/** * Check if the given password is the same as the one stored in this record. * See {@link Member->checkPassword()}. * * @param String $password Cleartext password * @return Boolean */ function checkPassword($password) { $spec = Security::encrypt_password( $password, $this->Salt, $this->PasswordEncryption ); $e = $spec['encryptor']; return $e->compare($this->Password, $spec['password']); }
/** * Event handler called before writing to the database. */ function onBeforeWrite() { if ($this->SetPassword) { $this->Password = $this->SetPassword; } // If a member with the same "unique identifier" already exists with a different ID, don't allow merging. // Note: This does not a full replacement for safeguards in the controller layer (e.g. in a registration form), // but rather a last line of defense against data inconsistencies. $identifierField = self::$unique_identifier_field; if ($this->{$identifierField}) { // Note: Same logic as Member_Validator class $idClause = $this->ID ? sprintf(" AND \"Member\".\"ID\" <> %d", (int) $this->ID) : ''; $existingRecord = DataObject::get_one('Member', sprintf("\"%s\" = '%s' %s", $identifierField, Convert::raw2sql($this->{$identifierField}), $idClause)); if ($existingRecord) { throw new ValidationException(new ValidationResult(false, sprintf(_t('Member.ValidationIdentifierFailed', 'Can\'t overwrite existing member #%d with identical identifier (%s = %s))', PR_MEDIUM, 'The values in brackets show a fieldname mapped to a value, usually denoting an existing email address'), $existingRecord->ID, $identifierField, $this->{$identifierField}))); } } // We don't send emails out on dev/tests sites to prevent accidentally spamming users. // However, if TestMailer is in use this isn't a risk. if ((Director::isLive() || Email::mailer() instanceof TestMailer) && $this->isChanged('Password') && $this->record['Password'] && Member::$notify_password_change) { $this->sendInfo('changePassword'); } // The test on $this->ID is used for when records are initially created. // Note that this only works with cleartext passwords, as we can't rehash // existing passwords. if (!$this->ID && $this->Password || $this->isChanged('Password')) { // Password was changed: encrypt the password according the settings $encryption_details = Security::encrypt_password($this->Password, $this->Salt, $this->PasswordEncryption, $this); // Overwrite the Password property with the hashed value $this->Password = $encryption_details['password']; $this->Salt = $encryption_details['salt']; $this->PasswordEncryption = $encryption_details['algorithm']; // If we haven't manually set a password expiry if (!$this->isChanged('PasswordExpiry')) { // then set it for us if (self::$password_expiry_days) { $this->PasswordExpiry = date('Y-m-d', time() + 86400 * self::$password_expiry_days); } else { $this->PasswordExpiry = null; } } } // save locale if (!$this->Locale) { $this->Locale = i18n::get_locale(); } parent::onBeforeWrite(); }
/** * Event handler called before writing to the database * * If an email's filled out look for a record with the same email and if * found update this record to merge with that member. */ function onBeforeWrite() { if ($this->SetPassword) { $this->Password = $this->SetPassword; } if ($this->Email) { if ($this->ID) { $idClause = "AND `Member`.ID <> {$this->ID}"; } else { $idClause = ""; } $existingRecord = DataObject::get_one("Member", "Email = '" . addslashes($this->Email) . "' {$idClause}"); // Debug::message("Found an existing member for email $this->Email"); if ($existingRecord) { $newID = $existingRecord->ID; if ($this->ID) { DB::query("UPDATE Group_Members SET MemberID = {$newID} WHERE MemberID = {$this->ID}"); } $this->ID = $newID; // Merge existing data into the local record foreach ($existingRecord->getAllFields() as $k => $v) { if (!isset($this->changed[$k]) || !$this->changed[$k]) { $this->record[$k] = $v; } } } } if (Director::isLive() && isset($this->changed['Password']) && $this->changed['Password'] && $this->record['Password'] && Member::$notify_password_change) { $this->sendInfo('changePassword'); } if (isset($this->changed['Password']) && $this->changed['Password']) { // Password was changed: encrypt the password according the settings $encryption_details = Security::encrypt_password($this->Password); $this->Password = $encryption_details['password']; $this->Salt = $encryption_details['salt']; $this->PasswordEncryption = $encryption_details['algorithm']; $this->changed['Salt'] = true; $this->changed['PasswordEncryption'] = true; } parent::onBeforeWrite(); }
