public function logout()
{
// Set cookie expiry time to the past, thus removing them
Flyspray::setcookie('flyspray_userid', '', time() - 60);
Flyspray::setcookie('flyspray_passhash', '', time() - 60);
Flyspray::setcookie('flyspray_project', '', time() - 60);
if (Cookie::has(session_name())) {
Flyspray::setcookie(session_name(), '', time() - 60);
}
// Unset all of the session variables.
$_SESSION = array();
session_destroy();
return !$this->isAnon();
}
$cryptPass = md5(Post::val('oldpass'));
break;
default:
$cryptPass = crypt(Post::val('oldpass'), $oldpass['user_pass']);
break;
}
if ($cryptPass != $oldpass['user_pass']) {
Flyspray::show_error(L('oldpasswrong'));
break;
}
}
$new_hash = Flyspray::cryptPassword(Post::val('changepass'));
$db->Query('UPDATE {users} SET user_pass = ? WHERE user_id = ?', array($new_hash, Post::val('user_id')));
// If the user is changing their password, better update their cookie hash
if ($user->id == Post::val('user_id')) {
Flyspray::setcookie('flyspray_passhash', crypt($new_hash, $conf['general']['cookiesalt']), time() + 3600 * 24 * 30);
}
}
if (Post::val('old_jabber_id') != Post::val('jabber_id')) {
Notifications::JabberRequestAuth(Post::val('jabber_id'));
}
$db->Query('UPDATE {users}
SET real_name = ?, email_address = ?, notify_own = ?,
jabber_id = ?, notify_type = ?,
dateformat = ?, dateformat_extended = ?,
tasks_perpage = ?, time_zone = ?
WHERE user_id = ?', array(Post::val('real_name'), Post::val('email_address'), Post::num('notify_own', 0), Post::val('jabber_id', 0), Post::num('notify_type'), Post::val('dateformat', 0), Post::val('dateformat_extended', 0), Post::num('tasks_perpage'), Post::num('time_zone'), Post::num('user_id')));
}
// end only admin or user himself can change
if ($user->perms('is_admin')) {
$db->Query('UPDATE {users} SET account_enabled = ? WHERE user_id = ?', array(Post::val('account_enabled', 0), Post::val('user_id')));
function action_edituser()
{
global $fs, $db, $proj, $user, $do, $conf;
if (Post::val('delete_user')) {
// check that he is not the last user
if ($db->x->GetOne('SELECT count(*) FROM {users}') > 1) {
Backend::delete_user(Post::val('user_id'));
return array(SUBMIT_OK, L('userdeleted'), CreateURL(array('admin', 'groups')));
} else {
return array(ERROR_RECOVER, L('lastuser'));
}
}
if (!Post::val('real_name') || !Post::val('email_address')) {
return array(ERROR_RECOVER, L('realandnotify'));
}
if ((!$user->perms('is_admin') || $user->id == Post::val('user_id')) && !Post::val('oldpass') && (Post::val('changepass') || Post::val('confirmpass'))) {
return array(ERROR_RECOVER, L('nooldpass'));
}
if (Post::val('changepass') || Post::val('confirmpass')) {
if (Post::val('changepass') != Post::val('confirmpass')) {
return array(ERROR_RECOVER, L('passnomatch'));
}
if (Post::val('oldpass')) {
$oldpass = $db->x->getRow('SELECT user_pass, password_salt FROM {users} WHERE user_id = ?', null, Post::val('user_id'));
$oldsalt = $oldpass['password_salt'] ? $oldpass['password_salt'] : null;
if (Flyspray::cryptPassword(Post::val('oldpass'), $oldsalt) !== $oldpass['user_pass']) {
return array(ERROR_RECOVER, L('oldpasswrong'));
}
}
$new_salt = md5(uniqid(mt_rand(), true));
$new_hash = Flyspray::cryptPassword(Post::val('changepass'), $new_salt);
$db->x->execParam('UPDATE {users} SET user_pass = ?, password_salt = ? WHERE user_id = ?', array($new_hash, $new_salt, Post::val('user_id')));
// If the user is changing their password, better update their cookie hash
if ($user->id == Post::val('user_id')) {
Flyspray::setcookie('flyspray_passhash', hash_hmac('md5', $new_hash, $conf['general']['cookiesalt']), time() + 3600 * 24 * 30);
}
}
// Check for existing email / jabber ID
$taken = $db->x->GetOne("SELECT COUNT(*)\n FROM {users}\n WHERE (jabber_id = ? AND ? != NULL\n OR email_address = ? AND ? != NULL)\n AND user_id != ?", null, array(Post::val('jabber_id'), Post::val('jabber_id'), Post::val('email_address'), Post::val('email_address'), Post::val('user_id')));
if ($taken) {
return array(ERROR_RECOVER, L('emailtaken'));
}
if (Post::val('old_jabber_id') != Post::val('jabber_id')) {
Notifications::JabberRequestAuth(Post::val('jabber_id'));
}
$previous = $db->x->GetRow('SELECT real_name, user_name FROM {users} WHERE user_id = ?', null, Post::val('user_id'));
$db->x->execParam('UPDATE {users}
SET real_name = ?, email_address = ?, notify_own = ?,
jabber_id = ?, notify_type = ?, show_contact = ?,
dateformat = ?, dateformat_extended = ?, defaultorder = ?,
tasks_perpage = ?, time_zone = ?, defaultsortcolumn = ?,
notify_blacklist = ?, lang_code = ?, syntax_plugins = ?
