예제 #1
0
 /**
  * Login a user
  * @return 
  * @param $username Object
  * @param $password Object
  */
 function login($username, $password)
 {
     $db =& $this->db;
     Kit::ClassLoader('userdata');
     // Get the SALT for this username
     if (!($userInfo = $db->GetSingleRow(sprintf("SELECT UserID, UserName, UserPassword, UserTypeID, CSPRNG FROM `user` WHERE UserName = '******'", $db->escape_string($username))))) {
         setMessage(__('Username or Password incorrect'));
         return false;
     }
     // User Data Object to check the password
     $userData = new Userdata($db);
     // Is SALT empty
     if ($userInfo['CSPRNG'] == 0) {
         // Check the password using a MD5
         if ($userInfo['UserPassword'] != md5($password)) {
             setMessage(__('Username or Password incorrect'));
             return false;
         }
         // Now that we are validated, generate a new SALT and set the users password.
         $userData->ChangePassword(Kit::ValidateParam($userInfo['UserID'], _INT), null, $password, $password, true);
     } else {
         // Check the users password using the random SALTED password
         if ($userData->validate_password($password, $userInfo['UserPassword']) === false) {
             setMessage(__('Username or Password incorrect'));
             return false;
         }
     }
     // there is a result so we store the userID in the session variable
     $_SESSION['userid'] = Kit::ValidateParam($userInfo['UserID'], _INT);
     $_SESSION['username'] = Kit::ValidateParam($userInfo['UserName'], _USERNAME);
     $_SESSION['usertype'] = Kit::ValidateParam($userInfo['UserTypeID'], _INT);
     // Set the User Object
     $this->usertypeid = $_SESSION['usertype'];
     $this->userid = $_SESSION['userid'];
     // update the db
     // write out to the db that the logged in user has accessed the page
     $SQL = sprintf("UPDATE user SET lastaccessed = '" . date("Y-m-d H:i:s") . "', loggedin = 1 WHERE userid = %d", $_SESSION['userid']);
     $db->query($SQL) or trigger_error(__('Can not write last accessed info.'), E_USER_ERROR);
     // Switch Session ID's
     global $session;
     $session->setIsExpired(0);
     $session->RegenerateSessionID(session_id());
     return true;
 }
예제 #2
0
파일: upgrade.php 프로젝트: abbeet/server39
           // Get the SALT for this username
           if (!($userInfo = $db->GetSingleRow(sprintf("SELECT UserID, UserName, UserPassword, UserTypeID, CSPRNG FROM `user` WHERE UserName = '******'", $db->escape_string($username))))) {
               $_SESSION['auth'] = false;
               reportError("0", __("Password incorrect. Please try again."));
           }
           // User Data Object to check the password
           $userData = new Userdata($db);
           // Is SALT empty
           if ($userInfo['CSPRNG'] == 0) {
               // Check the password using a MD5
               if ($userInfo['UserPassword'] != md5($password)) {
                   $_SESSION['auth'] = false;
                   reportError("0", __("Password incorrect. Please try again."));
               }
               // Now that we are validated, generate a new SALT and set the users password.
               $userData->ChangePassword(Kit::ValidateParam($userInfo['UserID'], _INT), null, $password, $password, true);
           } else {
               // Check the users password using the random SALTED password
               if ($userData->validate_password($password, $userInfo['UserPassword']) === false) {
                   $_SESSION['auth'] = false;
                   reportError("0", __("Password incorrect. Please try again."));
               }
           }
           $_SESSION['auth'] = true;
           $_SESSION['db'] = $db;
       }
   }
   ## Check server meets specs (as specs might have changed in this release)
   ?>
 <p><?php 
   echo __("First we need to check if your server meets Xibo's requirements.");
예제 #3
0
 /**
  * Login a user
  * @return 
  * @param $username Object
  * @param $password Object
  */
 function login($username, $password)
 {
     $db =& $this->db;
     Kit::ClassLoader('userdata');
     if (Config::Version('DBVersion') < 62) {
         // We can't do CSPRNG because the field doesn't exist, so we need to do standard user login
         // This can ONLY happen during an upgrade.
