/**
* Prüft ob Kombination Benutzer und Passwort existiert
* @param string $username
* @param string $password
* @return bool Ja, wenn Benutzer + Passwort vorhanden ist
*/
public function checkUser($username, $password)
{
$userList = new \fpcm\model\users\userList();
$userid = $userList->getUserIdByUsername($username);
if (!$userid) {
trigger_error('Login failed for username ' . $username . '! User not found. Request was made by ' . \fpcm\classes\http::getIp());
return false;
}
$user = new \fpcm\model\users\author($userid);
if ($user->getDisabled()) {
trigger_error('Login failed for username ' . $username . '! User is disabled. Request was made by ' . \fpcm\classes\http::getIp());
return \fpcm\model\users\author::AUTHOR_ERROR_DISABLED;
}
if (\fpcm\classes\security::createPasswordHash($password, $user->getPasswd()) == $user->getPasswd()) {
$timer = time();
$this->login = $timer;
$this->lastaction = $timer;
$this->logout = 0;
$this->userid = $userid;
$this->sessionid = \fpcm\classes\security::createSessionId();
$this->ip = \fpcm\classes\http::getIp();
$this->sessionExists = true;
return true;
}
trigger_error('Login failed for username ' . $username . '! Wrong username or password. Request was made by ' . \fpcm\classes\http::getIp());
return false;
}
public function request()
{
if (is_null($this->getRequestVar('userid'))) {
$this->redirect('users/list');
}
$this->userId = $this->getRequestVar('userid', array(9));
$author = new \fpcm\model\users\author($this->userId);
if (!$author->exists()) {
$this->view->setNotFound('LOAD_FAILED_USER', 'users/list');
return true;
}
$checkPageToken = $this->checkPageToken();
if (($this->buttonClicked('userSave') || $this->buttonClicked('resetProfileSettings')) && !$checkPageToken) {
$this->view->addErrorMessage('CSRF_INVALID');
}
if ($this->buttonClicked('resetProfileSettings') && $checkPageToken) {
$author->setUserMeta(array());
$author->disablePasswordSecCheck();
if ($author->update() === false) {
$this->view->addErrorMessage('SAVE_FAILED_USER_PROFILE');
} else {
$this->view->addNoticeMessage('SAVE_SUCCESS_RESETPROFILE');
$this->view->assign('reloadSite', true);
}
}
if ($this->buttonClicked('userSave') && $checkPageToken) {
$author->setUserName($this->getRequestVar('username'));
$author->setEmail($this->getRequestVar('email'));
$author->setDisplayName($this->getRequestVar('displayname'));
$author->setRoll($this->getRequestVar('roll', array(9)));
$author->setUserMeta($this->getRequestVar('usermeta'));
if ($this->getRequestVar('disabled') !== null) {
$author->setDisabled($this->getRequestVar('disabled', array(9)));
}
$newpass = $this->getRequestVar('password');
$newpass_confirm = $this->getRequestVar('password_confirm');
$save = true;
if ($newpass && $newpass_confirm) {
if (md5($newpass) == md5($newpass_confirm)) {
$author->setPassword($newpass);
} else {
$save = false;
$this->view->addErrorMessage('SAVE_FAILED_PASSWORD_MATCH');
}
} else {
$author->disablePasswordSecCheck();
}
if ($save) {
$res = $author->update();
if ($res === false) {
$this->view->addErrorMessage('SAVE_FAILED_USER');
} elseif ($res === true) {
$this->redirect('users/list', array('edited' => 1));
} elseif ($res === \fpcm\model\users\author::AUTHOR_ERROR_PASSWORDINSECURE) {
$this->view->addErrorMessage('SAVE_FAILED_PASSWORD_SECURITY');
} elseif ($res === \fpcm\model\users\author::AUTHOR_ERROR_EXISTS) {
$this->view->addErrorMessage('SAVE_FAILED_USER_EXISTS');
} elseif ($res === \fpcm\model\users\author::AUTHOR_ERROR_NOEMAIL) {
$this->view->addErrorMessage('SAVE_FAILED_USER_EMAIL');
}
}
}
$this->userEnabled = $author->getDisabled();
$this->view->assign('author', $author);
return true;
}
