/**
  * Update User Configuration
  *
  * @param string $username
  * @param string $password0
  * @param string $password1
  * @param string $email
  * @param string $language
  * @param optional string $firstname
  * @param optional string $lastname
  *
  * @author Nikita Rousseau
  */
 public function updateUserConfig($username, $password0, $password1, $email, $language, $firstname = '', $lastname = '')
 {
     $form = array('username' => $username, 'password0' => $password0, 'password1' => $password1, 'email' => $email, 'language' => $language);
     $errors = array();
     // array to hold validation errors
     $data = array();
     // array to pass back data
     $dbh = Core_DBH::getDBH();
     // Get Database Handle
     // Get languages
     $languages = parse_ini_file(CONF_LANG_INI);
     $languages = array_flip(array_values($languages));
     // validate the variables ======================================================
     $v = new Valitron\Validator($form);
     $rules = ['required' => [['username'], ['password0'], ['password1'], ['email'], ['language']], 'alphaNum' => [['username']], 'lengthMin' => [['username', 4], ['password0', 8]], 'equals' => [['password0', 'password1']], 'email' => [['email']], 'in' => [['language', $languages]]];
     $labels = array('username' => 'Username', 'password0' => 'Password', 'password1' => 'Confirmation Password', 'email' => 'Email', 'language' => 'Language');
     $v->rules($rules);
     $v->labels($labels);
     $v->validate();
     $errors = $v->errors();
     // Apply the form ==============================================================
     if (empty($errors)) {
         // Database update
         $db_data['username'] = $form['username'];
         $db_data['password'] = Core_AuthService::getHash($form['password0']);
         $db_data['email'] = $form['email'];
         $db_data['lang'] = $form['language'];
         if (!empty($firstname)) {
             $db_data['firstname'] = $firstname;
         }
         if (!empty($lastname)) {
             $db_data['lastname'] = $lastname;
         }
         $authService = Core_AuthService::getAuthService();
         $uid = Core_AuthService::getSessionInfo('ID');
         foreach ($db_data as $key => $value) {
             $sth = $dbh->prepare("\tUPDATE " . DB_PREFIX . "user\n\t\t\t\t\t\t\t\t\t\tSET " . $key . " = :" . $key . "\n\t\t\t\t\t\t\t\t\t\tWHERE user_id = '" . $uid . "';");
             $sth->bindParam(':' . $key, $value);
             $sth->execute();
         }
         // Reload Session
         $authService->rmSessionInfo();
         $authService->setSessionInfo($uid, $db_data['username'], $db_data['firstname'], $db_data['lastname'], $db_data['lang'], BGP_USER_TEMPLATE);
         $authService->setSessionPerms();
         $this->rmCookie('LANG');
     }
     // return a response ===========================================================
     // response if there are errors
     if (!empty($errors)) {
         // if there are items in our errors array, return those errors
         $data['success'] = false;
         $data['errors'] = $errors;
         $data['msgType'] = 'warning';
         $data['msg'] = T_('Bad Settings!');
     } else {
         $data['success'] = true;
     }
     // return all our data to an AJAX call
     return $data;
 }
예제 #2
0
 public static function checkRemoteAPIUser($remote_ip, $api_user, $api_user_pass)
 {
     $username = $api_user;
     $password = Core_AuthService::getHash($api_user_pass);
     $dbh = Core_DBH::getDBH();
     try {
         $sth = $dbh->prepare("\n\t\t\t\tSELECT user_id\n\t\t\t\tFROM " . DB_PREFIX . "user\n\t\t\t\tWHERE\n\t\t\t\t\tusername = :username AND\n\t\t\t\t\tpassword = :password AND\n\t\t\t\t\tstatus = 'Active'\n\t\t\t\t;");
         $sth->bindParam(':username', $username);
         $sth->bindParam(':password', $password);
         $sth->execute();
         $result = $sth->fetchAll(PDO::FETCH_ASSOC);
     } catch (PDOException $e) {
         echo $e->getMessage() . ' in ' . $e->getFile() . ' on line ' . $e->getLine();
         die;
     }
     if (!empty($result)) {
         $user_id = $result[0]['user_id'];
         // NIST Level 2 Standard Role Based Access Control Library
         $rbac = new PhpRbac\Rbac();
         // Verify API Role
         if ($rbac->Users->hasRole('api', $user_id)) {
             // Update User Activity
             try {
                 $sth = $dbh->prepare("\n\t\t\t\t\t\tUPDATE " . DB_PREFIX . "user\n\t\t\t\t\t\tSET\n\t\t\t\t\t\t\tlast_login\t\t= :last_login,\n\t\t\t\t\t\t\tlast_activity\t= :last_activity,\n\t\t\t\t\t\t\tlast_ip \t\t= :last_ip,\n\t\t\t\t\t\t\tlast_host\t\t= :last_host\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tuser_id\t\t\t= :user_id\n\t\t\t\t\t\t;");
                 $last_login = date('Y-m-d H:i:s');
                 $last_activity = date('Y-m-d H:i:s');
                 $last_host = gethostbyaddr($remote_ip);
                 $sth->bindParam(':last_login', $last_login);
                 $sth->bindParam(':last_activity', $last_activity);
                 $sth->bindParam(':last_ip', $remote_ip);
                 $sth->bindParam(':last_host', $last_host);
                 $sth->bindParam(':user_id', $user_id);
                 $sth->execute();
             } catch (PDOException $e) {
                 echo $e->getMessage() . ' in ' . $e->getFile() . ' on line ' . $e->getLine();
                 die;
