/**
* Does some house keeping work when a log in has failed.
*
* @param mixed $userID
* @param string $login
*/
protected static function loginFailed($userID = false, $login)
{
$loginEscaped = eZDB::instance()->escapeString($login);
// Failed login attempts should be logged
eZAudit::writeAudit('user-failed-login', array('User login' => $loginEscaped, 'Comment' => 'Failed login attempt: eZUser::loginUser()'));
// Increase number of failed login attempts.
if ($userID) {
eZUser::setFailedLoginAttempts($userID);
}
}
}
if (eZOperationHandler::operationIsAvailable('user_setsettings')) {
$operationResult = eZOperationHandler::execute('user', 'setsettings', array('user_id' => $UserID, 'is_enabled' => $isEnabled, 'max_login' => $maxLogin));
} else {
eZUserOperationCollection::setSettings($UserID, $isEnabled, $maxLogin);
}
$Module->redirectTo('/content/view/full/' . $userObject->attribute('main_node_id'));
return;
}
if ($http->hasPostVariable("CancelSettingButton")) {
$Module->redirectTo('/content/view/full/' . $userObject->attribute('main_node_id'));
return;
}
if ($http->hasPostVariable("ResetFailedLoginButton")) {
// Reset number of failed login attempts
eZUser::setFailedLoginAttempts($UserID, 0, true);
}
$failedLoginAttempts = $user->failedLoginAttempts();
$maxFailedLoginAttempts = eZUser::maxNumberOfFailedLogin();
$Module->setTitle("Edit user settings");
// Template handling
$tpl = eZTemplate::factory();
$tpl->setVariable("module", $Module);
$tpl->setVariable("http", $http);
$tpl->setVariable("userID", $UserID);
$tpl->setVariable("user", $user);
$tpl->setVariable("userSetting", $userSetting);
$tpl->setVariable("failed_login_attempts", $failedLoginAttempts);
$tpl->setVariable("max_failed_login_attempts", $maxFailedLoginAttempts);
$Result = array();
$Result['content'] = $tpl->fetch("design:user/setting.tpl");
static function publishUpdateUser($parentNodeIDs, $defaultUserPlacement, $userAttributes, $isUtf8Encoding = false)
{
if (!is_array($userAttributes) or !isset($userAttributes['login']) or empty($userAttributes['login'])) {
eZDebug::writeWarning('Empty user login passed.', __METHOD__);
return false;
}
if ((!is_array($parentNodeIDs) or count($parentNodeIDs) < 1) and !is_numeric($defaultUserPlacement)) {
eZDebug::writeWarning('No one parent node IDs was passed for publishing new user (login = "******")', __METHOD__);
return false;
}
$parentNodeIDs[] = $defaultUserPlacement;
$parentNodeIDs = array_unique($parentNodeIDs);
$login = $userAttributes['login'];
$first_name = $userAttributes['first_name'];
$last_name = $userAttributes['last_name'];
$email = $userAttributes['email'];
if ($isUtf8Encoding) {
$first_name = utf8_decode($first_name);
$last_name = utf8_decode($last_name);
}
$user = eZUser::fetchByName($login);
$createNewUser = is_object($user) ? false : true;
if ($createNewUser) {
if (!isset($first_name) or empty($first_name) or !isset($last_name) or empty($last_name) or !isset($email) or empty($email)) {
eZDebug::writeWarning('Cannot create user with empty first name (last name or email).', __METHOD__);
return false;
}
$ini = eZINI::instance();
$userClassID = $ini->variable("UserSettings", "UserClassID");
$userCreatorID = $ini->variable("UserSettings", "UserCreatorID");
$defaultSectionID = $ini->variable("UserSettings", "DefaultSectionID");
$class = eZContentClass::fetch($userClassID);
$contentObject = $class->instantiate($userCreatorID, $defaultSectionID);
$contentObject->store();
$userID = $contentObjectID = $contentObject->attribute('id');
$version = $contentObject->version(1);
$version->setAttribute('modified', time());
$version->setAttribute('status', eZContentObjectVersion::STATUS_DRAFT);
$version->store();
$user = eZLDAPUser::create($userID);
$user->setAttribute('login', $login);
} else {
$userID = $contentObjectID = $user->attribute('contentobject_id');
$contentObject = eZContentObject::fetch($userID);
$version = $contentObject->attribute('current');
}
//================= common part 1: start ========================
$contentObjectAttributes = $version->contentObjectAttributes();
// find and set 'name' and 'description' attributes (as standard user group class)
$firstNameIdentifier = 'first_name';
$lastNameIdentifier = 'last_name';
$firstNameAttribute = null;
$lastNameAttribute = null;
foreach ($contentObjectAttributes as $attribute) {
if ($attribute->attribute('contentclass_attribute_identifier') == $firstNameIdentifier) {
$firstNameAttribute = $attribute;
} else {
if ($attribute->attribute('contentclass_attribute_identifier') == $lastNameIdentifier) {
$lastNameAttribute = $attribute;
}
}
}
//================= common part 1: end ==========================
// If we are updating an existing user, we must find out if some data should be changed.
