/**
* The main authentication mechanism, checks username and password against the database and logs the user in on a successful authenitcation request.
* @author Bobby Allen (ballen@bobbyallen.me)
* @global db_driver $zdbh The ZPX database handle.
* @param string $username The username to use to authenticate with.
* @param string $password The password to use to authenticate with.
* @param bool $rememberme Remember the password for 30 days? (true/false)
* @param bool $checkingcookie The authentication request has come from a set cookie.
* @return mixed Returns 'false' if the authentication fails otherwise will return the user ID.
*/
static function Authenticate($username, $password, $rememberme = false, $iscookie = false, $sessionSecuirty)
{
global $zdbh;
$sqlString = "SELECT * FROM\n x_accounts WHERE\n ac_user_vc = :username AND\n ac_pass_vc = :password AND\n ac_enabled_in = 1 AND\n ac_deleted_ts IS NULL";
$bindArray = array(':username' => $username, ':password' => $password);
$zdbh->bindQuery($sqlString, $bindArray);
$row = $zdbh->returnRow();
if ($row) {
//Disabled till zpanel 10.0.3
//runtime_sessionsecurity::sessionRegen();
ctrl_auth::SetUserSession($row['ac_id_pk'], $sessionSecuirty);
$log_logon = $zdbh->prepare("UPDATE x_accounts SET ac_lastlogon_ts=" . time() . " WHERE ac_id_pk=" . $row['ac_id_pk'] . "");
$log_logon->execute();
if ($rememberme) {
setcookie("zUser", $username, time() + 60 * 60 * 24 * 30, "/");
setcookie("zPass", $password, time() + 60 * 60 * 24 * 30, "/");
//setcookie("zSec", $sessionSecuirty, time() + 60 * 60 * 24 * 30, "/");
}
runtime_hook::Execute('OnGoodUserLogin');
return $row['ac_id_pk'];
} else {
runtime_hook::Execute('OnBadUserLogin');
return false;
}
}
global $controller, $zdbh, $zlo;
$controller = new runtime_controller();
$zlo->method = ctrl_options::GetSystemOption('logmode');
if ($zlo->hasInfo()) {
$zlo->writeLog();
$zlo->reset();
}
if (isset($_GET['logout'])) {
ctrl_auth::KillSession();
ctrl_auth::KillCookies();
header("location: ./?loggedout");
exit;
}
if (isset($_GET['returnsession'])) {
if (isset($_SESSION['ruid'])) {
ctrl_auth::SetUserSession($_SESSION['ruid'], runtime_sessionsecurity::getSessionSecurityEnabled());
$_SESSION['ruid'] = null;
}
header("location: ./");
exit;
}
if (isset($_POST['inForgotPassword'])) {
runtime_csfr::Protect();
$randomkey = runtime_randomstring::randomHash();
$forgotPass = runtime_xss::xssClean($_POST['inForgotPassword']);
$sth = $zdbh->prepare("SELECT ac_id_pk, ac_user_vc, ac_email_vc FROM x_accounts WHERE ac_email_vc = :forgotPass");
$sth->bindParam(':forgotPass', $forgotPass);
$sth->execute();
$rows = $sth->fetchAll();
if ($rows) {
$result = $rows['0'];
static function doShadowUser()
{
global $zdbh;
global $controller;
runtime_csfr::Protect();
$currentuser = ctrl_users::GetUserDetail();
if ($currentuser['username'] == 'zadmin') {
$sql = "SELECT * FROM x_accounts WHERE ac_deleted_ts IS NULL ORDER BY ac_user_vc";
$numrows = $zdbh->prepare($sql);
} else {
$sql = "SELECT * FROM x_accounts WHERE ac_reseller_fk = :userid AND ac_deleted_ts IS NULL";
$numrows = $zdbh->prepare($sql);
$numrows->bindParam(':userid', $currentuser['userid']);
}
if ($numrows->execute()) {
if ($numrows->fetchColumn() != 0) {
$sql = $zdbh->prepare($sql);
if ($currentuser['username'] == 'zadmin') {
//no bind needed
} else {
//bind the username
$sql->bindParam(':userid', $currentuser['userid']);
}
$sql->execute();
while ($rowclients = $sql->fetch()) {
if (!fs_director::CheckForEmptyValue($controller->GetControllerRequest('FORM', 'inShadow_' . $rowclients['ac_id_pk']))) {
ctrl_auth::KillCookies();
ctrl_auth::SetSession('ruid', $currentuser['userid']);
ctrl_auth::SetUserSession($rowclients['ac_id_pk'], runtime_sessionsecurity::getSessionSecurityEnabled());
header("location: /");
exit;
}
}
}
}
}
