Exemplo n.º 1
 public function setUp()
     $adduser = rex_sql::factory();
     $adduser->setTable(rex::getTablePrefix() . 'user');
     $adduser->setValue('name', 'test user');
     $adduser->setValue('login', $this->login);
     $adduser->setValue('password', rex_login::passwordHash($this->password));
     $adduser->setValue('status', '1');
     $adduser->setValue('login_tries', '0');
     $adduser->setValue('cookiekey', $this->cookiekey);
Exemplo n.º 2
 public function setUp()
     if (rex::getUser()) {
         $this->skipped = true;
         $this->markTestSkipped('The rex_backend_login class can not be tested when test suite is running in redaxo backend.');
     $adduser = rex_sql::factory();
     $adduser->setTable(rex::getTablePrefix() . 'user');
     $adduser->setValue('name', 'test user');
     $adduser->setValue('login', $this->login);
     $adduser->setValue('password', rex_login::passwordHash($this->password));
     $adduser->setValue('status', '1');
     $adduser->setValue('login_tries', '0');
     $adduser->setValue('cookiekey', $this->cookiekey);
Exemplo n.º 3
function rex_version_initArticle($params)
    global $REX;
    $version = rex_request('rex_version', 'int');
    if ($version == '') {
    $REX['LOGIN'] = new rex_backend_login($REX['TABLE_PREFIX'] . 'user');
    if ($REX['PSWFUNC'] != '') {
    if ($REX['LOGIN']->checkLogin() !== true) {
    $REX['USER'] =& $REX['LOGIN']->USER;
    if (is_a($params['article'], 'rex_article')) {
Exemplo n.º 4
 if ($noadmin != 1) {
     if ($redaxo_user_login == '') {
         $errors[] = rex_view::error(rex_i18n::msg('setup_601'));
     if ($redaxo_user_pass == '') {
         $errors[] = rex_view::error(rex_i18n::msg('setup_602'));
     if (count($errors) == 0) {
         $ga = rex_sql::factory();
         $ga->setQuery('select * from ' . rex::getTablePrefix() . 'user where login = ? ', [$redaxo_user_login]);
         if ($ga->getRows() > 0) {
             $errors[] = rex_view::error(rex_i18n::msg('setup_603'));
         } else {
             // the server side encryption of pw is only required
             // when not already encrypted by client using javascript
             $redaxo_user_pass = rex_login::passwordHash($redaxo_user_pass, rex_post('javascript', 'boolean'));
             $user = rex_sql::factory();
             // $user->setDebug();
             $user->setTable(rex::getTablePrefix() . 'user');
             $user->setValue('name', 'Administrator');
             $user->setValue('login', $redaxo_user_login);
             $user->setValue('password', $redaxo_user_pass);
             $user->setValue('admin', 1);
             $user->setValue('status', '1');
             try {
             } catch (rex_sql_exception $e) {
                 $errors[] = rex_view::error(rex_i18n::msg('setup_604'));
Exemplo n.º 5
    $updateuser->setValue('description', $userdesc);
    $updateuser->setValue('language', $userperm_be_sprache);
    try {
        $success = rex_i18n::msg('user_data_updated');
    } catch (rex_sql_exception $e) {
        $error = $e->getMessage();
if (rex_post('upd_psw_button', 'bool')) {
    // the server side encryption of pw is only required
    // when not already encrypted by client using javascript
    $isPreHashed = rex_post('javascript', 'boolean');
    if ($userpsw != '' && $userpsw_new_1 != '' && $userpsw_new_1 == $userpsw_new_2 && rex_login::passwordVerify($userpsw, $user->getValue('password'), $isPreHashed)) {
        $userpsw_new_1 = rex_login::passwordHash($userpsw_new_1, $isPreHashed);
        $updateuser = rex_sql::factory();
        $updateuser->setTable(rex::getTablePrefix() . 'user');
        $updateuser->setWhere(['id' => $user_id]);
        $updateuser->setValue('password', $userpsw_new_1);
        try {
            $success = rex_i18n::msg('user_psw_updated');
