
$challenge = $pass->randomBase64String(32);
$this->set('_user', 'challenge', $challenge);
// set challenge cookie to last 30 days (should be longer than any session would feasibly last)
setcookie(session_name() . '_challenge', $challenge, time() + 60 * 60 * 24 * 30, '/', null, false, true);
}
if ($this->config->sessionFingerprint) {
// remember a fingerprint that tracks the user's IP and user agent
$this->set('_user', 'fingerprint', $this->getFingerprint());
}
$this->setFuel('user', $user);
$this->get('CSRF')->resetAll();
$this->loginSuccess($user);
return $user;
} else {
if (!$user || !$user->id) {
$reason = "Unknown user: {$name}";
} else {
if ($user->id == $this->wire('config')->guestUserPageID) {
$reason = "Guest user may not login";
} else {
$reason = "Invalid password";
}
}
$this->loginFailure($name, $reason);
}
return null;
}
/**
* Login a user with the given name and password
*
* Also sets them to the current user
*
* @param string $name
* @param string $pass Raw, non-hashed password
* @return User Return the $user if the login was successful or null if not.
*
*/
public function ___login($name, $pass)
{
if (!$this->allowLogin($name)) {
return null;
}
$name = $this->wire('sanitizer')->username($name);
$user = $this->wire('users')->get("name={$name}");
if ($user->id && $this->authenticate($user, $pass)) {
$this->trackChange('login', $this->wire('user'), $user);
session_regenerate_id(true);
$this->set('_user', 'id', $user->id);
$this->set('_user', 'ts', time());
if ($this->config->sessionChallenge) {
// create new challenge
$pass = new Password();
$challenge = $pass->randomBase64String(32);
$this->set('_user', 'challenge', $challenge);
// set challenge cookie to last 30 days (should be longer than any session would feasibly last)
setcookie(session_name() . '_challenge', $challenge, time() + 60 * 60 * 24 * 30, '/', null, false, true);
}
if ($this->config->sessionFingerprint) {
// remember a fingerprint that tracks the user's IP and user agent
$this->set('_user', 'fingerprint', md5($this->getIP(true) . $_SERVER['HTTP_USER_AGENT']));
}
$this->setFuel('user', $user);
$this->get('CSRF')->resetAll();
$this->loginSuccess($user);
return $user;
}
return null;
}
