public function login($sUsername, $sPassword)
{
$oUser = UserQuery::create()->filterByUsername($sUsername)->findOne();
if ($oUser === null) {
$oUser = UserQuery::create()->filterByEmail($sUsername)->find();
if (count($oUser) === 1) {
$oUser = $oUser[0];
} else {
return 0;
}
}
if (!PasswordHash::comparePassword($sPassword, $oUser->getPassword())) {
if (PasswordHash::comparePasswordFallback($sPassword, $oUser->getPassword())) {
$oUser->setPassword($sPassword);
UserPeer::ignoreRights(true);
$oUser->save();
return $this->login($sUsername, $sPassword);
}
if ($oUser->getPassword() === '*') {
return self::USER_NEEDS_PASSWORD_RESET;
}
return 0;
}
if ($oUser->getDigestHA1() === null && Settings::getSetting('security', 'generate_digest_secrets', false) === true) {
$oUser->setPassword($sPassword);
UserPeer::ignoreRights(true);
$oUser->save();
}
return $this->loginUser($oUser);
}
public static function initializeFirstUserIfEmpty($sUsername = null, $sPassword = null)
{
if (UserQuery::create()->count() > 0) {
return false;
}
$sUsername = $sUsername !== null ? $sUsername : ADMIN_USERNAME;
$sPassword = $sPassword !== null ? $sPassword : ADMIN_PASSWORD;
$oUser = new User();
$oUser->setPassword($sPassword);
$oUser->setFirstName($sUsername);
$oUser->setUsername($sUsername);
$oUser->setIsAdmin(true);
$oUser->setLanguageId(Settings::getSetting("session_default", Session::SESSION_LANGUAGE_KEY, 'en'));
UserPeer::ignoreRights(true);
$oUser->save();
UserPeer::ignoreRights(false);
// make sure that this first language exists and is the content language too
AdminManager::createLanguageIfNoneExist(Session::language(), $oUser);
AdminManager::setContentLanguage(Session::language());
return true;
}
private static function saveModuleSettings($sUid, $aSettings)
{
$oUser = Session::getSession()->getUser();
$aDashboardConfig = self::dashboardConfig();
$aWidgets =& $aDashboardConfig['widgets'];
$bFoundExisting = false;
foreach ($aWidgets as $iKey => &$aWidget) {
if ($aWidget['uid'] === $sUid) {
$aWidgets[$iKey] = $aSettings;
$bFoundExisting = true;
break;
}
}
if (!$bFoundExisting) {
$aWidgets[] = $aSettings;
}
$oUser->setAdminSettings('dashboard', $aDashboardConfig);
UserPeer::ignoreRights(true);
$oUser->save();
UserPeer::ignoreRights(false);
}
public static function loginNewPassword($sReferrer = '')
{
$oFlash = Flash::getFlash();
$oUser = UserQuery::create()->filterByUsername(trim($_REQUEST['recover_username']))->isActive()->findOne();
if ($oUser === null || md5($oUser->getPasswordRecoverHint()) !== $_REQUEST['recover_hint']) {
$oFlash->addMessage('login.recovery.invalid');
return 'login';
}
if ($_POST['new_password'] === '') {
$oFlash->addMessage('login.empty_fields');
}
PasswordHash::checkPasswordValidity($_POST['new_password'], $oFlash);
if ($_POST['new_password'] !== $_POST['new_password_retype']) {
$oFlash->addMessage('password_confirm');
}
$oFlash->finishReporting();
if (!Flash::noErrors()) {
return 'password_reset';
}
//No errors – set new password, login and redirect
UserPeer::ignoreRights(true);
$oUser->setPassword($_POST['new_password']);
$oUser->setPasswordRecoverHint(null);
$oUser->save();
self::login($_POST['recover_username'], $_POST['new_password'], $sReferrer);
return 'login';
}