/** * Does some house keeping work when a log in has failed. * * @param mixed $userID * @param string $login */ protected static function loginFailed($userID = false, $login) { $loginEscaped = eZDB::instance()->escapeString($login); // Failed login attempts should be logged eZAudit::writeAudit('user-failed-login', array('User login' => $loginEscaped, 'Comment' => 'Failed login attempt: eZUser::loginUser()')); // Increase number of failed login attempts. if ($userID) { eZUser::setFailedLoginAttempts($userID); } }
} if (eZOperationHandler::operationIsAvailable('user_setsettings')) { $operationResult = eZOperationHandler::execute('user', 'setsettings', array('user_id' => $UserID, 'is_enabled' => $isEnabled, 'max_login' => $maxLogin)); } else { eZUserOperationCollection::setSettings($UserID, $isEnabled, $maxLogin); } $Module->redirectTo('/content/view/full/' . $userObject->attribute('main_node_id')); return; } if ($http->hasPostVariable("CancelSettingButton")) { $Module->redirectTo('/content/view/full/' . $userObject->attribute('main_node_id')); return; } if ($http->hasPostVariable("ResetFailedLoginButton")) { // Reset number of failed login attempts eZUser::setFailedLoginAttempts($UserID, 0, true); } $failedLoginAttempts = $user->failedLoginAttempts(); $maxFailedLoginAttempts = eZUser::maxNumberOfFailedLogin(); $Module->setTitle("Edit user settings"); // Template handling $tpl = eZTemplate::factory(); $tpl->setVariable("module", $Module); $tpl->setVariable("http", $http); $tpl->setVariable("userID", $UserID); $tpl->setVariable("user", $user); $tpl->setVariable("userSetting", $userSetting); $tpl->setVariable("failed_login_attempts", $failedLoginAttempts); $tpl->setVariable("max_failed_login_attempts", $maxFailedLoginAttempts); $Result = array(); $Result['content'] = $tpl->fetch("design:user/setting.tpl");
static function publishUpdateUser($parentNodeIDs, $defaultUserPlacement, $userAttributes, $isUtf8Encoding = false) { if (!is_array($userAttributes) or !isset($userAttributes['login']) or empty($userAttributes['login'])) { eZDebug::writeWarning('Empty user login passed.', __METHOD__); return false; } if ((!is_array($parentNodeIDs) or count($parentNodeIDs) < 1) and !is_numeric($defaultUserPlacement)) { eZDebug::writeWarning('No one parent node IDs was passed for publishing new user (login = "******")', __METHOD__); return false; } $parentNodeIDs[] = $defaultUserPlacement; $parentNodeIDs = array_unique($parentNodeIDs); $login = $userAttributes['login']; $first_name = $userAttributes['first_name']; $last_name = $userAttributes['last_name']; $email = $userAttributes['email']; if ($isUtf8Encoding) { $first_name = utf8_decode($first_name); $last_name = utf8_decode($last_name); } $user = eZUser::fetchByName($login); $createNewUser = is_object($user) ? false : true; if ($createNewUser) { if (!isset($first_name) or empty($first_name) or !isset($last_name) or empty($last_name) or !isset($email) or empty($email)) { eZDebug::writeWarning('Cannot create user with empty first name (last name or email).', __METHOD__); return false; } $ini = eZINI::instance(); $userClassID = $ini->variable("UserSettings", "UserClassID"); $userCreatorID = $ini->variable("UserSettings", "UserCreatorID"); $defaultSectionID = $ini->variable("UserSettings", "DefaultSectionID"); $class = eZContentClass::fetch($userClassID); $contentObject = $class->instantiate($userCreatorID, $defaultSectionID); $contentObject->store(); $userID = $contentObjectID = $contentObject->attribute('id'); $version = $contentObject->version(1); $version->setAttribute('modified', time()); $version->setAttribute('status', eZContentObjectVersion::STATUS_DRAFT); $version->store(); $user = eZLDAPUser::create($userID); $user->setAttribute('login', $login); } else { $userID = $contentObjectID = $user->attribute('contentobject_id'); $contentObject = eZContentObject::fetch($userID); $version = $contentObject->attribute('current'); } //================= common part 1: start ======================== $contentObjectAttributes = $version->contentObjectAttributes(); // find and set 'name' and 'description' attributes (as standard user group class) $firstNameIdentifier = 'first_name'; $lastNameIdentifier = 'last_name'; $firstNameAttribute = null; $lastNameAttribute = null; foreach ($contentObjectAttributes as $attribute) { if ($attribute->attribute('contentclass_attribute_identifier') == $firstNameIdentifier) { $firstNameAttribute = $attribute; } else { if ($attribute->attribute('contentclass_attribute_identifier') == $lastNameIdentifier) { $lastNameAttribute = $attribute; } } } //================= common part 1: end ========================== // If we are updating an existing user, we must find out if some data should be changed. // In that case, we must create a new version and publish it. if (!