/**
* @deprecated CB 1.2.2 (backwards compatibility: obsolete):
* use $user->verifyPassword() and $user->hashAndSaltPassword()
*
* Generate the hashed/salted/encoded password for the database
* and to check the password at login:
* if $row provided, it is checking the existing password (and update if needed)
* if not provided, it will generate a new hashed password
*
* @param  string              $passwd  cleartext
* @param  moscomprofilerUser  $row
* @return string|boolean      salted/hashed password if $row not provided, otherwise TRUE/FALSE on password check
*/
function cbHashPassword($passwd, $row = null)
{
    if ($row) {
        return $row->verifyPassword($passwd);
    } else {
        global $_CB_database;
        cbimport('cb.tables');
        $row = new moscomprofilerUser($_CB_database);
        return $row->hashAndSaltPassword($passwd);
    }
}
Exemplo n.º 2
0
	/**
	 * User login into CMS framework
	 *
	 * @param  string          $username    The username
	 * @param  string|boolean  $password    if boolean FALSE: login without password if possible
	 * @param  booleean        $rememberme  1 for "remember-me" cookie method
	 * @param  int             $userId      used for "remember-me" login function only
	 * @return boolean                      Login success
	 */
	function login( $username, $password, $rememberme = 0, $userId = null ) {
		header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"');              // needed for IE6 to accept this anti-spam cookie in higher security setting.

		if ( checkJversion() >= 1 ) {		// Joomla 1.5 RC and above:
			if ( $password !== false ) {
				$result				=	$this->_baseFramework->login( array( 'username' => $username, 'password' => $password ), array( 'remember' => $rememberme ) );
			} else {
				// login without password:
				jimport( 'joomla.user.authentication' );
				// load user plugins:
				JPluginHelper::importPlugin( 'user' );
				// get JAuthentication object:
				$authenticate		=&	JAuthentication::getInstance();
				$dispatcher			=&	JDispatcher::getInstance();
				$response			=	new JAuthenticationResponse();
				// prepare our SUCCESS login response including user data:
				global $_CB_database;
				$row				=	new moscomprofilerUser( $_CB_database );
				$row->loadByUsername( stripslashes( $username ) );
				$response->status	=	JAUTHENTICATE_STATUS_SUCCESS;
				$response->username	=	$username;
				$response->fullname	=	$row->name;
				// now we attempt user login and check results:
				if ( checkJversion() == 2 ) {
					$login			=	$dispatcher->trigger( 'onUserLogin', array( (array) $response, array( 'action' => 'core.login.site' ) ) );
				} else {
					$login			=	$dispatcher->trigger( 'onLoginUser', array( (array) $response, array() ) );
				}
				$result				=	! in_array( false, $login, true );
			}
			if ( $result ) {
				$user				=&	JFactory::getUser();
				$this->_myId		=	(int) $user->id;
				$this->_myUsername	=	$user->username;
				$this->_myUserType	=	$user->usertype;
				$this->_myCmsGid	=	$user->get('aid', 0);
				$lang				=&	JFactory::getLanguage();

				if ( checkJversion() == 2 ) {
					$this->_myLanguage	=	strtolower( preg_replace( '/^(\w+).*$/i', '\1', $lang->getName() ) );
				} else {
					$this->_myLanguage	=	$lang->getBackwardLang();
				}
			}
		} else {
			// Mambo 4.5.x and Joomla before 1.0.13+ (in fact RC3+) do need hashed password for login() method:
			if ( $password !== false ) {
				$hashedPwdLogin		=	( ( checkJversion() == 0 ) && ! function_exists( 'josHashPassword' ) );	// more reliable version-checking than the often hacked version.php file!
				if ( $hashedPwdLogin ) {				// Joomla 1.0.12 and below:
					$dummyRow		=	new moscomprofilerUser( $_CB_database );
					$this->_baseFramework->login( $username, $dummyRow->hashAndSaltPassword( $password ), $rememberme, $userId );
				} else {
					$this->_baseFramework->login( $username, $password, $rememberme, $userId );
				}

				// Joomla 1.0 redirects bluntly if login fails! so we need to check by ourselves below:
				$result				=	true;
			} else {
				// login without password:		//TBD MAMBO 4.6 support here !
				global $_CB_database, $mainframe, $_VERSION;

				$row				=	new moscomprofilerUser( $_CB_database );
				$row->loadByUsername( stripslashes( $username ) );

				// prepare login session with user data:
				$session			=&	$mainframe->_session;
				$session->guest		=	0;
				$session->username	=	$row->username;
				$session->userid	=	(int) $row->id;
				$session->usertype	=	$row->usertype;
				$session->gid		=	(int) $row->gid;

				// attempt to login user:
				if ( $session->update() ) {
					$result			=	true;
				}

				// check if site is demo or production:
				if ( $_VERSION->SITE ) {
					// site is production; remove duplicate sessions:
					$query			=	'DELETE FROM ' . $_CB_database->NameQuote( '#__session' )
									.	"\n WHERE " . $_CB_database->NameQuote( 'session_id' ) . ' != ' . $_CB_database->Quote( $session->session_id )
									.	"\n AND " . $_CB_database->NameQuote( 'username' ) . ' = ' . $_CB_database->Quote( $row->username )
									.	"\n AND " . $_CB_database->NameQuote( 'userid' ) . ' = ' . (int) $row->id
									.	"\n AND " . $_CB_database->NameQuote( 'gid' ) . ' = ' . (int) $row->gid
									.	"\n AND " . $_CB_database->NameQuote( 'guest' ) . ' = 0';
					$_CB_database->setQuery( $query );
					if ( ! $_CB_database->query() ) {
						trigger_error( 'loginUser 1 SQL error: ' . $_CB_database->stderr( true ), E_USER_WARNING );
					}
				}

				// get current datetime:
				$currentDate		=	date( 'Y-m-d H:i:s', $this->now() );

				// update user last login with current datetime:
				$query				=	'UPDATE ' . $_CB_database->NameQuote( '#__users' )
									.	"\n SET " . $_CB_database->NameQuote( 'lastvisitDate' ) . " = " . $_CB_database->Quote( $currentDate )
									.	"\n WHERE " . $_CB_database->NameQuote( 'id' ) . " = " . (int) $session->userid;
				$_CB_database->setQuery( $query );
				if ( ! $_CB_database->query() ) {
					trigger_error( 'loginUser 2 SQL error: ' . $_CB_database->stderr( true ), E_USER_WARNING );
				}

				// clean old cache:
				mosCache::cleanCache();
			}
			if ( checkJversion() == 0 ) {
				global $mainframe;
				$mymy				=	$mainframe->getUser();
				$this->_myId		=	(int) $mymy->id;
				$this->_myUsername	=	$mymy->username;
				$this->_myUserType	=	$mymy->usertype;
				$this->_myCmsGid	=	$mymy->gid;
				if ( ! $this->_myId ) {
					$result			=	false;
				}
			}
			//TBD MAMBO 4.6 support here !
		}
		return $result;
	}