// In that case, we must create a new version and publish it.
if (!$createNewUser) {
$userDataChanged = false;
$firstNameChanged = false;
$lastNameChanged = false;
$emailChanged = false;
if ($firstNameAttribute and $firstNameAttribute->attribute('data_text') != $first_name) {
$firstNameChanged = true;
}
$firstNameAttribute = false;
// We will load this again from the new version we will create, if it has changed
if ($lastNameAttribute and $lastNameAttribute->attribute('data_text') != $last_name) {
$lastNameChanged = true;
}
$lastNameAttribute = false;
// We will load this again from the new version we will create, if it has changed
if ($user->attribute('email') != $email) {
$emailChanged = true;
}
if ($firstNameChanged or $lastNameChanged or $emailChanged) {
$userDataChanged = true;
// Create new version
$version = $contentObject->createNewVersion();
$contentObjectAttributes = $version->contentObjectAttributes();
foreach ($contentObjectAttributes as $attribute) {
if ($attribute->attribute('contentclass_attribute_identifier') == $firstNameIdentifier) {
$firstNameAttribute = $attribute;
} else {
if ($attribute->attribute('contentclass_attribute_identifier') == $lastNameIdentifier) {
$lastNameAttribute = $attribute;
}
}
}
}
}
//================= common part 2: start ========================
if ($firstNameAttribute) {
$firstNameAttribute->setAttribute('data_text', $first_name);
$firstNameAttribute->store();
}
if ($lastNameAttribute) {
$lastNameAttribute->setAttribute('data_text', $last_name);
$lastNameAttribute->store();
}
if (!isset($userDataChanged) or $userDataChanged === true) {
$contentClass = $contentObject->attribute('content_class');
$name = $contentClass->contentObjectName($contentObject);
$contentObject->setName($name);
}
if (!isset($emailChanged) or $emailChanged === true) {
$user->setAttribute('email', $email);
}
$user->setAttribute('password_hash', "");
$user->setAttribute('password_hash_type', 0);
$user->store();
$debugArray = array('Updating user data', 'createNewUser' => $createNewUser, 'userDataChanged' => isset($userDataChanged) ? $userDataChanged : null, 'login' => $login, 'first_name' => $first_name, 'last_name' => $last_name, 'email' => $email, 'firstNameAttribute is_object' => is_object($firstNameAttribute), 'lastNameAttribute is_object' => is_object($lastNameAttribute), 'content object id' => $contentObjectID, 'version id' => $version->attribute('version'));
eZDebug::writeNotice(var_export($debugArray, true), __METHOD__);
//================= common part 2: end ==========================
if ($createNewUser) {
reset($parentNodeIDs);
// prepare node assignments for publishing new user
foreach ($parentNodeIDs as $parentNodeID) {
$newNodeAssignment = eZNodeAssignment::create(array('contentobject_id' => $contentObjectID, 'contentobject_version' => 1, 'parent_node' => $parentNodeID, 'parent_remote_id' => uniqid('LDAP_'), 'is_main' => $defaultUserPlacement == $parentNodeID ? 1 : 0));
$newNodeAssignment->store();
}