        } catch (rex_sql_exception $e) {
            $error = $e->getMessage();
    } else {
        $error = rex_i18n::msg('user_psw_error');
Exemplo n.º 6
    $page = "setup";
} else {
    // ----------------- CREATE LANG OBJ
    $I18N = rex_create_lang($REX['LANG']);
    setlocale(LC_ALL, trim($I18N->msg("setlocale")));
    header('Content-Type: text/html; charset=' . $I18N->msg("htmlcharset"));
    header("Cache-Control: no-cache");
    header("Pragma: no-cache");
    // ----------------- CREATE LANG OBJ
    if (!isset($REX_ULOGIN)) {
        $REX_ULOGIN = '';
    if (!isset($REX_UPSW)) {
        $REX_UPSW = '';
    $REX_LOGIN = new rex_login();
    if ($REX['PSWFUNC'] != "") {
    if (isset($FORM['logout']) and $FORM['logout'] == 1) {
    $REX_LOGIN->setUserID($REX['TABLE_PREFIX'] . "user.user_id");
    $REX_LOGIN->setUserquery("SELECT * FROM " . $REX['TABLE_PREFIX'] . "user WHERE user_id = 'USR_UID'");
    $REX_LOGIN->setLoginquery("SELECT * FROM " . $REX['TABLE_PREFIX'] . "user WHERE login = '******' and psw = 'USR_PSW' and lasttrydate <'" . (time() - $REX['RELOGINDELAY']) . "'");
    if (!$REX_LOGIN->checkLogin()) {
Exemplo n.º 7
Arquivo: boot.php Projeto: eaCe/redaxo
 * Version.
 * @author jan@kristinus.de
 * @package redaxo5
$mypage = 'version';
rex_perm::register('version[live_version]', null, rex_perm::OPTIONS);
// ***** an EPs andocken
rex_extension::register('ART_INIT', function (rex_extension_point $ep) {
    $version = rex_request('rex_version', 'int');
    if ($version != 1) {
    if (!rex_backend_login::hasSession()) {
        throw new rex_exception('no permission for the working version');
    $article = $ep->getParam('article');
    if ($article instanceof rex_article_content) {
rex_extension::register('PAGE_CONTENT_HEADER', function (rex_extension_point $ep) {
    $params = $ep->getParams();
    $return = '';
    $rex_version_article = rex::getProperty('login')->getSessionVar('rex_version_article');
    if (!is_array($rex_version_article)) {
Exemplo n.º 8
 public function checkLogin()
     $sql = rex_sql::factory();
     $userId = $this->getSessionVar('UID');
     $cookiename = 'rex_user_' . sha1(rex::getProperty('instname'));
     if ($cookiekey = rex_cookie($cookiename, 'string')) {
         if (!$userId) {
             $sql->setQuery('SELECT id FROM ' . rex::getTable('user') . ' WHERE cookiekey = ? LIMIT 1', [$cookiekey]);
             if ($sql->getRows() == 1) {
                 $this->setSessionVar('UID', $sql->getValue('id'));
                 setcookie($cookiename, $cookiekey, time() + 60 * 60 * 24 * 365);
             } else {
                 setcookie($cookiename, '', time() - 3600);
         $this->setSessionVar('STAMP', time());
     $check = parent::checkLogin();
     if ($check) {
         // gelungenen versuch speichern | login_tries = 0
         if ($this->userLogin != '' || !$userId) {
             $params = [];
             $add = '';
             if ($this->stayLoggedIn || $cookiekey) {
                 $cookiekey = sha1($this->systemId . time() . $this->userLogin);
                 $add = 'cookiekey = ?, ';
                 $params[] = $cookiekey;
                 setcookie($cookiename, $cookiekey, time() + 60 * 60 * 24 * 365);
             if (self::passwordNeedsRehash($this->user->getValue('password'))) {
                 $add .= 'password = ?, ';
                 $params[] = self::passwordHash($this->userPassword, true);
             array_push($params, rex_sql::datetime(), session_id(), $this->userLogin);
             $sql->setQuery('UPDATE ' . $this->tableName . ' SET ' . $add . 'login_tries=0, lasttrydate=?, session_id=? WHERE login=? LIMIT 1', $params);
         $this->user = new rex_user($this->user);
     } else {
         // fehlversuch speichern | login_tries++
         if ($this->userLogin != '') {
