public function setUp() { parent::setUp(); $adduser = rex_sql::factory(); $adduser->setTable(rex::getTablePrefix() . 'user'); $adduser->setValue('name', 'test user'); $adduser->setValue('login', $this->login); $adduser->setValue('password', rex_login::passwordHash($this->password)); $adduser->setValue('status', '1'); $adduser->setValue('login_tries', '0'); $adduser->setValue('cookiekey', $this->cookiekey); $adduser->insert(); }
public function setUp() { if (rex::getUser()) { $this->skipped = true; $this->markTestSkipped('The rex_backend_login class can not be tested when test suite is running in redaxo backend.'); } $adduser = rex_sql::factory(); $adduser->setTable(rex::getTablePrefix() . 'user'); $adduser->setValue('name', 'test user'); $adduser->setValue('login', $this->login); $adduser->setValue('password', rex_login::passwordHash($this->password)); $adduser->setValue('status', '1'); $adduser->setValue('login_tries', '0'); $adduser->setValue('cookiekey', $this->cookiekey); $adduser->insert(); }
function rex_version_initArticle($params) { global $REX; $version = rex_request('rex_version', 'int'); if ($version == '') { return; } rex_login::startSession(); $REX['LOGIN'] = new rex_backend_login($REX['TABLE_PREFIX'] . 'user'); if ($REX['PSWFUNC'] != '') { $REX['LOGIN']->setPasswordFunction($REX['PSWFUNC']); } if ($REX['LOGIN']->checkLogin() !== true) { return; } $REX['USER'] =& $REX['LOGIN']->USER; $params['article']->setSliceRevision($version); if (is_a($params['article'], 'rex_article')) { $params['article']->getContentAsQuery(); } $params['article']->setEval(true); }
if ($noadmin != 1) { if ($redaxo_user_login == '') { $errors[] = rex_view::error(rex_i18n::msg('setup_601')); } if ($redaxo_user_pass == '') { $errors[] = rex_view::error(rex_i18n::msg('setup_602')); } if (count($errors) == 0) { $ga = rex_sql::factory(); $ga->setQuery('select * from ' . rex::getTablePrefix() . 'user where login = ? ', [$redaxo_user_login]); if ($ga->getRows() > 0) { $errors[] = rex_view::error(rex_i18n::msg('setup_603')); } else { // the server side encryption of pw is only required // when not already encrypted by client using javascript $redaxo_user_pass = rex_login::passwordHash($redaxo_user_pass, rex_post('javascript', 'boolean')); $user = rex_sql::factory(); // $user->setDebug(); $user->setTable(rex::getTablePrefix() . 'user'); $user->setValue('name', 'Administrator'); $user->setValue('login', $redaxo_user_login); $user->setValue('password', $redaxo_user_pass); $user->setValue('admin', 1); $user->addGlobalCreateFields('setup'); $user->setValue('status', '1'); try { $user->insert(); } catch (rex_sql_exception $e) { $errors[] = rex_view::error(rex_i18n::msg('setup_604')); } }
$updateuser->setValue('description', $userdesc); $updateuser->setValue('language', $userperm_be_sprache); $updateuser->addGlobalUpdateFields(); try { $updateuser->update(); $success = rex_i18n::msg('user_data_updated'); } catch (rex_sql_exception $e) { $error = $e->getMessage(); } } if (rex_post('upd_psw_button', 'bool')) { // the server side encryption of pw is only required // when not already encrypted by client using javascript $isPreHashed = rex_post('javascript', 'boolean'); if ($userpsw != '' && $userpsw_new_1 != '' && $userpsw_new_1 == $userpsw_new_2 && rex_login::passwordVerify($userpsw, $user->getValue('password'), $isPreHashed)) { $userpsw_new_1 = rex_login::passwordHash($userpsw_new_1, $isPreHashed); $updateuser = rex_sql::factory(); $updateuser->setTable(rex::getTablePrefix() . 'user'); $updateuser->setWhere(['id' => $user_id]); $updateuser->setValue('password', $userpsw_new_1); $updateuser->addGlobalUpdateFields(); try { $updateuser->update(); $success = rex_i18n::msg('user_psw_updated'); } catch (rex_sql_exception $e) { $error = $e->getMessage(); } } else { $error = rex_i18n::msg('user_psw_error'); } }