$operationResult = eZOperationHandler::execute('content', 'publish', array('object_id' => $contentObjectID, 'version' => 1));
} else {
if ($userDataChanged) {
// Publish object
$operationResult = eZOperationHandler::execute('content', 'publish', array('object_id' => $contentObjectID, 'version' => $version->attribute('version')));
// Refetch object
$contentObject = eZContentObject::fetch($contentObjectID);
$version = $contentObject->attribute('current');
}
$LDAPIni = eZINI::instance('ldap.ini');
$keepGroupAssignment = $LDAPIni->hasVariable('LDAPSettings', 'KeepGroupAssignment') ? $LDAPIni->variable('LDAPSettings', 'KeepGroupAssignment') == "enabled" : false;
if ($keepGroupAssignment == false) {
$objectIsChanged = false;
$db = eZDB::instance();
$db->begin();
// First check existing assignments, remove any that should not exist
$assignedNodesList = $contentObject->assignedNodes();
$existingParentNodeIDs = array();
foreach ($assignedNodesList as $node) {
$parentNodeID = $node->attribute('parent_node_id');
if (!in_array($parentNodeID, $parentNodeIDs)) {
$node->removeThis();
$objectIsChanged = true;
} else {
$existingParentNodeIDs[] = $parentNodeID;
}
}
// Then check assignments that should exist, add them if they are missing
foreach ($parentNodeIDs as $parentNodeID) {
if (!in_array($parentNodeID, $existingParentNodeIDs)) {
$newNode = $contentObject->addLocation($parentNodeID, true);
$newNode->updateSubTreePath();
$newNode->setAttribute('contentobject_is_published', 1);
$newNode->sync();
$existingParentNodeIDs[] = $parentNodeID;
$objectIsChanged = true;
}
}
// Then ensure that the main node is correct
$currentMainParentNodeID = $contentObject->attribute('main_parent_node_id');
if ($currentMainParentNodeID != $defaultUserPlacement) {
$existingNode = eZContentObjectTreeNode::fetchNode($contentObjectID, $defaultUserPlacement);
if (!is_object($existingNode)) {
eZDebug::writeError("Cannot find assigned node as {$defaultUserPlacement}'s child.", __METHOD__);
} else {
$existingNodeID = $existingNode->attribute('node_id');
$versionNum = $version->attribute('version');
eZContentObjectTreeNode::updateMainNodeID($existingNodeID, $contentObjectID, $versionNum, $defaultUserPlacement);
$objectIsChanged = true;
}
}
$db->commit();
// Finally, clear object view cache if something was changed
if ($objectIsChanged) {
eZContentCacheManager::clearObjectViewCache($contentObjectID, true);
}
}
}
eZUser::updateLastVisit($userID);
//eZUser::setCurrentlyLoggedInUser( $user, $userID );
// Reset number of failed login attempts
eZUser::setFailedLoginAttempts($userID, 0);
return $user;
}
static function loginUser($login, $password, $authenticationMatch = false)
{
$http = eZHTTPTool::instance();
$db = eZDB::instance();
if ($authenticationMatch === false) {
$authenticationMatch = eZUser::authenticationMatch();
}
$loginEscaped = $db->escapeString($login);
$passwordEscaped = $db->escapeString($password);
$loginArray = array();
if ($authenticationMatch & eZUser::AUTHENTICATE_LOGIN) {
$loginArray[] = "login='******'";
}
if ($authenticationMatch & eZUser::AUTHENTICATE_EMAIL) {
