public function loadResetPassword($parameters)
{
if (!isset($parameters['k'])) {
return $this->loadModule('admin', 'home', 'default', true, true);
}
$user = new DinklyUser($this->db);
$user->initWith(array('auto_login_hash' => $parameters['k']));
if (!$user->getId()) {
return $this->loadModule('admin', 'login', 'forgot_password', true);
}
if (!strtotime($user->getAutoLoginExpire()) > time()) {
DinklyFlash::set('reset_error', 'Sorry, the link has expired.');
return $this->loadModule('admin', 'login', 'forgot_password', true);
}
if (isset($_POST['password']) && isset($_POST['password-confirm'])) {
if ($_POST['password'] != $_POST['password-confirm']) {
DinklyFlash::set('reset_error', 'Passwords did not match');
} elseif (strlen($_POST['password']) < 8) {
DinklyFlash::set('reset_error', 'Password must be at least 8 characters long');
} else {
$user->setPassword($_POST['password']);
$user->setAutoLoginHash('');
$user->setAutoLoginExpire('');
$user->save();
DinklyFlash::set('reset_success', ' Your password was successfully set. Please login using your new password.');
return $this->loadModule('admin', 'login', 'default', true);
}
}
return true;
}
/**
* Verify with database the user credentials are correct and log in if so
*
*
* @param string $username: input username of user attempting to log in
* @param string $input_password: input password of user attempting to log in
*
* @return bool: true if correct credentials and logged on, false otherwise
*/
public static function authenticate($username, $input_password)
{
$dbo = self::fetchDB();
$sql = "select * from dinkly_user where username=" . $dbo->quote($username);
$result = $dbo->query($sql)->fetchAll();
//We found a match for the username
if ($result != array()) {
$user = new DinklyUser();
$user->init($result[0]['id']);
$hashed_password = $result[0]['password'];
if (function_exists('password_verify')) {
$valid_password = password_verify($input_password, $hashed_password) == $hashed_password;
} else {
$valid_password = crypt($input_password, $hashed_password) == $hashed_password;
}
if ($valid_password) {
$count = $user->getLoginCount() + 1;
$user->setLastLoginAt(date('Y-m-d G:i:s'));
$user->setLoginCount($count);
$user->save();
self::setLoggedIn(true, $result[0]['id'], $result[0]['username'], $user->getGroups());
return true;
}
}
return false;
}