$page = "setup"; } else { // ----------------- CREATE LANG OBJ $I18N = rex_create_lang($REX['LANG']); setlocale(LC_ALL, trim($I18N->msg("setlocale"))); header('Content-Type: text/html; charset=' . $I18N->msg("htmlcharset")); header("Cache-Control: no-cache"); header("Pragma: no-cache"); // ----------------- CREATE LANG OBJ if (!isset($REX_ULOGIN)) { $REX_ULOGIN = ''; } if (!isset($REX_UPSW)) { $REX_UPSW = ''; } $REX_LOGIN = new rex_login(); $REX_LOGIN->setSqlDb(1); $REX_LOGIN->setSysID($REX['INSTNAME']); $REX_LOGIN->setSessiontime(3000); $REX_LOGIN->setLanguage($I18N->msg("htmllang")); if ($REX['PSWFUNC'] != "") { $REX_LOGIN->setPasswordFunction($REX['PSWFUNC']); } $REX_LOGIN->setLogin($REX_ULOGIN, $REX_UPSW); if (isset($FORM['logout']) and $FORM['logout'] == 1) { $REX_LOGIN->setLogout(true); } $REX_LOGIN->setUserID($REX['TABLE_PREFIX'] . "user.user_id"); $REX_LOGIN->setUserquery("SELECT * FROM " . $REX['TABLE_PREFIX'] . "user WHERE user_id = 'USR_UID'"); $REX_LOGIN->setLoginquery("SELECT * FROM " . $REX['TABLE_PREFIX'] . "user WHERE login = '******' and psw = 'USR_PSW' and lasttrydate <'" . (time() - $REX['RELOGINDELAY']) . "'"); if (!$REX_LOGIN->checkLogin()) {
/** * Version. * * @author jan@kristinus.de * * @package redaxo5 */ $mypage = 'version'; rex_perm::register('version[live_version]', null, rex_perm::OPTIONS); // ***** an EPs andocken rex_extension::register('ART_INIT', function (rex_extension_point $ep) { $version = rex_request('rex_version', 'int'); if ($version != 1) { return; } rex_login::startSession(); if (!rex_backend_login::hasSession()) { throw new rex_exception('no permission for the working version'); } $article = $ep->getParam('article'); $article->setSliceRevision($version); if ($article instanceof rex_article_content) { $article->getContentAsQuery(); } $article->setEval(true); }); rex_extension::register('PAGE_CONTENT_HEADER', function (rex_extension_point $ep) { $params = $ep->getParams(); $return = ''; $rex_version_article = rex::getProperty('login')->getSessionVar('rex_version_article'); if (!is_array($rex_version_article)) {
public function checkLogin() { $sql = rex_sql::factory(); $userId = $this->getSessionVar('UID'); $cookiename = 'rex_user_' . sha1(rex::getProperty('instname')); if ($cookiekey = rex_cookie($cookiename, 'string')) { if (!$userId) { $sql->setQuery('SELECT id FROM ' . rex::getTable('user') . ' WHERE cookiekey = ? LIMIT 1', [$cookiekey]); if ($sql->getRows() == 1) { $this->setSessionVar('UID', $sql->getValue('id')); setcookie($cookiename, $cookiekey, time() + 60 * 60 * 24 * 365); } else { setcookie($cookiename, '', time() - 3600); } } $this->setSessionVar('STAMP', time()); } $check = parent::checkLogin(); if ($check) { // gelungenen versuch speichern | login_tries = 0 if ($this->userLogin != '' || !$userId) { $this->regenerateSessionId(); $params = []; $add = ''; if ($this->stayLoggedIn || $cookiekey) { $cookiekey = sha1($this->systemId . time() . $this->userLogin); $add = 'cookiekey = ?, '; $params[] = $cookiekey; setcookie($cookiename, $cookiekey, time() + 60 * 60 * 24 * 365); } if (self::passwordNeedsRehash($this->user->getValue('password'))) { $add .= 'password = ?, '; $params[] = self::passwordHash($this->userPassword, true); } array_push($params, rex_sql::datetime(), session_id(), $this->userLogin); $sql->setQuery('UPDATE ' . $this->tableName . ' SET ' . $add . 