/**
*
* Checks if username and password is not empty
* Checks if user exists and password matches
* Logs the user in
* remember_me() is called
*
* @return type
*/
public function process_login()
{
//don't neeed much validation since we use prepared queries
$username = strip_tags(trim($this->username));
$hasher = new \CODOF\Pass(8, false);
$password = $this->password;
$errors = array();
if (strlen($username) == 0) {
$errors[]["msg"] = _t("username field cannot be left empty");
}
if (strlen($password) == 0) {
$errors[]["msg"] = _t("password field cannot be left empty");
}
if (strlen($password) < 72 && empty($errors)) {
$user = User::getByUsername($username);
$ip = $_SERVER['REMOTE_ADDR'];
//cannot be trusted at all ;)
$ban = new Ban($this->db);
if ($user && $ban->is_banned(array($ip, $username, $user->mail))) {
$ban_len = '';
if ($ban->expires > 0) {
$ban_len = _t("until ") . date('d-m-Y h:m:s', $ban->expires);
}
return json_encode(array("msg" => _t("You have been banned ") . $ban_len));
}
if ($user && $hasher->CheckPassword($password, $user->pass)) {
User::login($user->id);
$user = User::get();
$user->rememberMe();
return json_encode(array("msg" => "success", "uid" => $user->id, "rid" => $user->rid, "role" => User::getRoleName($user->rid)));
} else {
\CODOF\Log::info('failed login attempt by ' . $username . 'wrong username/password');
return json_encode(array("msg" => _t("Wrong username or password")));
}
} else {
return json_encode($errors);
}
}
/**
*
* Checks if the password passed, matches the password of the current user
* @param string $password
* @return boolean
*/
public function checkPassword($password)
{
$hasher = new \CODOF\Pass(8, false);
return $hasher->CheckPassword($password, $this->user->pass);
}