$loginArray[] = "email='{$loginEscaped}'";
}
if (count($loginArray) == 0) {
$loginArray[] = "login='******'";
}
$loginText = implode(' OR ', $loginArray);
$contentObjectStatus = eZContentObject::STATUS_PUBLISHED;
$ini = eZINI::instance();
$textFileIni = eZINI::instance('textfile.ini');
$databaseName = $db->databaseName();
// if mysql
if ($databaseName === 'mysql') {
$query = "SELECT contentobject_id, password_hash, password_hash_type, email, login\n FROM ezuser, ezcontentobject\n WHERE ( {$loginText} ) AND\n ezcontentobject.status='{$contentObjectStatus}' AND\n ( ezcontentobject.id=contentobject_id OR ( password_hash_type=4 AND ( {$loginText} ) AND password_hash=PASSWORD('{$passwordEscaped}') ) )";
} else {
$query = "SELECT contentobject_id, password_hash, password_hash_type, email, login\n FROM ezuser, ezcontentobject\n WHERE ( {$loginText} ) AND\n ezcontentobject.status='{$contentObjectStatus}' AND\n ezcontentobject.id=contentobject_id";
}
$users = $db->arrayQuery($query);
$exists = false;
if (count($users) >= 1) {
foreach ($users as $userRow) {
$userID = $userRow['contentobject_id'];
$hashType = $userRow['password_hash_type'];
$hash = $userRow['password_hash'];
$exists = eZUser::authenticateHash($userRow['login'], $password, eZUser::site(), $hashType, $hash);
// If hash type is MySql
if ($hashType == eZUser::PASSWORD_HASH_MYSQL and $databaseName === 'mysql') {
$queryMysqlUser = "******";
$mysqlUsers = $db->arrayQuery($queryMysqlUser);
if (count($mysqlUsers) >= 1) {
$exists = true;
}
}
eZDebugSetting::writeDebug('kernel-user', eZUser::createHash($userRow['login'], $password, eZUser::site(), $hashType), "check hash");
eZDebugSetting::writeDebug('kernel-user', $hash, "stored hash");
// If current user has been disabled after a few failed login attempts.
$canLogin = eZUser::isEnabledAfterFailedLogin($userID);
if ($exists) {
// We should store userID for warning message.
$GLOBALS['eZFailedLoginAttemptUserID'] = $userID;
$userSetting = eZUserSetting::fetch($userID);
$isEnabled = $userSetting->attribute("is_enabled");
if ($hashType != eZUser::hashType() and strtolower($ini->variable('UserSettings', 'UpdateHash')) == 'true') {
$hashType = eZUser::hashType();
$hash = eZUser::createHash($login, $password, eZUser::site(), $hashType);
$db->query("UPDATE ezuser SET password_hash='{$hash}', password_hash_type='{$hashType}' WHERE contentobject_id='{$userID}'");
}
break;
}
}
}
if ($exists and $isEnabled and $canLogin) {
eZDebugSetting::writeDebug('kernel-user', $userRow, 'user row');
$user = new eZUser($userRow);
eZDebugSetting::writeDebug('kernel-user', $user, 'user');
$userID = $user->attribute('contentobject_id');
eZUser::updateLastVisit($userID);
eZUser::setCurrentlyLoggedInUser($user, $userID);
// Reset number of failed login attempts
eZUser::setFailedLoginAttempts($userID, 0);
return $user;
} else {
if ($textFileIni->variable('TextFileSettings', 'TextFileEnabled') == "true") {
$fileName = $textFileIni->variable('TextFileSettings', 'FileName');