WHERE user_id = ?', array(Post::val('real_name'), Post::val('email_address'), Post::num('notify_own', 0), Post::val('jabber_id', 0), Post::num('notify_type'), Post::num('show_contact'), Post::val('dateformat', 0), Post::val('dateformat_extended', 0), Post::val('defaultorder', 'asc'), Post::num('tasks_perpage'), Post::num('time_zone'), implode(' ', Post::val('defaultsortcolumn')), implode(' ', Post::val('notify_blacklist', array())), Post::val('lang_code', ''), implode(' ', (array) Post::val('syntax_plugins')), Post::num('user_id')));
if ($previous['real_name'] != Post::val('real_name')) {
Backend::UpdateRedudantUserData($previous['user_name']);
}
if ($do == 'myprofile') {
$user = new User($user->id);
}
if ($user->perms('is_admin')) {
$db->x->execParam('UPDATE {users} SET account_enabled = ? WHERE user_id = ?', array(Post::val('account_enabled', 0), Post::val('user_id')));
$db->x->execParam('UPDATE {users_in_groups} SET group_id = ?
WHERE group_id = ? AND user_id = ?', array(Post::val('group_in'), Post::val('old_global_id'), Post::val('user_id')));
}
return array(SUBMIT_OK, L('userupdated'));
}
Flyspray::show_error(7);
}
}
} else {
// Determine if the user should be remembered on this machine
if (Req::has('remember_login')) {
$cookie_time = time() + 60 * 60 * 24 * 30;
// Set cookies for 30 days
} else {
$cookie_time = 0;
// Set cookies to expire when session ends (browser closes)
}
$user = new User($user_id);
// Set a couple of cookies
$passweirded = md5($user->infos['user_pass'] . $conf['general']['cookiesalt']);
Flyspray::setcookie('flyspray_userid', $user->id, $cookie_time);
Flyspray::setcookie('flyspray_passhash', $passweirded, $cookie_time);
// If the user had previously requested a password change, remove the magic url
$remove_magic = $db->Query("UPDATE {users} SET magic_url = '' WHERE user_id = ?", array($user->id));
// Save for displaying
if ($user->infos['login_attempts'] > 0) {
$_SESSION['login_attempts'] = $user->infos['login_attempts'];
}
$db->Query('UPDATE {users} SET login_attempts = 0 WHERE user_id = ?', array($user->id));
$_SESSION['SUCCESS'] = L('loginsuccessful');
}
} else {
// If the user didn't provide both a username and a password, show this error:
Flyspray::show_error(8);
}
Flyspray::Redirect(Req::val('return_to'));
function checkCookie($userid, $passhash)
{
global $conf, $db;
$user = $db->x->getRow('SELECT u.*, g.group_open, g.is_admin
FROM {users} u
LEFT JOIN {users_in_groups} uig ON u.user_id = uig.user_id
LEFT JOIN {groups} g ON uig.group_id = g.group_id
WHERE u.user_id = ? AND g.project_id = 0', null, $userid);
// sort out most bad cases
if (!$user || !$user['is_admin'] && (!$user['account_enabled'] || !$user['group_open'])) {
return false;
}
if ($passhash !== hash_hmac('md5', $user['user_pass'], $conf['general']['cookiesalt'])) {
// try other authenticators, maybe use cookies from other software
foreach ($this->authenticators as $auth) {
if ($auth->checkCookie($userid, $passhash)) {
return true;
}
}
// delete this rubbish
Flyspray::setcookie('flyspray_userid', '', time() - 60);
Flyspray::setcookie('flyspray_passhash', '', time() - 60);
return false;
}
return true;
}
