<?php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept');
header('Content-Type: application/json');
try {
erLhcoreClassRestAPIHandler::validateRequest();
if (isset($_GET['user_id']) && is_numeric($_GET['user_id'])) {
$userData = erLhcoreClassModelUser::fetch((int) $_GET['user_id']);
} elseif (isset($_GET['username']) && !empty($_GET['username'])) {
$userData = erLhcoreClassModelUser::findOne(array('filter' => array('username' => $_GET['username'])));
} elseif (isset($_GET['email']) && !empty($_GET['email'])) {
$userData = erLhcoreClassModelUser::findOne(array('filter' => array('email' => $_GET['email'])));
}
if (!$userData instanceof erLhcoreClassModelUser) {
throw new Exception('User could not be found!');
}
if ($_GET['status'] == 'true') {
$userData->hide_online = 0;
$text = 'flash_on';
} else {
$text = 'flash_off';
$userData->hide_online = 1;
}
$userData->operation_admin .= "\$('#online-offline-user').text('" . $text . "');";
erLhcoreClassUser::getSession()->update($userData);
erLhcoreClassUserDep::setHideOnlineStatus($userData);
erLhcoreClassRestAPIHandler::outputResponse(array('offline' => $userData->hide_online));
erLhcoreClassChatEventDispatcher::getInstance()->dispatch('chat.operator_status_changed', array('user' => &$userData, 'reason' => 'rest_api'));
} catch (Exception $e) {
echo json_encode(array('error' => true, 'result' => $e->getMessage()));
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept');
header('Content-Type: application/json');
try {
erLhcoreClassRestAPIHandler::validateRequest();
// init data
$user_id = isset($_GET['user_id']) ? intval($_GET['user_id']) : 0;
$username = isset($_GET['username']) ? trim($_GET['username']) : '';
$email = isset($_GET['email']) ? trim($_GET['email']) : '';
$password = isset($_GET['password']) ? trim($_GET['password']) : '';
// init param, check what is supplied
$param = $username != '' ? array('username' => $username) : array('email' => '00');
// dummy email value to ensure 0 res
$param = $email != '' ? array('email' => $email) : $param;
// init user
$user = $user_id > 0 ? erLhcoreClassModelUser::fetch($user_id) : erLhcoreClassModelUser::findOne(array('filter' => $param));
// check we have data
if (!$user instanceof erLhcoreClassModelUser) {
throw new Exception('User could not be found!');
}
// check if password is given, if so, validate password
if ($password != '') {
// check password encryption type
if (strlen($user->password) == 40) {
// get password hash
$cfgSite = erConfigClassLhConfig::getInstance();
$secretHash = $cfgSite->getSetting('site', 'secrethash');
$pass_hash = sha1($password . $secretHash . sha1($password));
$verified = $user->password == $pass_hash ? 1 : 0;
} else {
$verified = password_verify($password, $user->password) ? 1 : 0;
function authenticate($username, $password, $remember = false)
{
$this->session->destroy();
$user = erLhcoreClassModelUser::findOne(array('filter' => array('username' => $username)));
if ($user === false) {
return false;
}
$cfgSite = erConfigClassLhConfig::getInstance();
$secretHash = $cfgSite->getSetting('site', 'secrethash');
if (strlen($user->password) == 40) {
// this is old password
$passwordVerify = sha1($password . $secretHash . sha1($password));
$changePassword = true;
} else {
if (!password_verify($password, $user->password)) {
return false;
}
$changePassword = false;
$passwordVerify = $user->password;
}
$this->credentials = new ezcAuthenticationPasswordCredentials($username, $passwordVerify);
$database = new ezcAuthenticationDatabaseInfo(ezcDbInstance::get(), 'lh_users', array('username', 'password'));
$this->authentication = new ezcAuthentication($this->credentials);
$this->filter = new ezcAuthenticationDatabaseFilter($database);
$this->filter->registerFetchData(array('id', 'username', 'email', 'disabled', 'session_id'));
$this->authentication->addFilter($this->filter);
$this->authentication->session = $this->session;
if (!$this->authentication->run()) {
return false;
// build an error message based on $status
} else {
$data = $this->filter->fetchData();
if ($data['disabled'][0] == 0) {
if (isset($_SESSION['lhc_access_array'])) {
unset($_SESSION['lhc_access_array']);
}
if (isset($_SESSION['lhc_access_timestamp'])) {
unset($_SESSION['lhc_access_timestamp']);
}
$_SESSION['lhc_user_id'] = $data['id'][0];
$this->userid = $data['id'][0];
if ($remember === true) {
$this->rememberMe();
}
$this->authenticated = true;
// Limit number per of logins under same user
if ((self::$oneLoginPerAccount == true || $cfgSite->getSetting('site', 'one_login_per_account', false) == true) && $_COOKIE['PHPSESSID'] != '') {
$db = ezcDbInstance::get();
$stmt = $db->prepare('UPDATE lh_users SET session_id = :session_id WHERE id = :id');
$stmt->bindValue(':session_id', $_COOKIE['PHPSESSID'], PDO::PARAM_STR);
$stmt->bindValue(':id', $this->userid, PDO::PARAM_INT);
$stmt->execute();
}
// Change old password to new one
if ($changePassword === true) {
$db = ezcDbInstance::get();
$stmt = $db->prepare('UPDATE lh_users SET password = :password WHERE id = :id');
$stmt->bindValue(':password', password_hash($password, PASSWORD_DEFAULT), PDO::PARAM_STR);
$stmt->bindValue(':id', $this->userid, PDO::PARAM_INT);
$stmt->execute();
}
return true;
}
return false;
}
}
