/** * * Checks if username and password is not empty * Checks if user exists and password matches * Logs the user in * remember_me() is called * * @return type */ public function process_login() { //don't neeed much validation since we use prepared queries $username = strip_tags(trim($this->username)); $hasher = new \CODOF\Pass(8, false); $password = $this->password; $errors = array(); if (strlen($username) == 0) { $errors[]["msg"] = _t("username field cannot be left empty"); } if (strlen($password) == 0) { $errors[]["msg"] = _t("password field cannot be left empty"); } if (strlen($password) < 72 && empty($errors)) { $user = User::getByUsername($username); $ip = $_SERVER['REMOTE_ADDR']; //cannot be trusted at all ;) $ban = new Ban($this->db); if ($user && $ban->is_banned(array($ip, $username, $user->mail))) { $ban_len = ''; if ($ban->expires > 0) { $ban_len = _t("until ") . date('d-m-Y h:m:s', $ban->expires); } return json_encode(array("msg" => _t("You have been banned ") . $ban_len)); } if ($user && $hasher->CheckPassword($password, $user->pass)) { User::login($user->id); $user = User::get(); $user->rememberMe(); return json_encode(array("msg" => "success", "uid" => $user->id, "rid" => $user->rid, "role" => User::getRoleName($user->rid))); } else { \CODOF\Log::info('failed login attempt by ' . $username . 'wrong username/password'); return json_encode(array("msg" => _t("Wrong username or password"))); } } else { return json_encode($errors); } }
/** * This function is called on every page load by the user . * * It checks for any cron that is scheduled to run * * @return boolean */ public function run($cron = null) { $crons = $this->acquire_lock($cron); if (!$crons) { $this->cleanUp(); //could not acquire lock because another cron is already running //or the cron last completed is not older than cron_interval return false; } //script must continue even if user aborts @ignore_user_abort(true); //parallel crons may cause write conflicts if (!$this->serial) { //write and end session session_write_close(); } //amount of time for which cron is allowed to run set_time_limit($this->time_limit); ob_start(); $this->add_core_hooks(); foreach ($crons as $cron) { if ($cron['cron_name'] == 'core') { //run all core jobs of cron $this->run_jobs(); } //there is no guarantee that user defined plugins wont produce //errors . try { \CODOF\Hook::call('on_cron_' . $cron['cron_name']); } catch (Exception $ex) { } } $this->log = ob_get_clean(); //cron jobs done, set status as not running $this->release_lock(); //below hook should not be used to run cron jobs \CODOF\Hook::call('after_cron_run'); if ($this->log != '') { \CODOF\Log::info('Cron:' . $this->log); } return true; }