<?php header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept'); header('Content-Type: application/json'); try { erLhcoreClassRestAPIHandler::validateRequest(); if (isset($_GET['user_id']) && is_numeric($_GET['user_id'])) { $userData = erLhcoreClassModelUser::fetch((int) $_GET['user_id']); } elseif (isset($_GET['username']) && !empty($_GET['username'])) { $userData = erLhcoreClassModelUser::findOne(array('filter' => array('username' => $_GET['username']))); } elseif (isset($_GET['email']) && !empty($_GET['email'])) { $userData = erLhcoreClassModelUser::findOne(array('filter' => array('email' => $_GET['email']))); } if (!$userData instanceof erLhcoreClassModelUser) { throw new Exception('User could not be found!'); } if ($_GET['status'] == 'true') { $userData->hide_online = 0; $text = 'flash_on'; } else { $text = 'flash_off'; $userData->hide_online = 1; } $userData->operation_admin .= "\$('#online-offline-user').text('" . $text . "');"; erLhcoreClassUser::getSession()->update($userData); erLhcoreClassUserDep::setHideOnlineStatus($userData); erLhcoreClassRestAPIHandler::outputResponse(array('offline' => $userData->hide_online)); erLhcoreClassChatEventDispatcher::getInstance()->dispatch('chat.operator_status_changed', array('user' => &$userData, 'reason' => 'rest_api')); } catch (Exception $e) { echo json_encode(array('error' => true, 'result' => $e->getMessage()));
header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept'); header('Content-Type: application/json'); try { erLhcoreClassRestAPIHandler::validateRequest(); // init data $user_id = isset($_GET['user_id']) ? intval($_GET['user_id']) : 0; $username = isset($_GET['username']) ? trim($_GET['username']) : ''; $email = isset($_GET['email']) ? trim($_GET['email']) : ''; $password = isset($_GET['password']) ? trim($_GET['password']) : ''; // init param, check what is supplied $param = $username != '' ? array('username' => $username) : array('email' => '00'); // dummy email value to ensure 0 res $param = $email != '' ? array('email' => $email) : $param; // init user $user = $user_id > 0 ? erLhcoreClassModelUser::fetch($user_id) : erLhcoreClassModelUser::findOne(array('filter' => $param)); // check we have data if (!$user instanceof erLhcoreClassModelUser) { throw new Exception('User could not be found!'); } // check if password is given, if so, validate password if ($password != '') { // check password encryption type if (strlen($user->password) == 40) { // get password hash $cfgSite = erConfigClassLhConfig::getInstance(); $secretHash = $cfgSite->getSetting('site', 'secrethash'); $pass_hash = sha1($password . $secretHash . sha1($password)); $verified = $user->password == $pass_hash ? 1 : 0; } else { $verified = password_verify($password, $user->password) ? 1 : 0;
function authenticate($username, $password, $remember = false) { $this->session->destroy(); $user = erLhcoreClassModelUser::findOne(array('filter' => array('username' => $username))); if ($user === false) { return false; } $cfgSite = erConfigClassLhConfig::getInstance(); $secretHash = $cfgSite->getSetting('site', 'secrethash'); if (strlen($user->password) == 40) { // this is old password $passwordVerify = sha1($password . $secretHash . sha1($password)); $changePassword = true; } else { if (!password_verify($password, $user->password)) { return false; } $changePassword = false; $passwordVerify = $user->password; } $this->credentials = new ezcAuthenticationPasswordCredentials($username, $passwordVerify); $database = new ezcAuthenticationDatabaseInfo(ezcDbInstance::get(), 'lh_users', array('username', 'password')); $this->authentication = new ezcAuthentication($this->credentials); $this->filter = new ezcAuthenticationDatabaseFilter($database); $this->filter->registerFetchData(array('id', 'username', 'email', 'disabled', 'session_id')); $this->authentication->addFilter($this->filter); $this->authentication->session = $this->session; if (!$this->authentication->run()) { return false; // build an error message based on $status } else { $data = $this->filter->fetchData(); if ($data['disabled'][0] == 0) { if (isset($_SESSION['lhc_access_array'])) { unset($_SESSION['lhc_access_array']); } if (isset($_SESSION['lhc_access_timestamp'])) { unset($_SESSION['lhc_access_timestamp']); } $_SESSION['lhc_user_id'] = $data['id'][0]; $this->userid = $data['id'][0]; if ($remember === true) { $this->rememberMe(); } $this->authenticated = true; // Limit number per of logins under same user if ((self::$oneLoginPerAccount == true || $cfgSite->getSetting('site', 'one_login_per_account', false) == true) && $_COOKIE['PHPSESSID'] != '') { $db = ezcDbInstance::get(); $stmt = $db->prepare('UPDATE lh_users SET session_id = :session_id WHERE id = :id'); $stmt->bindValue(':session_id', $_COOKIE['PHPSESSID'], PDO::PARAM_STR); $stmt->bindValue(':id', $this->userid, PDO::PARAM_INT); $stmt->execute(); } // Change old password to new one if ($changePassword === true) { $db = ezcDbInstance::get(); $stmt = $db->prepare('UPDATE lh_users SET password = :password WHERE id = :id'); $stmt->bindValue(':password', password_hash($password, PASSWORD_DEFAULT), PDO::PARAM_STR); $stmt->bindValue(':id', $this->userid, PDO::PARAM_INT); $stmt->execute(); } return true; } return false; } }