$filePath = $textFileIni->variable('TextFileSettings', 'FilePath');
$defaultUserPlacement = $ini->variable("UserSettings", "DefaultUserPlacement");
$separator = $textFileIni->variable("TextFileSettings", "FileFieldSeparator");
$loginColumnNr = $textFileIni->variable("TextFileSettings", "LoginAttribute");
$passwordColumnNr = $textFileIni->variable("TextFileSettings", "PasswordAttribute");
$emailColumnNr = $textFileIni->variable("TextFileSettings", "EmailAttribute");
$lastNameColumnNr = $textFileIni->variable("TextFileSettings", "LastNameAttribute");
$firstNameColumnNr = $textFileIni->variable("TextFileSettings", "FirstNameAttribute");
if ($textFileIni->hasVariable('TextFileSettings', 'DefaultUserGroupType')) {
$UserGroupType = $textFileIni->variable('TextFileSettings', 'DefaultUserGroupType');
$UserGroup = $textFileIni->variable('TextFileSettings', 'DefaultUserGroup');
}
if ($UserGroupType != null) {
if ($UserGroupType == "name") {
$groupName = $UserGroup;
$groupQuery = "SELECT ezcontentobject_tree.node_id\n FROM ezcontentobject, ezcontentobject_tree\n WHERE ezcontentobject.name='{$groupName}'\n AND ezcontentobject.id=ezcontentobject_tree.contentobject_id";
$groupObject = $db->arrayQuery($groupQuery);
if (count($groupObject) > 0) {
$defaultUserPlacement = $groupObject[0]['node_id'];
}
} else {
if ($UserGroupType == "id") {
$groupID = $UserGroup;
$groupQuery = "SELECT ezcontentobject_tree.node_id\n FROM ezcontentobject, ezcontentobject_tree\n WHERE ezcontentobject.id='{$groupID}'\n AND ezcontentobject.id=ezcontentobject_tree.contentobject_id";
$groupObject = $db->arrayQuery($groupQuery);
if (count($groupObject) > 0) {
$defaultUserPlacement = $groupObject[0]['node_id'];
}
}
}
}
if ($filePath != "root" and $filePath != null) {
$fileName = $filePath . "/" . $fileName;
}
if (file_exists($fileName)) {
$handle = fopen($fileName, "r");
} else {
// Increase number of failed login attempts.
if (isset($userID)) {
eZUser::setFailedLoginAttempts($userID);
}
return false;
}
while (!feof($handle)) {
$line = trim(fgets($handle, 4096));
if ($line === '') {
continue;
}
if ($separator == "tab") {
$userArray = explode("\t", $line);
} else {
$userArray = explode($separator, $line);
}
$uid = $userArray[$loginColumnNr - 1];
$email = $userArray[$emailColumnNr - 1];
$pass = $userArray[$passwordColumnNr - 1];
$firstName = $userArray[$firstNameColumnNr - 1];
$lastName = $userArray[$lastNameColumnNr - 1];
if ($login == $uid) {
if (trim($pass) == $password) {
$createNewUser = true;
$existUser = eZUser::fetchByName($login);
if ($existUser != null) {
$createNewUser = false;
}
if ($createNewUser) {
$userClassID = $ini->variable("UserSettings", "UserClassID");
$userCreatorID = $ini->variable("UserSettings", "UserCreatorID");
$defaultSectionID = $ini->variable("UserSettings", "DefaultSectionID");
$remoteID = "TextFile_" . $login;
$db->begin();
// The content object may already exist if this process has failed once before, before the eZUser object was created.
// Therefore we try to fetch the eZContentObject before instantiating it.
