示例#1
0
 /**
  * Logs this stake leader into the session given username and password
  * @var $eml = The email address
  * @var $pwd = The plaintext password (will be salted and hashed)
  * @return If successful, the StakeLeader object. Otherwise null.
  */
 public static function Login($eml, $pwd)
 {
     // Sanitize input
     $eml = DB::Safe($eml);
     // First, we need to obtain this stake leader's unique salt
     $r = DB::Run("SELECT `Salt` FROM `Credentials` WHERE `Email`='{$eml}' AND `StakeLeaderID` > 0 LIMIT 1");
     if (mysql_num_rows($r) == 0) {
         return null;
     }
     $salt = mysql_result($r, 0);
     // Now hash input according to our hashing algorithm and leader's salt
     $pwd = hashPwd($pwd, $salt);
     // See if the email/password combination are correct
     $try = DB::Run("SELECT StakeLeaderID FROM Credentials WHERE Email='{$eml}' AND Password='******' AND StakeLeaderID > 0 LIMIT 1");
     if (mysql_num_rows($try) == 0) {
         return null;
     }
     // At this point, valid credentials were entered. Proceed...
     $stakeLeaderID = mysql_result($try, 0);
     $stakeLeader = StakeLeader::Load($stakeLeaderID);
     // Update LastActivity
     $stakeLeader->UpdateLastActivity();
     // Since they've logged in, no more need for existing
     // password reset tokens. Delete any strays for security.
     $q = "DELETE FROM PwdResetTokens WHERE CredentialsID={$stakeLeader->CredentialsID()}";
     DB::Run($q);
     // Save the session. This is the actual "logging in" part.
     session_regenerate_id();
     // Helps prevent session hijacking
     $_SESSION["stakeLeaderID"] = $stakeLeaderID;
     $_SESSION["timestamp"] = time();
     $_SESSION["ipaddress"] = $_SERVER['REMOTE_ADDR'];
     return $stakeLeader;
 }
示例#2
0
 public function Start()
 {
     // Necessary fields must be basically valid
     if ($this->Started > 0 || $this->Finished > 0 || !$this->StakeID && !$this->WardID || !$this->SenderID || !$this->Message || !$this->Recipients || count($this->Recipients) == 0) {
         return false;
     }
     // Populate the sender name and email fields for preservation purposes
     if ($this->IsMemberSender()) {
         $mem = Member::Load($this->SenderID);
         $this->SenderName = $mem->FirstName() . " " . $mem->LastName;
         $this->SenderPhone = $mem->PhoneNumber;
     } else {
         $leader = StakeLeader::Load($this->SenderID);
         $this->SenderName = $leader->Title . " " . $leader->FirstName . " " . $leader->LastName;
         $this->SenderPhone = $leader->PhoneNumber;
     }
     // We leave sendsms.php to set and save the "start" timestamp; we don't do it here.
     $this->Save();
     // See EmailJob.php for any explanation about this last part
     $docroot = DOCROOT;
     $smspwd = SMS_JOB_PASSWORD;
     $cmd = "php {$docroot}/api/sendsms.php {$this->ID} {$smspwd}";
     exec("/usr/bin/nohup {$cmd} &> error_log &");
     return true;
 }
示例#3
0
 public function Start()
 {
     // Necessary fields must be filled out
     if ($this->Started > 0 || $this->Ended > 0 || !$this->MemberID && !$this->StakeLeaderID || !$this->Subject || !$this->Message || !$this->Recipients) {
         return;
     }
     // Populate the sender name and email fields for preservation purposes
     if ($this->IsMemberSender()) {
         $mem = Member::Load($this->MemberID);
         $this->SenderName = $mem->FirstName() . " " . $mem->LastName;
         $this->SenderEmail = $mem->Email;
     } else {
         $leader = StakeLeader::Load($this->StakeLeaderID);
         $this->SenderName = $leader->Title . " " . $leader->LastName;
         $this->SenderEmail = $leader->Email;
     }
     // We leave sendemails.php to set and save the "start" timestamp; we don't do it here.
     $this->Save();
     // Call the worker process to run in the background. We pass in the ID
     // of the EmailJob so it can load all its info and process it. The worker
     // process sends the emails at a throttled rate.
     // The & tells it to go into the background, and the /dev/null thing
     // means any output can be discarded. The funky string "DKQl..." is a
     // password for internal use to help verify that the request is a valid one
     // from a legit source.
     $docroot = DOCROOT;
     $pwd = EMAIL_JOB_PASSWORD;
     $cmd = "php {$docroot}/api/sendemails.php {$this->ID} {$pwd}";
     exec("/usr/bin/nohup {$cmd} &> error_log &");
 }
示例#4
0
}
// Verify that the credentials ID matches the token
$credID = DB::Safe($credID);
$token = DB::Safe($token);
$r = DB::Run("SELECT 1 FROM `PwdResetTokens` WHERE `CredentialsID`='{$credID}' AND `Token`='{$token}' LIMIT 1");
if (mysql_num_rows($r) == 0) {
    Response::Send(400, "Account ID and token do not appear to match. Maybe try again from the link in your email?");
}
// Get account object (Member or Leader) -- first we have to determine which type it is
$q2 = DB::Run("SELECT * FROM Credentials WHERE ID='{$credID}' LIMIT 1");
$r = mysql_fetch_array($q2);
$memberID = $r['MemberID'];
$leaderID = $r['StakeLeaderID'];
$user = null;
if ($memberID && !$leaderID) {
    $user = @Member::Load($memberID);
} else {
    if ($leaderID && !$memberID) {
        $user = @StakeLeader::Load($leaderID);
    }
}
if (!$user) {
    Response::Send(500, "Could not load account with ID '{$memberID}' or '{$leaderID}', from credentials ID {$credID} -- please report this exact error message. Thanks...");
}
// Reset password.
if (!$user->ChangePassword($pwd1)) {
    // This function deletes the token from the DB for us
    Response::Send(500, "Could not reset your password for some reason... please report this.");
}
// In the clear!
Response::Send(200);