/** * Event handler called before writing to the database. */ public function onBeforeWrite() { if ($this->SetPassword) { $this->Password = $this->SetPassword; } // If a member with the same "unique identifier" already exists with a different ID, don't allow merging. // Note: This does not a full replacement for safeguards in the controller layer (e.g. in a registration form), // but rather a last line of defense against data inconsistencies. $identifierField = Member::config()->unique_identifier_field; if ($this->{$identifierField}) { // Note: Same logic as Member_Validator class $filter = array("\"{$identifierField}\"" => $this->{$identifierField}); if ($this->ID) { $filter[] = array('"Member"."ID" <> ?' => $this->ID); } $existingRecord = DataObject::get_one('Member', $filter); if ($existingRecord) { throw new ValidationException(ValidationResult::create(false, _t('Member.ValidationIdentifierFailed', 'Can\'t overwrite existing member #{id} with identical identifier ({name} = {value}))', 'Values in brackets show "fieldname = value", usually denoting an existing email address', array('id' => $existingRecord->ID, 'name' => $identifierField, 'value' => $this->{$identifierField})))); } } // We don't send emails out on dev/tests sites to prevent accidentally spamming users. // However, if TestMailer is in use this isn't a risk. if ((Director::isLive() || Email::mailer() instanceof TestMailer) && $this->isChanged('Password') && $this->record['Password'] && $this->config()->notify_password_change) { $e = Member_ChangePasswordEmail::create(); $e->populateTemplate($this); $e->setTo($this->Email); $e->send(); } // The test on $this->ID is used for when records are initially created. // Note that this only works with cleartext passwords, as we can't rehash // existing passwords. if (!$this->ID && $this->Password || $this->isChanged('Password')) { // Password was changed: encrypt the password according the settings $encryption_details = Security::encrypt_password($this->Password, $this->Salt, $this->PasswordEncryption ? $this->PasswordEncryption : Security::config()->password_encryption_algorithm, $this); // Overwrite the Password property with the hashed value $this->Password = $encryption_details['password']; $this->Salt = $encryption_details['salt']; $this->PasswordEncryption = $encryption_details['algorithm']; // If we haven't manually set a password expiry if (!$this->isChanged('PasswordExpiry')) { // then set it for us if (self::config()->password_expiry_days) { $this->PasswordExpiry = date('Y-m-d', time() + 86400 * self::config()->password_expiry_days); } else { $this->PasswordExpiry = null; } } } // save locale if (!$this->Locale) { $this->Locale = i18n::get_locale(); } parent::onBeforeWrite(); }
public function setLosenord($losenord) { $this->losenord = Security::encrypt_password($this->getId(), $losenord); }
/** * Check if the given password is the same as the one stored in this record */ function checkPassword($password) { $encryption_details = Security::encrypt_password($password, $this->Salt, $this->PasswordEncryption); return $this->Password === $encryption_details['password']; }
