/** * @deprecated CB 1.2.2 (backwards compatibility: obsolete): * use $user->verifyPassword() and $user->hashAndSaltPassword() * * Generate the hashed/salted/encoded password for the database * and to check the password at login: * if $row provided, it is checking the existing password (and update if needed) * if not provided, it will generate a new hashed password * * @param string $passwd cleartext * @param moscomprofilerUser $row * @return string|boolean salted/hashed password if $row not provided, otherwise TRUE/FALSE on password check */ function cbHashPassword($passwd, $row = null) { if ($row) { return $row->verifyPassword($passwd); } else { global $_CB_database; cbimport('cb.tables'); $row = new moscomprofilerUser($_CB_database); return $row->hashAndSaltPassword($passwd); } }
/** * User login into CMS framework * * @param string $username The username * @param string|boolean $password if boolean FALSE: login without password if possible * @param booleean $rememberme 1 for "remember-me" cookie method * @param int $userId used for "remember-me" login function only * @return boolean Login success */ function login( $username, $password, $rememberme = 0, $userId = null ) { header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"'); // needed for IE6 to accept this anti-spam cookie in higher security setting. if ( checkJversion() >= 1 ) { // Joomla 1.5 RC and above: if ( $password !== false ) { $result = $this->_baseFramework->login( array( 'username' => $username, 'password' => $password ), array( 'remember' => $rememberme ) ); } else { // login without password: jimport( 'joomla.user.authentication' ); // load user plugins: JPluginHelper::importPlugin( 'user' ); // get JAuthentication object: $authenticate =& JAuthentication::getInstance(); $dispatcher =& JDispatcher::getInstance(); $response = new JAuthenticationResponse(); // prepare our SUCCESS login response including user data: global $_CB_database; $row = new moscomprofilerUser( $_CB_database ); $row->loadByUsername( stripslashes( $username ) ); $response->status = JAUTHENTICATE_STATUS_SUCCESS; $response->username = $username; $response->fullname = $row->name; // now we attempt user login and check results: if ( checkJversion() == 2 ) { $login = $dispatcher->trigger( 'onUserLogin', array( (array) $response, array( 'action' => 'core.login.site' ) ) ); } else { $login = $dispatcher->trigger( 'onLoginUser', array( (array) $response, array() ) ); } $result = ! in_array( false, $login, true ); } if ( $result ) { $user =& JFactory::getUser(); $this->_myId = (int) $user->id; $this->_myUsername = $user->username; $this->_myUserType = $user->usertype; $this->_myCmsGid = $user->get('aid', 0); $lang =& JFactory::getLanguage(); if ( checkJversion() == 2 ) { $this->_myLanguage = strtolower( preg_replace( '/^(\w+).*$/i', '\1', $lang->getName() ) ); } else { $this->_myLanguage = $lang->getBackwardLang(); } } } else { // Mambo 4.5.x and Joomla before 1.0.13+ (in fact RC3+) do need hashed password for login() method: if ( $password !== false ) { $hashedPwdLogin = ( ( checkJversion() == 0 ) && ! function_exists( 'josHashPassword' ) ); // more reliable version-checking than the often hacked version.php file! if ( $hashedPwdLogin ) { // Joomla 1.0.12 and below: $dummyRow = new moscomprofilerUser( $_CB_database ); $this->_baseFramework->login( $username, $dummyRow->hashAndSaltPassword( $password ), $rememberme, $userId ); } else { $this->_baseFramework->login( $username, $password, $rememberme, $userId ); } // Joomla 1.0 redirects bluntly if login fails! so we need to check by ourselves below: $result = true; } else { // login without password: //TBD MAMBO 4.6 support here ! global $_CB_database, $mainframe, $_VERSION; $row = new moscomprofilerUser( $_CB_database ); $row->loadByUsername( stripslashes( $username ) ); // prepare login session with user data: $session =& $mainframe->_session; $session->guest = 0; $session->username = $row->username; $session->userid = (int) $row->id; $session->usertype = $row->usertype; $session->gid = (int) $row->gid; // attempt to login user: if ( $session->update() ) { $result = true; } // check if site is demo or production: if ( $_VERSION->SITE ) { // site is production; remove duplicate sessions: $query = 'DELETE FROM ' . $_CB_database->NameQuote( '#__session' ) . "\n WHERE " . $_CB_database->NameQuote( 'session_id' ) . ' != ' . $_CB_database->Quote( $session->session_id ) . "\n AND " . $_CB_database->NameQuote( 'username' ) . ' = ' . $_CB_database->Quote( $row->username ) . "\n AND " . $_CB_database->NameQuote( 'userid' ) . ' = ' . (int) $row->id . "\n AND " . $_CB_database->NameQuote( 'gid' ) . ' = ' . (int) $row->gid . "\n AND " . $_CB_database->NameQuote( 'guest' ) . ' = 0'; $_CB_database->setQuery( $query ); if ( ! $_CB_database->query() ) { trigger_error( 'loginUser 1 SQL error: ' . $_CB_database->stderr( true ), E_USER_WARNING ); } } // get current datetime: $currentDate = date( 'Y-m-d H:i:s', $this->now() ); // update user last login with current datetime: $query = 'UPDATE ' . $_CB_database->NameQuote( '#__users' ) . "\n SET " . $_CB_database->NameQuote( 'lastvisitDate' ) . " = " . $_CB_database->Quote( $currentDate ) . "\n WHERE " . $_CB_database->NameQuote( 'id' ) . " = " . (int) $session->userid; $_CB_database->setQuery( $query ); if ( ! $_CB_database->query() ) { trigger_error( 'loginUser 2 SQL error: ' . $_CB_database->stderr( true ), E_USER_WARNING ); } // clean old cache: mosCache::cleanCache(); } if ( checkJversion() == 0 ) { global $mainframe; $mymy = $mainframe->getUser(); $this->_myId = (int) $mymy->id; $this->_myUsername = $mymy->username; $this->_myUserType = $mymy->usertype; $this->_myCmsGid = $mymy->gid; if ( ! $this->_myId ) { $result = false; } } //TBD MAMBO 4.6 support here ! } return $result; }