public function change_password() { $this->cut_notlogged(); $this->user = new UsersModel(); if (!empty($_POST)) { // Check for CSRF first. Secure::csrf_checknredir($_POST['csrf_tkn']); $in = new In(); $validation = $in->validate_input($_POST, array('password' => array('required' => 'true', 'min' => '6', 'max' => '16'), 'password2' => array('required' => 'true', 'equal_field' => 'password'))); if ($validation) { $salt = Secure::salt(32); $upd_user['password'] = Secure::do_hash($_POST['password'], $salt); $upd_user['salt'] = $salt; $upd_user['id'] = $_SESSION['user']['id']; $this->user->update($upd_user); // Out::flash('Password updated.'); header("Location: " . ROOT_URI . '/admin/users'); exit; } else { // output errors $ers = ''; foreach ($in->errors as $er) { $ers .= $er . "<br />"; } Out::flash($ers); header("Location: " . ROOT_URI . "/admin/users/change_password"); exit; } } // end if POST // which user to edit $id = $_SESSION['user']['id']; $user2edit = $this->user->get_user($id); $this->set_view_var($user2edit); }
public function login($in_email, $in_pass) { $user_exists = $this->find($in_email); $data = $this->user_data[0]; if ($user_exists) { if ($data->password == Secure::do_hash($in_pass, $data->salt)) { // TODO update last_login field in DB //die("user_exists :" . $user_exists); $_SESSION['user']['id'] = $data->id; $_SESSION['user']['email'] = $data->email; $_SESSION['user']['active'] = $data->active; $_SESSION['user']['user_group_id'] = $data->user_group_id; $_SESSION['user_group']['descr'] = $data->descr; $upd_user['id'] = $data->id; $upd_user['last_login'] = date("Y-m-d H:i:s", time()); $this->update($upd_user); return TRUE; } } return FALSE; }