/** * Authenticates a user. * The example implementation makes sure if the username and password * are both 'demo'. * In practical applications, this should be changed to authenticate * against some persistent user identity storage (e.g. database). * @return boolean whether authentication succeeds. */ public function authenticate() { if (strpos($this->username, "@")) { $user = User::model()->notsafe()->findByAttributes(array('email' => $this->username)); } else { $user = User::model()->notsafe()->findByAttributes(array('username' => $this->username)); } if ($user === null) { if (strpos($this->username, "@")) { $this->errorCode = self::ERROR_EMAIL_INVALID; } else { $this->errorCode = self::ERROR_USERNAME_INVALID; } } else { if (!PasswordHelper::verifyPassword($this->password, $user->password)) { $this->errorCode = self::ERROR_PASSWORD_INVALID; } else { if ($user->status == 0 && Yii::app()->getModule('user')->loginNotActiv == false) { $this->errorCode = self::ERROR_STATUS_NOTACTIV; } else { if ($user->status == -1) { $this->errorCode = self::ERROR_STATUS_BAN; } else { $this->_id = $user->id; $this->username = $user->username; $this->errorCode = self::ERROR_NONE; } } } } return !$this->errorCode; }
/** * Returns the JavaScript needed for performing client-side validation. * @param CModel $object the data object being validated * @param string $attribute the name of the attribute to be validated. * @return string the client-side validation script. * @see CActiveForm::enableClientValidation */ public function clientValidateAttribute($object, $attribute) { $phis = new PasswordHistory(); $passes = $phis->getHistory(Yii::app()->user->id); $condition = "1==2"; foreach ($passes as $pass) { $value = $object->{$attribute}; if (PasswordHelper::verifyPassword($value, $pass->password)) { $condition = "1==1"; $this->addError($object, $attribute, 'You can not use a password which you have already used!'); break; } } return "\n\tif(" . $condition . ") {\n\t\tmessages.push(" . CJSON::encode('your password is too weak, you fool!') . ");\n\t}\n\t"; }
/** * Verify Old Password */ public function verifyOldPassword($attribute, $params) { if (!PasswordHelper::verifyPassword($this->{$attribute}, User::model()->notsafe()->findByPk(Yii::app()->user->id)->password)) { $this->addError($attribute, UserModule::t("Old Password is incorrect.")); } }