public function __construct()
{
$args = func_get_args();
if (isset($args[1])) {
// first, we check to see if the username and password match the admin username and password
// $username = uName normally, but if not it's email address
$username = $args[0];
$password = $args[1];
if (!$args[2]) {
Session::remove('uGroups');
Session::remove('accessEntities');
}
$v = array($username);
if (Config::get('concrete.user.registration.email_registration')) {
$q = "select uID, uName, uIsActive, uIsValidated, uTimezone, uDefaultLanguage, uPassword, uLastPasswordChange from Users where uEmail = ?";
} else {
$q = "select uID, uName, uIsActive, uIsValidated, uTimezone, uDefaultLanguage, uPassword, uLastPasswordChange from Users where uName = ?";
}
$db = Loader::db();
$r = $db->query($q, $v);
if ($r) {
$row = $r->fetchRow();
$pw_is_valid_legacy = defined('PASSWORD_SALT') && User::legacyEncryptPassword($password) == $row['uPassword'];
$pw_is_valid = $pw_is_valid_legacy || $this->getUserPasswordHasher()->checkPassword($password, $row['uPassword']);
if ($row['uID'] && $row['uIsValidated'] === '0' && \Config::get('concrete.user.registration.validate_email')) {
$this->loadError(USER_NON_VALIDATED);
} elseif ($row['uID'] && $row['uIsActive'] && $pw_is_valid) {
$this->uID = $row['uID'];
$this->uName = $row['uName'];
$this->uIsActive = $row['uIsActive'];
$this->uTimezone = $row['uTimezone'];
$this->uDefaultLanguage = $row['uDefaultLanguage'];
$this->uLastPasswordChange = $row['uLastPasswordChange'];
$this->uGroups = $this->_getUserGroups($args[2]);
if ($row['uID'] == USER_SUPER_ID) {
$this->superUser = true;
} else {
$this->superUser = false;
}
$this->recordLogin();
if (!$args[2]) {
$session = Core::make('session');
$session->set('uID', $row['uID']);
$session->set('uName', $row['uName']);
$session->set('superUser', $this->superUser);
$session->set('uBlockTypesSet', false);
$session->set('uGroups', $this->uGroups);
$session->set('uTimezone', $this->uTimezone);
$session->set('uDefaultLanguage', $row['uDefaultLanguage']);
$session->set('uLastPasswordChange', $row['uLastPasswordChange']);
Loader::helper('concrete/ui')->cacheInterfaceItems();
}
} elseif ($row['uID'] && !$row['uIsActive']) {
$this->loadError(USER_INACTIVE);
} else {
$this->loadError(USER_INVALID);
}
$r->free();
if ($pw_is_valid_legacy) {
// this password was generated on a previous version of Concrete5.
// We re-hash it to make it more secure.
$v = array($this->getUserPasswordHasher()->HashPassword($password), $this->uID);
$db->execute($db->prepare("update Users set uPassword = ? where uID = ?"), $v);
}
} else {
$this->getUserPasswordHasher()->hashpassword($password);
// hashpassword and checkpassword are slow functions.
// We run one here just take time.
// Without it an attacker would be able to tell that the
// username doesn't exist using a timing attack.
$this->loadError(USER_INVALID);
}
} else {
$req = Request::getInstance();
if ($req->hasCustomRequestUser()) {
$this->uID = null;
$this->uName = null;
$this->superUser = false;
$this->uDefaultLanguage = null;
$this->uTimezone = null;
$ux = $req->getCustomRequestUser();
if ($ux && is_object($ux)) {
$this->uID = $ux->getUserID();
$this->uName = $ux->getUserName();
$this->superUser = $ux->getUserID() == USER_SUPER_ID;
if ($ux->getUserDefaultLanguage()) {
$this->uDefaultLanguage = $ux->getUserDefaultLanguage();
}
$this->uTimezone = $ux->getUserTimezone();
}
} elseif (Session::has('uID')) {
$this->uID = Session::get('uID');
$this->uName = Session::get('uName');
$this->uTimezone = Session::get('uTimezone');
if (Session::has('uDefaultLanguage')) {
$this->uDefaultLanguage = Session::get('uDefaultLanguage');
}
$this->superUser = Session::get('uID') == USER_SUPER_ID ? true : false;
} else {
$this->uID = null;
$this->uName = null;
$this->superUser = false;
$this->uDefaultLanguage = null;
$this->uTimezone = null;
}
$this->uGroups = $this->_getUserGroups();
if (!isset($args[2]) && !$req->hasCustomRequestUser()) {
Session::set('uGroups', $this->uGroups);
}
}
return $this;
}
public function legacyEncryptPassword($uPassword)
{
return parent::legacyEncryptPassword($uPassword);
}