'login_tries=0, lasttrydate=?, session_id=? WHERE login=? LIMIT 1', $params); } $this->user = new rex_user($this->user); } else { // fehlversuch speichern | login_tries++ if ($this->userLogin != '') { $sql->setQuery('SELECT login_tries FROM ' . $this->tableName . ' WHERE login=? LIMIT 1', [$this->userLogin]); if ($sql->getRows() > 0) { $login_tries = $sql->getValue('login_tries'); $sql->setQuery('UPDATE ' . $this->tableName . ' SET login_tries=login_tries+1,session_id="",cookiekey="",lasttrydate=? WHERE login=? LIMIT 1', [rex_sql::datetime(), $this->userLogin]); if ($login_tries >= self::LOGIN_TRIES_1 - 1) { $time = $login_tries < self::LOGIN_TRIES_2 ? self::RELOGIN_DELAY_1 : self::RELOGIN_DELAY_2; $hours = floor($time / 3600); $mins = floor(($time - $hours * 3600) / 60); $secs = $time % 60; $formatted = ($hours ? $hours . 'h ' : '') . ($hours || $mins ? $mins . 'min ' : '') . $secs . 's'; $this->message .= ' ' . rex_i18n::msg('login_wait', '<strong data-time="' . $time . '">' . $formatted . '</strong>'); } } } } if ($this->isLoggedOut() && $userId != '') { $sql->setQuery('UPDATE ' . $this->tableName . ' SET session_id="", cookiekey="" WHERE id=? LIMIT 1', [$userId]); setcookie($cookiename, '', time() - 3600); } return $check; }
// man kann sich selbst nicht loeschen.. if (rex::getUser()->getId() != $user_id) { $deleteuser = rex_sql::factory(); $deleteuser->setQuery('DELETE FROM ' . rex::getTablePrefix() . "user WHERE id = '{$user_id}' LIMIT 1"); $info = rex_i18n::msg('user_deleted'); $user_id = 0; } else { $warnings[] = rex_i18n::msg('user_notdeleteself'); } } elseif ($FUNC_ADD != '' and $save == 1) { $adduser = rex_sql::factory(); $adduser->setQuery('SELECT * FROM ' . rex::getTablePrefix() . "user WHERE login = '******'"); if ($adduser->getRows() == 0 && $userlogin != '' && $userpsw != '') { // the server side encryption of pw is only required // when not already encrypted by client using javascript $userpsw = rex_login::passwordHash($userpsw, rex_post('javascript', 'boolean')); $adduser = rex_sql::factory(); $adduser->setTable(rex::getTablePrefix() . 'user'); $adduser->setValue('name', $username); $adduser->setValue('password', $userpsw); $adduser->setValue('login', $userlogin); $adduser->setValue('description', $userdesc); $adduser->setValue('admin', rex::getUser()->isAdmin() && $useradmin == 1 ? 1 : 0); $adduser->setValue('language', $userperm_be_sprache); $adduser->setValue('startpage', $userperm_startpage); $adduser->setValue('role', $userrole); $adduser->addGlobalCreateFields(); if (isset($userstatus) and $userstatus == 1) { $adduser->setValue('status', 1); } else { $adduser->setValue('status', 0);
function checkLogin() { global $REX; $fvs = new rex_sql(); // $fvs->debugsql = true; $userId = $this->getSessionVar('UID'); $check = parent::checkLogin(); if ($check) { // gelungenen versuch speichern | login_tries = 0 if ($this->usr_login != '') { $this->sessionFixation(); $fvs->setQuery('UPDATE ' . $this->tableName . ' SET login_tries=0, lasttrydate=' . time() . ', session_id="' . session_id() . '" WHERE login="******" LIMIT 1'); } } else { // fehlversuch speichern | login_tries++ if ($this->usr_login != '') { $fvs->setQuery('UPDATE ' . $this->tableName . ' SET login_tries=login_tries+1,session_id="",lasttrydate=' . time() . ' WHERE login="******" LIMIT 1'); } } if ($this->isLoggedOut() && $userId != '') { $fvs->setQuery('UPDATE ' . $this->tableName . ' SET session_id="" WHERE user_id="' . $userId . '" LIMIT 1'); } if ($fvs->hasError()) { return $fvs->getError(); } return $check; }