         $dbh = PDOConnect::init();
         $sth = $dbh->prepare('SELECT UserID, UserName, UserPassword, UserTypeID FROM `user` WHERE UserName = :userName');
         $sth->execute(array('userName' => $username));
         $rows = $sth->fetchAll();
         if (count($rows) != 1) {
             setMessage(__('Username or Password incorrect'));
             return false;
         }
         $userInfo = $rows[0];
         // Check the password using a MD5
         if ($userInfo['UserPassword'] != md5($password)) {
             setMessage(__('Username or Password incorrect'));
             return false;
         }
     } else {
         // Get the SALT for this username
         if (!($userInfo = $db->GetSingleRow(sprintf("SELECT UserID, UserName, UserPassword, UserTypeID, CSPRNG FROM `user` WHERE UserName = '******'", $db->escape_string($username))))) {
             setMessage(__('Username or Password incorrect'));
             return false;
         }
         // User Data Object to check the password
         $userData = new Userdata($db);
         // Is SALT empty
         if ($userInfo['CSPRNG'] == 0) {
             // Check the password using a MD5
             if ($userInfo['UserPassword'] != md5($password)) {
                 setMessage(__('Username or Password incorrect'));
                 return false;
             }
             // Now that we are validated, generate a new SALT and set the users password.
             $userData->ChangePassword(Kit::ValidateParam($userInfo['UserID'], _INT), null, $password, $password, true);
         } else {
             // Check the users password using the random SALTED password
             if ($userData->validate_password($password, $userInfo['UserPassword']) === false) {
                 setMessage(__('Username or Password incorrect'));
                 return false;
             }
         }
     }
     // there is a result so we store the userID in the session variable
     $_SESSION['userid'] = Kit::ValidateParam($userInfo['UserID'], _INT);
     $_SESSION['username'] = Kit::ValidateParam($userInfo['UserName'], _USERNAME);
     $_SESSION['usertype'] = Kit::ValidateParam($userInfo['UserTypeID'], _INT);
     // Set the User Object
     $this->usertypeid = $_SESSION['usertype'];
     $this->userid = $_SESSION['userid'];
     // update the db
     // write out to the db that the logged in user has accessed the page
     $SQL = sprintf("UPDATE user SET lastaccessed = '" . date("Y-m-d H:i:s") . "', loggedin = 1 WHERE userid = %d", $_SESSION['userid']);
     $db->query($SQL) or trigger_error(__('Can not write last accessed info.'), E_USER_ERROR);
     // Switch Session ID's
     global $session;
     $session->setIsExpired(0);
     $session->RegenerateSessionID(session_id());
     return true;
 }
예제 #4
0
 /**
  * Set a users password
  */
 public function SetPassword()
 {
     // Check the token
     if (!Kit::CheckToken()) {
         trigger_error('Token does not match', E_USER_ERROR);
     }
     $db =& $this->db;
     $response = new ResponseManager();
     $newPassword = Kit::GetParam('newPassword', _POST, _STRING);
     $retypeNewPassword = Kit::GetParam('retypeNewPassword', _POST, _STRING);
     $userId = Kit::GetParam('UserId', _POST, _INT);
     // Check we are an admin
     if ($this->user->usertypeid != 1) {
         trigger_error(__('Trying to change the password for another user denied'), E_USER_ERROR);
     }
     Kit::ClassLoader('userdata');
     $userData = new Userdata($db);
     if (!$userData->ChangePassword($userId, null, $newPassword, $retypeNewPassword, true)) {
         trigger_error($userData->GetErrorMessage(), E_USER_ERROR);
     }
     $response->SetFormSubmitResponse(__('Password Changed'));
     $response->Respond();
 }