public static function login($username, $password, $set_cookie = false)
{
self::logout();
$user = User::findBy('username', $username);
if (!$user instanceof User && self::ALLOW_LOGIN_WITH_EMAIL) {
$user = User::findBy('email', $username);
}
if ($user instanceof User && $user->password == sha1($password)) {
$user->last_login = date('Y-m-d H:i:s');
$user->save();
if ($set_cookie) {
$time = $_SERVER['REQUEST_TIME'] + self::COOKIE_LIFE;
setcookie(self::COOKIE_KEY, self::bakeUserCookie($time, $user), $time, '/', null, isset($_ENV['SERVER_PROTOCOL']) && (strpos($_ENV['SERVER_PROTOCOL'], 'https') || strpos($_ENV['SERVER_PROTOCOL'], 'HTTPS')));
}
self::setInfos($user);
return true;
} else {
if (self::DELAY_ON_INVALID_LOGIN) {
if (!isset($_SESSION[self::SESSION_KEY . '_invalid_logins'])) {
$_SESSION[self::SESSION_KEY . '_invalid_logins'] = 1;
} else {
++$_SESSION[self::SESSION_KEY . '_invalid_logins'];
}
sleep(max(0, min($_SESSION[self::SESSION_KEY . '_invalid_logins'], ini_get('max_execution_time') - 1)));
}
return false;
}
}
public function currentUser()
{
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
if (isset($_SESSION['user_id'])) {
return User::findBy('user_id', $_SESSION['user_id']);
}
}
function _sendPasswordTo($email)
{
$user = User::findBy('email', $email);
if ($user) {
use_helper('Email');
$new_pass = '******' . dechex(rand(100000000, 4294967295)) . 'K';
$user->password = sha1($new_pass);
$user->save();
$email = new Email();
$email->from('*****@*****.**', 'Frog CMS');
$email->to($user->email);
$email->subject('Your new password from Frog CMS');
$email->message('username: '******'success', 'An email has been send with your new password!');
redirect(get_url('login'));
} else {
Flash::set('email', $email);
Flash::set('error', 'No user found!');
redirect(get_url('login/forgot'));
}
}
public static function activation()
{
//User::removeNonActivatedUsers(3600); // for last hour
$login = urldecode(Core::validate(self::getVar('login')));
$code = Core::validate(self::getVar('code'));
$nonActivatedUser = User::findBy(array('Login' => $login, 'Activation' => 0));
if (empty($nonActivatedUser)) {
header('Location: /');
// too late
exit;
}
$usr = new User();
$usr->findById($nonActivatedUser[0]['id']);
$rightCode = self::calcActivationCode($usr);
if ($code != $rightCode) {
header('Location: /');
exit;
}
$usr->update(array('Activation' => 1));
self::createEmptyPursesFor($usr->getId());
$session = new Session();
$session->create($usr->getId(), Core::getClientIP());
header('Location: /usr/mypage/');
}
/**
* Save the original group membership
*
* @param string $strColumn
* @param mixed $varValue
*
* @return boolean
*/
public function findBy($strColumn, $varValue)
{
if (parent::findBy($strColumn, $varValue) === false) {
return false;
}
$this->arrGroups = $this->groups;
return true;
}
/**
* Attempts to log in a user based on the username and password they provided.
*
* @param string $username User provided username.
* @param string $password User provided password.
* @param boolean $set_cookie Set a "remember me" cookie? Defaults to false.
* @return boolean Returns true when successful, otherwise false.
*/
public static final function login($username, $password, $set_cookie = false, $validate_password = true)
{
self::logout();
$user = User::findBy('username', $username);
if (self::DELAY_ON_INVALID_LOGIN && $user->failure_count > 0) {
$last = explode(' ', $user->last_failure);
$date = explode('-', $last[0]);
$hours = explode(':', $last[1]);
$last = mktime($hours[0], $hours[1], $hours[2], $date[1], $date[2], $date[0]);
// thirty (by default) second delay for every failed attempt
$now = time() - self::DELAY_ONCE_EVERY * $user->failure_count;
if ($last > $now) {
return false;
}
}
if (!$user instanceof User && self::ALLOW_LOGIN_WITH_EMAIL) {
$user = User::findBy('email', $username);
}
if ($user instanceof User && (false === $validate_password || self::validatePassword($user, $password))) {
$user->last_login = date('Y-m-d H:i:s');
$user->failure_count = 0;
$user->save();
if ($set_cookie) {
$time = $_SERVER['REQUEST_TIME'] + self::COOKIE_LIFE;
setcookie(self::COOKIE_KEY, self::bakeUserCookie($time, $user), $time, '/', null, isset($_ENV['SERVER_PROTOCOL']) && (strpos($_ENV['SERVER_PROTOCOL'], 'https') || strpos($_ENV['SERVER_PROTOCOL'], 'HTTPS')));
}
// Regenerate Session ID upon login
session_regenerate_id(true);
self::setInfos($user);
return true;
} else {
if ($user instanceof User) {
$user->last_failure = date('Y-m-d H:i:s');
$user->failure_count = ++$user->failure_count;
$user->save();
}
return false;
}
}
function testFindByOrderSQL()
{
$user = new User();
$users = $user->findBy('id', 1, 'username ASC');
$this->assertEqual($user->lastSqlQuery, 'SELECT * FROM `users` WHERE `id` = 1 ORDER BY username ASC');
}
/**
* Save the original group membership
* @param int
* @return boolean
*/
public function findBy($strRefField, $varRefId)
{
if (parent::findBy($strRefField, $varRefId) === false) {
return false;
}
$this->arrGroups = $this->groups;
return true;
}
public function getUser()
{
return User::findBy('email', $this->username)->getFirst();
}
/**
* This method is used to send a newly generated password to a user.
*
* @param string $email The user's email adress.
*/
private function _sendPasswordTo($email)
{
$user = User::findBy('email', $email);
if ($user) {
use_helper('Email');
$new_pass = '******' . dechex(rand(100000000, 4294967295)) . 'K';
$user->password = AuthUser::generateHashedPassword($new_pass . $user->salt);
$user->save();
$email = new Email();
$email->from(Setting::get('admin_email'), Setting::get('admin_title'));
$email->to($user->email);
$email->subject(__('Your new password from ') . Setting::get('admin_title'));
$email->message(__('Username') . ': ' . $user->username . "\n" . __('Password') . ': ' . $new_pass);
$email->send();
Flash::set('success', __('An email has been sent with your new password!'));
redirect(get_url('login'));
} else {
Flash::set('email', $email);
Flash::set('error', __('No user found!'));
redirect(get_url('login/forgot'));
}
}
public function cmdPassword()
{
try {
$login = ArgsHolder::get()->shiftCommand();
$password = ArgsHolder::get()->shiftCommand();
if ($login === false) {
return io::out('Incorrect param count', IO::MESSAGE_FAIL) | 1;
}
if ($user = User::findBy("login", $login)) {
if (!$password) {
IO::out('New password: '******'Confirm New password: '******'Passwords not match.', IO::MESSAGE_FAIL) | 2;
}
}
$user->setPassword($password);
} else {
return io::out(PHP_EOL . 'User ~WHITE~' . $login . '~~~ not found', IO::MESSAGE_FAIL) | 3;
}
} catch (UserException $e) {
return io::out($e->getMessage(), IO::MESSAGE_FAIL) | 127;
}
}
