/** * Authenticates the password. * This is the 'authenticate' validator as declared in rules(). */ public function reset() { $external = true; $user = ExternalUser::model()->findByAttributes(array('name_usr' => $this->username)); if ($user === NULL) { // check internal $user = InternalUser::model()->findByAttributes(array('email_uin' => $this->username)); if ($user === NULL) { // no user found } $external = false; } if ($external) { $user->email_code_usr = md5(date('Y-m-d H:i:s') . self::SALT); $user->save(); ExternalUserHistory::addLog('Requested password reset!', $user->id_usr); $md5 = $user->id_usr . 'e;' . $user->email_code_usr; $name = $user->name_usr; $email = $user->email_usr; } else { $md5 = $user->id_uin . 'i;' . md5($user->fname_uin . $user->password_uin); $name = $user->fname_uin; $email = $user->email_uin; } ResetpasswordForm::send_first_email($md5, $name, $email, $external); }
private function handleLogin() { global $gLogger; $gLogger->log("Handling login"); // variable to set the status of the login // defaults to false. $success = false; $error = ""; $username = WebRequest::post("lgUsername"); $password = WebRequest::post("lgPassword"); $userAccount = InternalUser::getByName($username); if ($userAccount) { if ($userAccount->authenticate($password)) { // log in $gLogger->log("Login: OK"); $success = true; Session::setLoggedInUser($userAccount->getId()); } else { $error = "bad-password"; $gLogger->log("Login:Bad password"); } } else { $error = "bad-username"; $gLogger->log("Login:Bad username"); } if ($success) { global $cWebPath; $this->mHeaders[] = "HTTP/1.1 303 See Other"; $this->mHeaders[] = "Location: " . $cWebPath . "/management.php"; } else { $this->error($error); $this->showLoginForm(); } }
/** * Returns the data model based on the primary key given in the GET variable. * If the data model is not found, an HTTP exception will be raised. * @param integer the ID of the model to be loaded */ public function loadModel($id) { $model = InternalUser::model()->findByPk((int) $id)->with(array('admin')); if ($model === null) { throw new CHttpException(404, 'The requested page does not exist.'); } return $model; }
private function doDeleteUserAction() { $userid = WebRequest::getInt("id"); if ($userid < 1) { throw new Exception("UserID too small"); } if (InternalUser::getById($userid) == null) { throw new Exception("User does not exist"); } InternalUser::getById($userid)->delete(); global $cScriptPath; $this->mHeaders[] = "Location: {$cScriptPath}/SystemUsers"; }
public function actionResetpassword($code = false) { if (!Yii::app()->user->isGuest) { if (Yii::app()->user->type == 'Internal') { $this->redirect(array('manage/index')); } else { $this->redirect(array('site/search_file')); } } $success = false; $step = 0; // ask for email if ($code) { $step = 1; } // send the new password $model = false; if ($step == 0) { $model = new ResetpasswordForm(); // if it is ajax validation request if (isset($_POST['ajax']) && $_POST['ajax'] === 'login-form') { echo CActiveForm::validate($model); Yii::app()->end(); } // collect user input data if (isset($_POST['ResetpasswordForm'])) { $model->attributes = $_POST['ResetpasswordForm']; // validate user input and redirect to the previous page if valid if ($model->validate()) { $success = true; $model->reset(); } } // display the login form } else { $c = explode(';', $code); $id = substr($c[0], 0, strlen($c[0]) - 1); $type = substr($c[0], -1); $code = $c[1]; unset($c); $success = false; if ($type == 'e') { $external = true; $user = ExternalUser::model()->findByPk($id); if ($user) { if ($code == $user->email_code_usr) { $success = true; $name = $user->name_usr; $password = substr(md5(date('Y-m-d H:i:s')), 0, 8); $user->password_usr = $user->passwordHash($password); ExternalUserHistory::addLog('Password reseted!', $user->id_usr); $user->save(); $email = $user->email_usr; } } } elseif ($type == 'i') { $external = false; $user = InternalUser::model()->findByPk($id); if ($user) { if ($code == md5($user->fname_uin . $user->password_uin)) { $success = true; $name = $user->fname_uin; $password = substr(md5(date('Y-m-d H:i:s')), 0, 8); $user->password_uin = $user->passwordHash($password); $user->save(); $email = $user->email_uin; } } } if ($success) { ResetpasswordForm::send_second_email($name, $password, $email, $external); } } $this->render('resetpassword', array('step' => $step, 'model' => $model, 'success' => $success)); }
public function authenticate() { // check external $external = true; $user = ExternalUser::model()->findByAttributes(array('name_usr' => $this->username)); if ($user === NULL) { // check internal $user = InternalUser::model()->findByAttributes(array('email_uin' => $this->username)); if ($user === NULL) { // no user found $this->errorCode = self::ERROR_USERNAME_INVALID; } $external = false; } if ($user) { if ($external) { if ($user->password_usr == ExternalUser::passwordHash($this->password)) { // password ok if ($user->status_usr == ExternalUser::ENABLED_ENABLED) { // account enabled $this->errorCode = self::ERROR_NONE; $this->setState('type', 'External'); $this->setState('userId', $user->id_usr); $this->setState('name', $user->name_usr); $this->setState('email', $user->email_usr); $this->setState('limitation_date', $user->limitation_date_usr); $this->setState('rights_daily', $user->rights_daily_usr); $this->setState('rights_monthly', $user->rights_monthly_usr); $this->setState('rights_clean', $user->rights_clean_usr); $user->last_login_date_usr = date('Y-m-d H:i:s'); $user->ip_usr = $_SERVER['REMOTE_ADDR']; $user->save(false); } else { $this->errorCode = 114 + $user->status_usr; if ($user->status_usr == 0) { $_POST['show_resend_activation'] = true; } } } else { $this->errorCode = self::ERROR_PASSWORD_INVALID; } } else { if ($user->password_uin == InternalUser::passwordHash($this->password)) { // password ok if ($user->enabled_uin == InternalUser::ENABLED_ENABLED) { // account enabled $this->errorCode = self::ERROR_NONE; $this->setState('type', 'Internal'); $this->setState('userId', $user->id_uin); $this->setState('name', $user->fname_uin . ' ' . $user->lname_uin); $this->setState('email', $user->email_uin); $user->last_login_date_uin = date('Y-m-d H:i:s'); $user->save(false); } else { $this->errorCode = self::ERROR_ENABLED_DISABLED; } } else { $this->errorCode = self::ERROR_PASSWORD_INVALID; } } } return !$this->errorCode; }