예제 #1
0
 /**
  * Public function that creates a single instance
  */
 public static function getInstance()
 {
     if (!isset(self::$_instance)) {
         self::$_instance = new self();
     }
     return self::$_instance;
 }
예제 #2
0
파일: shop.php 프로젝트: tareqy/Caracal
 /**
  * Get existing or create a new user account.
  *
  * @return object
  */
 private function getUserAccount()
 {
     $result = null;
     $existing_user = isset($_POST['existing_user']) ? fix_id($_POST['existing_user']) : null;
     // set proper account data based on users choice
     if (!is_null($existing_user)) {
         switch ($existing_user) {
             case User::EXISTING:
                 $manager = ShopBuyersManager::getInstance();
                 $retry_manager = LoginRetryManager::getInstance();
                 $email = fix_chars($_REQUEST['sign_in_email']);
                 $password = hash_hmac('sha256', $_REQUEST['sign_in_password'], shop::BUYER_SECRET);
                 // get account from database
                 $account = $manager->getSingleItem($manager->getFieldNames(), array('email' => $email, 'password' => $password, 'guest' => 0));
                 // if account exists pass it as result
                 if (is_object($account)) {
                     $result = $account;
                 }
                 break;
             case User::CREATE:
                 $data = array('first_name' => fix_chars($_REQUEST['first_name']), 'last_name' => fix_chars($_REQUEST['last_name']), 'email' => fix_chars($_REQUEST['new_email']), 'uid' => isset($_REQUEST['uid']) ? fix_chars($_REQUEST['uid']) : '', 'validated' => 0, 'guest' => 0);
                 if ($_REQUEST['new_password'] == $_REQUEST['new_password_confirm'] || empty($_REQUEST['new_password'])) {
                     // password fields match, salt and hash password
                     $data['password'] = hash_hmac('sha256', $_REQUEST['new_password'], shop::BUYER_SECRET);
                     // create new account
                     $manager->insertData($account_information);
                     // get account object
                     $id = $manager->getInsertedID();
                     $result = $manager->getSingleItem($manager->getFieldNames(), array('id' => $id));
                 }
                 break;
             case User::GUEST:
                 // collect data
                 if (isset($_REQUEST['name'])) {
                     $name = explode(' ', fix_chars($_REQUEST['name']), 1);
                     $first_name = $name[0];
                     $last_name = $name[1];
                 } else {
                     $first_name = fix_chars($_REQUEST['first_name']);
                     $last_name = fix_chars($_REQUEST['last_name']);
                 }
                 $uid = isset($_REQUEST['uid']) ? fix_chars($_REQUEST['uid']) : null;
                 $email = isset($_REQUEST['email']) ? fix_chars($_REQUEST['email']) : null;
                 $conditions = array();
                 $data = array('first_name' => $first_name, 'last_name' => $last_name, 'password' => '', 'validated' => 0, 'guest' => 1);
                 // include uid if specified
                 if (!is_null($uid)) {
                     $conditions['uid'] = $uid;
                     $data['uid'] = $uid;
                 }
                 // include email if specified
                 if (!is_null($email)) {
                     $conditions['email'] = $email;
                     $data['email'] = $email;
                 }
                 // try finding existing account
                 if (count($conditions) > 0) {
                     $account = $manager->getSingleItem($manager->getFieldNames(), $conditions);
                     if (is_object($account)) {
                         $result = $account;
                     }
                 }
                 // create new account
                 if (is_null($result)) {
                     // create new account
                     $manager->insertData($account_information);
                     // get account object
                     $id = $manager->getInsertedID();
                     $result = $manager->getSingleItem($manager->getFieldNames(), array('id' => $id));
                 }
                 break;
         }
     }
     return $result;
 }
예제 #3
0
 /**
  * Perform AJAX login
  */
 private function json_Login()
 {
     $captcha_ok = false;
     $username = fix_chars($_REQUEST['username']);
     $password = fix_chars($_REQUEST['password']);
     $captcha = isset($_REQUEST['captcha']) ? fix_chars($_REQUEST['captcha']) : '';
     $lasting_session = isset($_REQUEST['lasting']) && ($_REQUEST['lasting'] == 'on' || $_REQUEST['lasting'] == '1') ? true : false;
     $result = array('logged_in' => false, 'show_captcha' => false, 'message' => '');
     $manager = UserManager::getInstance();
     $retry_manager = LoginRetryManager::getInstance();
     // prepare hashed password
     $test_user = $manager->getSingleItem(array('salt'), array('username' => $username));
     if (is_object($test_user) && !empty($test_user->salt)) {
         // hash password using stored salt
         $hashed_password = hash_hmac('sha256', $password, $test_user->salt);
     } else {
         // old salting method
         $hashed_password = hash_hmac('sha256', $password, UserManager::SALT);
     }
     // get user based with password
     $user = $manager->getSingleItem($manager->getFieldNames(), array('username' => $username, 'password' => array($password, $hashed_password)));
     $retry_count = $retry_manager->getRetryCount();
     // check captcha
     if ($retry_count > 3) {
         // on purpose we make a separate condition, if captcha
         // module is not loaded, block IP address for one day
         if (class_exists('captcha')) {
             $captcha_module = captcha::getInstance();
             $captcha_ok = $captcha_module->isCaptchaValid($captcha);
             $captcha_module->resetCaptcha();
         }
     } else {
         $captcha_ok = true;
     }
     // check user data
     if (is_object($user) && $captcha_ok && $user->verified) {
         // remove login retries
         $retry_manager->clearAddress();
         // change session type
         if ($lasting_session) {
             Session::change_type(Session::TYPE_EXTENDED);
         }
         // set session variables
         $_SESSION['uid'] = $user->id;
         $_SESSION['logged'] = true;
         $_SESSION['level'] = $user->level;
         $_SESSION['username'] = $user->username;
         $_SESSION['fullname'] = $user->fullname;
         $result['logged_in'] = true;
     } elseif (is_object($user) && $captcha_ok && !$user->verified) {
         // user is logged but account is not verified
         $result['message'] = $this->parent->getLanguageConstant('message_users_account_not_verified');
     } else {
         // user is not logged in properly, increase fail
         // counter and present login window with message
         $count = $retry_manager->increaseCount();
         $result['message'] = $this->parent->getLanguageConstant('message_login_error');
         $result['show_captcha'] = $count > 3;
     }
     print json_encode($result);
 }