/**
* Login a user
* @return
* @param $username Object
* @param $password Object
*/
function login($username, $password)
{
$db =& $this->db;
Kit::ClassLoader('userdata');
// Get the SALT for this username
if (!($userInfo = $db->GetSingleRow(sprintf("SELECT UserID, UserName, UserPassword, UserTypeID, CSPRNG FROM `user` WHERE UserName = '******'", $db->escape_string($username))))) {
setMessage(__('Username or Password incorrect'));
return false;
}
// User Data Object to check the password
$userData = new Userdata($db);
// Is SALT empty
if ($userInfo['CSPRNG'] == 0) {
// Check the password using a MD5
if ($userInfo['UserPassword'] != md5($password)) {
setMessage(__('Username or Password incorrect'));
return false;
}
// Now that we are validated, generate a new SALT and set the users password.
$userData->ChangePassword(Kit::ValidateParam($userInfo['UserID'], _INT), null, $password, $password, true);
} else {
// Check the users password using the random SALTED password
if ($userData->validate_password($password, $userInfo['UserPassword']) === false) {
setMessage(__('Username or Password incorrect'));
return false;
}
}
// there is a result so we store the userID in the session variable
$_SESSION['userid'] = Kit::ValidateParam($userInfo['UserID'], _INT);
$_SESSION['username'] = Kit::ValidateParam($userInfo['UserName'], _USERNAME);
$_SESSION['usertype'] = Kit::ValidateParam($userInfo['UserTypeID'], _INT);
// Set the User Object
$this->usertypeid = $_SESSION['usertype'];
$this->userid = $_SESSION['userid'];
// update the db
// write out to the db that the logged in user has accessed the page
$SQL = sprintf("UPDATE user SET lastaccessed = '" . date("Y-m-d H:i:s") . "', loggedin = 1 WHERE userid = %d", $_SESSION['userid']);
$db->query($SQL) or trigger_error(__('Can not write last accessed info.'), E_USER_ERROR);
// Switch Session ID's
global $session;
$session->setIsExpired(0);
$session->RegenerateSessionID(session_id());
return true;
}
// Get the SALT for this username
if (!($userInfo = $db->GetSingleRow(sprintf("SELECT UserID, UserName, UserPassword, UserTypeID, CSPRNG FROM `user` WHERE UserName = '******'", $db->escape_string($username))))) {
$_SESSION['auth'] = false;
reportError("0", __("Password incorrect. Please try again."));
}
// User Data Object to check the password
$userData = new Userdata($db);
// Is SALT empty
if ($userInfo['CSPRNG'] == 0) {
// Check the password using a MD5
if ($userInfo['UserPassword'] != md5($password)) {
$_SESSION['auth'] = false;
reportError("0", __("Password incorrect. Please try again."));
}
// Now that we are validated, generate a new SALT and set the users password.
$userData->ChangePassword(Kit::ValidateParam($userInfo['UserID'], _INT), null, $password, $password, true);
} else {
// Check the users password using the random SALTED password
if ($userData->validate_password($password, $userInfo['UserPassword']) === false) {
$_SESSION['auth'] = false;
reportError("0", __("Password incorrect. Please try again."));
}
}
$_SESSION['auth'] = true;
$_SESSION['db'] = $db;
}
}
## Check server meets specs (as specs might have changed in this release)
?>
<p><?php
echo __("First we need to check if your server meets Xibo's requirements.");
/**
* Login a user
* @return
* @param $username Object
* @param $password Object
*/
function login($username, $password)
{
$db =& $this->db;
Kit::ClassLoader('userdata');
if (Config::Version('DBVersion') < 62) {
// We can't do CSPRNG because the field doesn't exist, so we need to do standard user login
// This can ONLY happen during an upgrade.
$dbh = PDOConnect::init();
$sth = $dbh->prepare('SELECT UserID, UserName, UserPassword, UserTypeID FROM `user` WHERE UserName = :userName');
$sth->execute(array('userName' => $username));
$rows = $sth->fetchAll();
if (count($rows) != 1) {
setMessage(__('Username or Password incorrect'));
return false;
}
$userInfo = $rows[0];
// Check the password using a MD5
if ($userInfo['UserPassword'] != md5($password)) {
setMessage(__('Username or Password incorrect'));
return false;
}
} else {
// Get the SALT for this username
if (!($userInfo = $db->GetSingleRow(sprintf("SELECT UserID, UserName, UserPassword, UserTypeID, CSPRNG FROM `user` WHERE UserName = '******'", $db->escape_string($username))))) {
setMessage(__('Username or Password incorrect'));
return false;
}
// User Data Object to check the password
$userData = new Userdata($db);
// Is SALT empty
if ($userInfo['CSPRNG'] == 0) {
// Check the password using a MD5
if ($userInfo['UserPassword'] != md5($password)) {
setMessage(__('Username or Password incorrect'));
return false;
}
// Now that we are validated, generate a new SALT and set the users password.
$userData->ChangePassword(Kit::ValidateParam($userInfo['UserID'], _INT), null, $password, $password, true);
} else {
// Check the users password using the random SALTED password
if ($userData->validate_password($password, $userInfo['UserPassword']) === false) {
setMessage(__('Username or Password incorrect'));
return false;
}
}
}
// there is a result so we store the userID in the session variable
$_SESSION['userid'] = Kit::ValidateParam($userInfo['UserID'], _INT);
$_SESSION['username'] = Kit::ValidateParam($userInfo['UserName'], _USERNAME);
$_SESSION['usertype'] = Kit::ValidateParam($userInfo['UserTypeID'], _INT);
// Set the User Object
$this->usertypeid = $_SESSION['usertype'];
$this->userid = $_SESSION['userid'];
// update the db
// write out to the db that the logged in user has accessed the page
$SQL = sprintf("UPDATE user SET lastaccessed = '" . date("Y-m-d H:i:s") . "', loggedin = 1 WHERE userid = %d", $_SESSION['userid']);
$db->query($SQL) or trigger_error(__('Can not write last accessed info.'), E_USER_ERROR);
// Switch Session ID's
global $session;
$session->setIsExpired(0);
$session->RegenerateSessionID(session_id());
return true;
}
/**
* Set a users password
*/
public function SetPassword()
{
// Check the token
if (!Kit::CheckToken()) {
trigger_error('Token does not match', E_USER_ERROR);
}
$db =& $this->db;
$response = new ResponseManager();
$newPassword = Kit::GetParam('newPassword', _POST, _STRING);
$retypeNewPassword = Kit::GetParam('retypeNewPassword', _POST, _STRING);
$userId = Kit::GetParam('UserId', _POST, _INT);
// Check we are an admin
if ($this->user->usertypeid != 1) {
trigger_error(__('Trying to change the password for another user denied'), E_USER_ERROR);
}
Kit::ClassLoader('userdata');
$userData = new Userdata($db);
if (!$userData->ChangePassword($userId, null, $newPassword, $retypeNewPassword, true)) {
trigger_error($userData->GetErrorMessage(), E_USER_ERROR);
}
$response->SetFormSubmitResponse(__('Password Changed'));
$response->Respond();
}
