/** * Installing new database. Use only when auto-creating new site */ public function recreateDefaults() { // Administrator group /** @var AdminUserGroup $group */ $group = AdminUserGroupRepository::findOneEntityById(1); // If no any Admin group - create new empty group if (!$group || !$group->getUndeletable() || !$group->getCanSetPermissions() || !$group->getFullAccess()) { if ($group) { $group->is_superadmin = true; $group->setField('undeletable', 1)->setField('can_set_permissions', 1)->setField('structure_permissions', 1)->setFullAccess(1)->save(); } else { // Delete all groups $group_collection = new AdminUserGroupRepository(); $group_collection->deleteObjectCollection(); // Drop auto-increment value $group_collection->alterTableResetAutoIncrement(); // Create new Group for Admins $group = new AdminUserGroup(); $group->is_superadmin = true; $group->loadDataFromArray(['undeletable' => 1, 'can_set_permissions' => 1, 'structure_permissions' => 1, 'full_access' => 1, 'title' => 'Developers']); $group->save(); // Create new Group for Managers $group = new AdminUserGroup(); $group->is_superadmin = true; $group->loadDataFromArray(['undeletable' => 0, 'can_set_permissions' => 1, 'structure_permissions' => 1, 'full_access' => 1, 'title' => 'Managers', 'default' => 1]); $group->save(); echo '<br>Default User Group is created.<br>'; } } unset($data); // Check we have any active Admin $users_collection = new AdminUserRepository(); $users_collection->setWhereActive(1); $have_any_user = $users_collection->hasAnyObjectInCollection(); // Check we have admin as first User $users_collection = new AdminUserRepository(); $users_collection->setWhereActive(1); $users_collection->setWhereId(1); $users_collection->setWhereGroupId(1); $users_collection->setWhereLogin('neTpyceB'); // Name of vendor repo owner $have_default_user = $users_collection->hasAnyObjectInCollection(); // Recreate default User if (!$have_any_user || !$have_default_user) { //Remove all Users $users_collection = new AdminUserRepository(); $users_collection->deleteObjectCollection(); // Reset auto-increment $users_collection->alterTableResetAutoIncrement(); // Create new default Developer $user = new AdminUser(); $user->loadDataFromArray(['group_id' => 1, 'login' => 'neTpyceB', 'password' => $this->generateHash(''), 'active' => 1]); $user->save(); // Create new default Manager $user = new AdminUser(); $user->loadDataFromArray(['group_id' => 2, 'login' => 'manager', 'password' => $this->generateHash(''), 'active' => 1]); $user->save(); echo '<br>Default User "manager" and empty password is created. <br> Please log in and change password. <br>'; } }
public function _login() { if (!$_POST || !isset($_POST['login'], $_POST['password']) || trim($_POST['login']) == '') { go('/'); } //Check ban and log-in attempts $attempts_repo = new AdminUsersAttemptsEntityRepository(); $attempts_repo->setWhereIp(IP_LONG); $attempts_obj = $attempts_repo->getFirstObjectFromCollection(); if ($attempts_obj) { $attempts = $attempts_obj->getAsArray(); // Got info, check times if ($attempts && $attempts['failed_attempts']) { if ($attempts['failed_attempts'] > self::MAX_FAILED_ATTEMPTS && $attempts['last_attempt_ts'] + self::MAX_BAN_TIME > NOW) { die('IP banned, wait till ' . date('H:i:s', $attempts['last_attempt_ts'] + self::MAX_BAN_TIME)); } elseif ($attempts['failed_attempts'] > self::FIRST_FAILED_ATTEMPTS && $attempts['last_attempt_ts'] + self::FIRST_BAN_TIME > NOW) { die('IP banned, wait till ' . date('H:i:s', $attempts['last_attempt_ts'] + self::FIRST_BAN_TIME)); } } } // Get user info $user_collection = new AdminUserRepository(); $user_collection->setWhereLogin($_POST['login']); $user_collection->setWhereActive(1); $user_collection->setWherePassword(Users::getInstance()->generateHash($_POST['password'])); /** @var AdminUser $user */ $user = $user_collection->getFirstObjectFromCollection(); if ($user) { // Removing user's bans $attempts_repo->deleteObjectCollection(); // Auth in $this->initLogInProcess($user); } else { // Check if no user exist in system Users::getInstance()->recreateDefaults(); // Log attempt if (!$attempts_obj || !$attempts_obj->getId()) { // Check exists already $attempts_obj = new AdminUsersAttemptsEntity(); $attempts_obj->setIp(IP_LONG); } $attempts_obj->setLastAttemptTs(NOW); $attempts_obj->setFailedAttempts($attempts_obj->getFailedAttempts() + 1); $attempts_obj->save(); go('/'); } }