             $sql->setQuery('SELECT login_tries FROM ' . $this->tableName . ' WHERE login=? LIMIT 1', [$this->userLogin]);
             if ($sql->getRows() > 0) {
                 $login_tries = $sql->getValue('login_tries');
                 $sql->setQuery('UPDATE ' . $this->tableName . ' SET login_tries=login_tries+1,session_id="",cookiekey="",lasttrydate=? WHERE login=? LIMIT 1', [rex_sql::datetime(), $this->userLogin]);
                 if ($login_tries >= self::LOGIN_TRIES_1 - 1) {
                     $time = $login_tries < self::LOGIN_TRIES_2 ? self::RELOGIN_DELAY_1 : self::RELOGIN_DELAY_2;
                     $hours = floor($time / 3600);
                     $mins = floor(($time - $hours * 3600) / 60);
                     $secs = $time % 60;
                     $formatted = ($hours ? $hours . 'h ' : '') . ($hours || $mins ? $mins . 'min ' : '') . $secs . 's';
                     $this->message .= ' ' . rex_i18n::msg('login_wait', '<strong data-time="' . $time . '">' . $formatted . '</strong>');
     if ($this->isLoggedOut() && $userId != '') {
         $sql->setQuery('UPDATE ' . $this->tableName . ' SET session_id="", cookiekey="" WHERE id=? LIMIT 1', [$userId]);
         setcookie($cookiename, '', time() - 3600);
     return $check;
Exemplo n.º 9
    // man kann sich selbst nicht loeschen..
    if (rex::getUser()->getId() != $user_id) {
        $deleteuser = rex_sql::factory();
        $deleteuser->setQuery('DELETE FROM ' . rex::getTablePrefix() . "user WHERE id = '{$user_id}' LIMIT 1");
        $info = rex_i18n::msg('user_deleted');
        $user_id = 0;
    } else {
        $warnings[] = rex_i18n::msg('user_notdeleteself');
} elseif ($FUNC_ADD != '' and $save == 1) {
    $adduser = rex_sql::factory();
    $adduser->setQuery('SELECT * FROM ' . rex::getTablePrefix() . "user WHERE login = '******'");
    if ($adduser->getRows() == 0 && $userlogin != '' && $userpsw != '') {
        // the server side encryption of pw is only required
        // when not already encrypted by client using javascript
        $userpsw = rex_login::passwordHash($userpsw, rex_post('javascript', 'boolean'));
        $adduser = rex_sql::factory();
        $adduser->setTable(rex::getTablePrefix() . 'user');
        $adduser->setValue('name', $username);
        $adduser->setValue('password', $userpsw);
        $adduser->setValue('login', $userlogin);
        $adduser->setValue('description', $userdesc);
        $adduser->setValue('admin', rex::getUser()->isAdmin() && $useradmin == 1 ? 1 : 0);
        $adduser->setValue('language', $userperm_be_sprache);
        $adduser->setValue('startpage', $userperm_startpage);
        $adduser->setValue('role', $userrole);
        if (isset($userstatus) and $userstatus == 1) {
            $adduser->setValue('status', 1);
        } else {
            $adduser->setValue('status', 0);
Exemplo n.º 10
 function checkLogin()
     global $REX;
     $fvs = new rex_sql();
     // $fvs->debugsql = true;
     $userId = $this->getSessionVar('UID');
     $check = parent::checkLogin();
     if ($check) {
         // gelungenen versuch speichern | login_tries = 0
         if ($this->usr_login != '') {
             $fvs->setQuery('UPDATE ' . $this->tableName . ' SET login_tries=0, lasttrydate=' . time() . ', session_id="' . session_id() . '" WHERE login="******" LIMIT 1');
     } else {
         // fehlversuch speichern | login_tries++
         if ($this->usr_login != '') {
             $fvs->setQuery('UPDATE ' . $this->tableName . ' SET login_tries=login_tries+1,session_id="",lasttrydate=' . time() . ' WHERE login="******" LIMIT 1');
     if ($this->isLoggedOut() && $userId != '') {
         $fvs->setQuery('UPDATE ' . $this->tableName . ' SET session_id="" WHERE user_id="' . $userId . '" LIMIT 1');
     if ($fvs->hasError()) {
         return $fvs->getError();
     return $check;