             }
             // Update $_SERVER
             $_SERVER['PHP_AUTH_USER'] = $user_id;
             return TRUE;
         }
     }
     return FALSE;
 }
 /**
  * User Password Renewal
  *
  * @param string $username
  * @param string $email
  * @param optional bool $captcha_validation
  *
  * @author Nikita Rousseau
  */
 public function sendNewPassword($username, $email, $captcha_validation = TRUE)
 {
     $form = array('username' => $username, 'email' => $email);
     $errors = array();
     // array to hold validation errors
     $data = array();
     // array to pass back data
     $dbh = Core_DBH::getDBH();
     // Get Database Handle
     // validate the variables ======================================================
     $v = new Valitron\Validator($form);
     $rules = ['required' => [['username'], ['email']], 'alphaNum' => [['username']], 'email' => [['email']]];
     $v->rules($rules);
     $v->validate();
     $errors = $v->errors();
     // Verify the form =============================================================
     if (empty($errors)) {
         $username = $form['username'];
         $email = $form['email'];
         try {
             $sth = $dbh->prepare("\n\t\t\t\t\tSELECT user_id, email\n\t\t\t\t\tFROM " . DB_PREFIX . "user\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tusername = :username AND\n\t\t\t\t\t\temail \t = :email AND\n\t\t\t\t\t\tstatus   = 'active'\n\t\t\t\t\t;");
             $sth->bindParam(':username', $username);
             $sth->bindParam(':email', $email);
             $sth->execute();
             $result = $sth->fetchAll();
         } catch (PDOException $e) {
             echo $e->getMessage() . ' in ' . $e->getFile() . ' on line ' . $e->getLine();
             die;
         }
         if (!empty($result) && $captcha_validation == TRUE) {
             $authService = Core_AuthService::getAuthService();
             // Reset Login Attempts
             $authService->rsSecCount();
             // Reset User Passwd
             $plainTextPasswd = bgp_create_random_password(13);
             $digestPasswd = Core_AuthService::getHash($plainTextPasswd);
             try {
                 // Update User Passwd
                 $sth = $dbh->prepare("\n\t\t\t\t\t\tUPDATE " . DB_PREFIX . "user\n\t\t\t\t\t\tSET\n\t\t\t\t\t\t\tpassword \t= :password\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tuser_id\t\t= :user_id\n\t\t\t\t\t\t;");
                 $sth->bindParam(':password', $digestPasswd);
                 $sth->bindParam(':user_id', $result[0]['user_id']);
                 $sth->execute();
             } catch (PDOException $e) {
                 echo $e->getMessage() . ' in ' . $e->getFile() . ' on line ' . $e->getLine();
                 die;
             }
             // Send Email
             $to = htmlentities($result[0]['email'], ENT_QUOTES);
             $subject = T_('Reset Password');
             $message = T_('Your password has been reset to:');
             $message .= "<br /><br />" . $plainTextPasswd . "<br /><br />";
             $message .= T_('With IP') . ': ';
             $message .= $_SERVER['REMOTE_ADDR'];
             $headers = 'MIME-Version: 1.0' . "\r\n";
             $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
             $headers .= 'From: Bright Game Panel System <root@' . $_SERVER['SERVER_NAME'] . '>' . "\r\n";
             $headers .= 'X-Mailer: PHP/' . phpversion();
             $mail = mail($to, $subject, $message, $headers);
             // Log Event
             $logger = self::getLogger();
             $logger->info('Password reset.');
         } else {
             // Call security component
             $authService = Core_AuthService::getAuthService();
             $authService->incrementSecCount();
             // Log Event
             $logger = self::getLogger();
             $logger->info('Bad password reset.');
             // Messages
             if (empty($result)) {
                 $errors['username'] = T_('Wrong information.');
                 $errors['email'] = T_('Wrong information.');
             }
             if ($captcha_validation == FALSE) {
                 $errors['captcha'] = T_('Wrong CAPTCHA Code.');
             }
         }
     }
     // return a response ===========================================================
     // response if there are errors
     if (!empty($errors)) {
         // if there are items in our errors array, return those errors
         $data['success'] = false;
         $data['errors'] = $errors;
         // notification
         $authService = Core_AuthService::getAuthService();
         if ($authService->isBanned()) {
             $data['msgType'] = 'warning';
             $data['msg'] = T_('You have been banned') . ' ' . CONF_SEC_BAN_DURATION . ' ' . T_('seconds!');
         } else {
             $data['msgType'] = 'warning';
             $data['msg'] = T_('Invalid information provided!');
         }
     } else {
         if (!$mail) {
             // mail delivery error
             $data['success'] = false;
             // notification
             $data['msgType'] = 'danger';
             $data['msg'] = T_('An error has occured while sending the email. Contact your system administrator.');
         } else {
             $data['success'] = true;
         }
     }
     // return all our data to an AJAX call
     return $data;
 }