function setAcl($openid) { Acl::authorize('openid', $openid); $pool = DBModel::getInstance(); $context = Model_Context::getInstance(); $blogid = intval($context->getProperty('blog.id')); $pool->reset('UserSettings'); $pool->setQualifier('name', 'like', 'openid.', true); $pool->setQualifier('value', 'equals', $openid, true); $pool->setOrder('userid', 'ASC'); $result = $pool->getCell('userid'); $userid = null; if ($result) { $userid = $result; Acl::authorize('textcube', $userid); } if (!empty($userid) && in_array("group.writers", Acl::getCurrentPrivilege())) { Session::authorize($blogid, $userid); } else { Session::authorize($blogid, SESSION_OPENID_USERID); } }
function authenticate($blogid, $loginid, $password, $blogapi = false) { $session = array(); Acl::clearAcl(); $pool = DBModel::getInstance(); $blogApiPassword = Setting::getBlogSettingGlobal("blogApiPassword", ""); $pool->reset("Users"); if (strlen($password) == 32 && preg_match('/[0-9a-f]{32}/i', $password)) { // Traditional md5 Raw login. ( with/without auth token) $userid = User::getUserIdByEmail($loginid); if (!empty($userid) && !is_null($userid)) { $pool->reset('UserSettings'); $pool->setQualifier('userid', 'equals', intval($userid)); $pool->setQualifier('name', 'equals', 'AuthToken', true); $authtoken = $query->getCell('value'); $pool->reset("Users"); if (!empty($authtoken) && $authtoken === $password) { // If user requested auth token, use it to confirm. $session['userid'] = $userid; } else { // login with md5 hash $pool->setQualifier("password", "eq", md5($password), true); } } else { return false; } } else { if ($blogapi && !empty($blogApiPassword)) { // BlogAPI login $pool->setQualifierSet(array("password", "eq", md5($password), true), "OR", array($password, "eq", $blogApiPassword, true)); } else { // Normal login $pool->setQualifier("password", "eq", md5($password), true); } } if (empty($session)) { $pool->setQualifier("loginid", "eq", $loginid, true); $session = $pool->getRow("userid, loginid"); } if (empty($session)) { /* You should compare return value with '=== false' which checks with variable types*/ return false; } $userid = $session['userid']; Acl::authorize('textcube', $userid); $pool->reset("Users"); $pool->setAttribute("lastlogin", Timestamp::getUNIXtime()); $pool->setQualifier("loginid", "eq", $loginid, true); $pool->update(); // POD::execute("DELETE FROM {$database['prefix']}UserSettings WHERE userid = '$userid' AND name = 'AuthToken' LIMIT 1"); return $userid; }
function authenticate($blogid, $loginid, $password, $blogapi = false) { global $database; $session = array(); Acl::clearAcl(); $loginid = POD::escapeString($loginid); $blogApiPassword = Setting::getBlogSettingGlobal("blogApiPassword", ""); if (strlen($password) == 32 && preg_match('/[0-9a-f]{32}/i', $password)) { // Raw login. ( with/without auth token) $userid = User::getUserIdByEmail($loginid); if (!empty($userid) && !is_null($userid)) { $query = DBModel::getInstance(); $query->reset('UserSettings'); $query->setQualifier('userid', 'equals', intval($userid)); $query->setQualifier('name', 'equals', 'AuthToken', true); $authtoken = $query->getCell('value'); if (!empty($authtoken) && $authtoken === $password) { // If user requested auth token, use it to confirm. $session['userid'] = $userid; } else { // login with md5 hash $secret = 'password = \'' . md5($password) . '\''; } } else { return false; } } else { if ($blogapi && !empty($blogApiPassword)) { // BlogAPI login $password = POD::escapeString($password); $secret = '(password = \'' . md5($password) . '\' OR \'' . $password . '\' = \'' . $blogApiPassword . '\')'; } else { // Normal login $secret = 'password = \'' . md5($password) . '\''; } } if (empty($session)) { $session = POD::queryRow("SELECT userid, loginid, name FROM {$database['prefix']}Users WHERE loginid = '{$loginid}' AND {$secret}"); } if (empty($session)) { /* You should compare return value with '=== false' which checks with variable types*/ return false; } $userid = $session['userid']; Acl::authorize('textcube', $userid); POD::execute("UPDATE {$database['prefix']}Users SET lastlogin = "******" WHERE loginid = '{$loginid}'"); // POD::execute("DELETE FROM {$database['prefix']}UserSettings WHERE userid = '$userid' AND name = 'AuthToken' LIMIT 1"); return $userid; }