/** * Prüft ob Kombination Benutzer und Passwort existiert * @param string $username * @param string $password * @return bool Ja, wenn Benutzer + Passwort vorhanden ist */ public function checkUser($username, $password) { $userList = new \fpcm\model\users\userList(); $userid = $userList->getUserIdByUsername($username); if (!$userid) { trigger_error('Login failed for username ' . $username . '! User not found. Request was made by ' . \fpcm\classes\http::getIp()); return false; } $user = new \fpcm\model\users\author($userid); if ($user->getDisabled()) { trigger_error('Login failed for username ' . $username . '! User is disabled. Request was made by ' . \fpcm\classes\http::getIp()); return \fpcm\model\users\author::AUTHOR_ERROR_DISABLED; } if (\fpcm\classes\security::createPasswordHash($password, $user->getPasswd()) == $user->getPasswd()) { $timer = time(); $this->login = $timer; $this->lastaction = $timer; $this->logout = 0; $this->userid = $userid; $this->sessionid = \fpcm\classes\security::createSessionId(); $this->ip = \fpcm\classes\http::getIp(); $this->sessionExists = true; return true; } trigger_error('Login failed for username ' . $username . '! Wrong username or password. Request was made by ' . \fpcm\classes\http::getIp()); return false; }
/** * Passwort für Benutzer zurücksetzten * @param bool $resetOnly (@since FPCM3.4) * @return boolean */ public function resetPassword($resetOnly = false) { $this->disablePasswordSecCheck(); $password = substr(str_shuffle(ucfirst(sha1($this->username) . uniqid())), 0, rand(10, 16)); $this->salt = \fpcm\classes\security::createSalt($this->displayname . '-' . $this->username . '-' . $this->id); $this->passwd = \fpcm\classes\security::createPasswordHash($password, $this->salt); if ($resetOnly) { return array('updateOk' => $this->update(), 'password' => $password); } $text = $this->language->translate('PASSWORD_RESET_TEXT', array('{{newpass}}' => $password)); $email = new \fpcm\classes\email($this->email, $this->language->translate('PASSWORD_RESET_SUBJECT'), $text); $email->setHtml(true); if ($email->submit()) { return $this->update(); } return false; }