/** * Försöker logga in med epost och lösenord. * Om det lyckas så sparas data om vem som är inloggad, och ett Medlems-objekt returneras * * @global $db * @param type $epost * @param type $losenord * @param type $cookie * @return boolean * @throws MedlemException */ public static function loggaIn($epost, $losenord, $cookie = false) { global $db; $epost = Security::secure_postdata($epost); $losenord = Security::secure_postdata($losenord); if ($epost == "" || $losenord == "") { return false; } $sql = "SELECT id\n\t\t\t\tFROM " . self::classToTable(get_class()) . " \n\t\t\t\tWHERE epost='{$epost}'"; $id = $db->value($sql); if ($id == "") { throw new MedlemException('E-postadressen kunde inte hittas', -13); } $medlem = Medlem::loadById($id); if ($medlem->epostBekraftad == 0) { throw new MedlemException('Kontot ej aktiverat', -15); } $losenordKrypterat = Security::encrypt_password($id, $losenord); if ($losenordKrypterat == $medlem->getLosenord()) { // Lyckad inloggning $sessionId = self::generateSessionId(); $medlem->setSenastInloggad(); $medlem->setSessionId($sessionId); $medlem->commit(); $_SESSION["mm_mid"] = $id; $_SESSION["mm_sid"] = $sessionId; if ($cookie) { setcookie("mm_mid", $id, time() + 60 * 60 * 24 * 30, "/"); setcookie("mm_sid", $sessionId, time() + 60 * 60 * 24 * 30, "/"); } //if foretags_id in db, try to log in as foretagsadmin $fId = $medlem->getFadmin(); if ($fId > 0) { $foretag = Foretag::loadById($fId); $foretag->doubleLogIn($fId); } // if levelId is set (ie, the member used to be a pro), it gets reset to zero, and an exception is thrown (which leads to to the user being redirected to the buy page) if ($medlem->getPaidUntil() < date("Y-m-d")) { // && $medlem->getLevelId() > 0) { //old stuff removed by krillo 2011-01-19, always lock them out $level = $medlem->getLevelId(); //$medlem->setLevelId(0); //$medlem->commit(); throw new MedlemException('Medlemskap har gått ut', -19, $level); } return true; } else { throw new MedlemException("Felaktigt lösenord", -5); } }
public function setLosenord($losenord) { if (!$this->id) { $this->commit(); } $this->losenord = Security::encrypt_password($this->id, $losenord); }
/** * Event handler called before writing to the database. */ function onBeforeWrite() { if($this->SetPassword) $this->Password = $this->SetPassword; $identifierField = self::$unique_identifier_field; if($this->$identifierField) { $idClause = ($this->ID) ? " AND `Member`.ID <> $this->ID" : ''; $SQL_identifierField = Convert::raw2sql($this->$identifierField); $existingRecord = DataObject::get_one('Member', "$identifierField = '{$SQL_identifierField}'{$idClause}"); if($existingRecord) { $newID = $existingRecord->ID; if($this->ID) { DB::query("UPDATE Group_Members SET MemberID = $newID WHERE MemberID = $this->ID"); } $this->ID = $newID; // Merge existing data into the local record foreach($existingRecord->getAllFields() as $k => $v) { if(!isset($this->changed[$k]) || !$this->changed[$k]) $this->record[$k] = $v; } } } // We don't send emails out on dev/tests sites to prevent accidentally spamming users. // However, if TestMailer is in use this isn't a risk. if( (Director::isLive() || Email::mailer() instanceof TestMailer) && isset($this->changed['Password']) && $this->changed['Password'] && $this->record['Password'] && Member::$notify_password_change ) { $this->sendInfo('changePassword'); } // The test on $this->ID is used for when records are initially created if(!$this->ID || (isset($this->changed['Password']) && $this->changed['Password'])) { // Password was changed: encrypt the password according the settings $encryption_details = Security::encrypt_password($this->Password); $this->Password = $encryption_details['password']; $this->Salt = $encryption_details['salt']; $this->PasswordEncryption = $encryption_details['algorithm']; $this->changed['Salt'] = true; $this->changed['PasswordEncryption'] = true; // If we haven't manually set a password expiry if(!isset($this->changed['PasswordExpiry']) || !$this->changed['PasswordExpiry']) { // then set it for us if(self::$password_expiry_days) { $this->PasswordExpiry = date('Y-m-d', time() + 86400 * self::$password_expiry_days); } else { $this->PasswordExpiry = null; } } } // save locale if(!$this->Locale) { $this->Locale = i18n::get_locale(); } parent::onBeforeWrite(); }