$contentObject = eZContentObject::fetchByRemoteID($remoteID);
if (!is_object($contentObject)) {
$class = eZContentClass::fetch($userClassID);
$contentObject = $class->instantiate($userCreatorID, $defaultSectionID);
}
$contentObject->setAttribute('remote_id', $remoteID);
$contentObject->store();
$contentObjectID = $contentObject->attribute('id');
$userID = $contentObjectID;
$nodeAssignment = eZNodeAssignment::create(array('contentobject_id' => $contentObjectID, 'contentobject_version' => 1, 'parent_node' => $defaultUserPlacement, 'is_main' => 1));
$nodeAssignment->store();
$version = $contentObject->version(1);
$version->setAttribute('modified', time());
$version->setAttribute('status', eZContentObjectVersion::STATUS_DRAFT);
$version->store();
$contentObjectID = $contentObject->attribute('id');
$contentObjectAttributes = $version->contentObjectAttributes();
$contentObjectAttributes[0]->setAttribute('data_text', $firstName);
$contentObjectAttributes[0]->store();
$contentObjectAttributes[1]->setAttribute('data_text', $lastName);
$contentObjectAttributes[1]->store();
$user = eZUser::create($userID);
$user->setAttribute('login', $login);
$user->setAttribute('email', $email);
$user->setAttribute('password_hash', "");
$user->setAttribute('password_hash_type', 0);
$user->store();
eZUser::updateLastVisit($userID);
eZUser::setCurrentlyLoggedInUser($user, $userID);
// Reset number of failed login attempts
eZUser::setFailedLoginAttempts($userID, 0);
$operationResult = eZOperationHandler::execute('content', 'publish', array('object_id' => $contentObjectID, 'version' => 1));
$db->commit();
return $user;
} else {
$db->begin();
// Update user information
$userID = $existUser->attribute('contentobject_id');
$contentObject = eZContentObject::fetch($userID);
$parentNodeID = $contentObject->attribute('main_parent_node_id');
$currentVersion = $contentObject->attribute('current_version');
$version = $contentObject->attribute('current');
$contentObjectAttributes = $version->contentObjectAttributes();
$contentObjectAttributes[0]->setAttribute('data_text', $firstName);
$contentObjectAttributes[0]->store();
$contentObjectAttributes[1]->setAttribute('data_text', $lastName);
$contentObjectAttributes[1]->store();
$existUser = eZUser::fetch($userID);
$existUser->setAttribute('email', $email);
$existUser->setAttribute('password_hash', "");
$existUser->setAttribute('password_hash_type', 0);
$existUser->store();
if ($defaultUserPlacement != $parentNodeID) {
$newVersion = $contentObject->createNewVersion();
$newVersion->assignToNode($defaultUserPlacement, 1);
$newVersion->removeAssignment($parentNodeID);
$newVersionNr = $newVersion->attribute('version');
$operationResult = eZOperationHandler::execute('content', 'publish', array('object_id' => $userID, 'version' => $newVersionNr));
}
eZUser::updateLastVisit($userID);
eZUser::setCurrentlyLoggedInUser($existUser, $userID);
// Reset number of failed login attempts
eZUser::setFailedLoginAttempts($userID, 0);
$db->commit();
return $existUser;
}
} else {
// Increase number of failed login attempts.
if (isset($userID)) {
eZUser::setFailedLoginAttempts($userID);
}
return false;
}
}
}
fclose($handle);
}
}
// Increase number of failed login attempts.
if (isset($userID)) {
eZUser::setFailedLoginAttempts($userID);
}
return false;
}
function LogInOpenIDUser($identifier = false, $email = false)
{
$moduleINI = eZINI::instance('module.ini');
$attributeID = $moduleINI->variable('ModuleSettings', 'OpenIDAttributeID');
$nodeID = $moduleINI->variable('ModuleSettings', 'DefaultUserPlacement');
if ($email) {
$userByEmail = eZUser::fetchByEmail($email);
if ($userByEmail and $userByEmail->isEnabled()) {
$userID = $userByEmail->attribute('contentobject_id');
eZUser::setCurrentlyLoggedInUser($userByEmail, $userID);
eZUser::updateLastVisit($userID);
eZUser::setFailedLoginAttempts($userID, 0);
return $userByEmail;
}
} else {
$params = array('AttributeFilter' => array(array($attributeID, '=', $identifier)), 'ClassFilterType' => 'include', 'ClassFilterArray' => array('user'), 'Limit' => 1, 'Limitation' => array());
$userSubTree = eZContentObjectTreeNode::subTreeByNodeID($params, $nodeID);
if (count($userSubTree) == 1) {
$userContentObjectID = $userSubTree[0]->attribute('contentobject_id');
$user = eZUser::fetch($userContentObjectID, true);
if ($user and $user->isEnabled()) {
$userID = $user->attribute('contentobject_id');
eZUser::setCurrentlyLoggedInUser($user, $userID);
eZUser::updateLastVisit($userID);
eZUser::setFailedLoginAttempts($userID, 0);
return $user;
}
}
}
return false;
}