$createNewUser) { $userDataChanged = false; $firstNameChanged = false; $lastNameChanged = false; $emailChanged = false; if ($firstNameAttribute and $firstNameAttribute->attribute('data_text') != $first_name) { $firstNameChanged = true; } $firstNameAttribute = false; // We will load this again from the new version we will create, if it has changed if ($lastNameAttribute and $lastNameAttribute->attribute('data_text') != $last_name) { $lastNameChanged = true; } $lastNameAttribute = false; // We will load this again from the new version we will create, if it has changed if ($user->attribute('email') != $email) { $emailChanged = true; } if ($firstNameChanged or $lastNameChanged or $emailChanged) { $userDataChanged = true; // Create new version $version = $contentObject->createNewVersion(); $contentObjectAttributes = $version->contentObjectAttributes(); foreach ($contentObjectAttributes as $attribute) { if ($attribute->attribute('contentclass_attribute_identifier') == $firstNameIdentifier) { $firstNameAttribute = $attribute; } else { if ($attribute->attribute('contentclass_attribute_identifier') == $lastNameIdentifier) { $lastNameAttribute = $attribute; } } } } } //================= common part 2: start ======================== if ($firstNameAttribute) { $firstNameAttribute->setAttribute('data_text', $first_name); $firstNameAttribute->store(); } if ($lastNameAttribute) { $lastNameAttribute->setAttribute('data_text', $last_name); $lastNameAttribute->store(); } if (!isset($userDataChanged) or $userDataChanged === true) { $contentClass = $contentObject->attribute('content_class'); $name = $contentClass->contentObjectName($contentObject); $contentObject->setName($name); } if (!isset($emailChanged) or $emailChanged === true) { $user->setAttribute('email', $email); } $user->setAttribute('password_hash', ""); $user->setAttribute('password_hash_type', 0); $user->store(); $debugArray = array('Updating user data', 'createNewUser' => $createNewUser, 'userDataChanged' => isset($userDataChanged) ? $userDataChanged : null, 'login' => $login, 'first_name' => $first_name, 'last_name' => $last_name, 'email' => $email, 'firstNameAttribute is_object' => is_object($firstNameAttribute), 'lastNameAttribute is_object' => is_object($lastNameAttribute), 'content object id' => $contentObjectID, 'version id' => $version->attribute('version')); eZDebug::writeNotice(var_export($debugArray, true), __METHOD__); //================= common part 2: end ========================== if ($createNewUser) { reset($parentNodeIDs); // prepare node assignments for publishing new user foreach ($parentNodeIDs as $parentNodeID) { $newNodeAssignment = eZNodeAssignment::create(array('contentobject_id' => $contentObjectID, 'contentobject_version' => 1, 'parent_node' => $parentNodeID, 'parent_remote_id' => uniqid('LDAP_'), 'is_main' => $defaultUserPlacement == $parentNodeID ? 1 : 0)); $newNodeAssignment->store(); } $operationResult = eZOperationHandler::execute('content', 'publish', array('object_id' => $contentObjectID, 'version' => 1)); } else { if ($userDataChanged) { // Publish object $operationResult = eZOperationHandler::execute('content', 'publish', array('object_id' => $contentObjectID, 'version' => $version->attribute('version'))); // Refetch object $contentObject = eZContentObject::fetch($contentObjectID); $version = $contentObject->attribute('current'); } $LDAPIni = eZINI::instance('ldap.ini'); $keepGroupAssignment = $LDAPIni->hasVariable('LDAPSettings', 'KeepGroupAssignment') ? $LDAPIni->variable('LDAPSettings', 'KeepGroupAssignment') == "enabled" : false; if ($keepGroupAssignment == false) { $objectIsChanged = false; $db = eZDB::instance(); $db->begin(); // First check existing assignments, remove any that should not exist $assignedNodesList = $contentObject->assignedNodes(); $existingParentNodeIDs = array(); foreach ($assignedNodesList as $node) { $parentNodeID = $node->attribute('parent_node_id'); if (!in_array($parentNodeID, $parentNodeIDs)) { $node->removeThis(); $objectIsChanged = true; } else { $existingParentNodeIDs[] = $parentNodeID; } } // Then check assignments that should exist, add them if they are missing foreach ($parentNodeIDs as $parentNodeID) { if (!in_array($parentNodeID, $existingParentNodeIDs)) { $newNode = $contentObject->addLocation($parentNodeID, true); $newNode->updateSubTreePath(); $newNode->setAttribute('contentobject_is_published', 1); $newNode->sync(); $existingParentNodeIDs[] = $parentNodeID; $objectIsChanged = true; } } // Then ensure that the main node is correct $currentMainParentNodeID = $contentObject->attribute('main_parent_node_id'); if ($currentMainParentNodeID != $defaultUserPlacement) { $existingNode = eZContentObjectTreeNode::fetchNode($contentObjectID, $defaultUserPlacement); if (!is_object($existingNode)) { eZDebug::writeError("Cannot find assigned node as {$defaultUserPlacement}'s child.", __METHOD__); } else { $existingNodeID = $existingNode->attribute('node_id'); $versionNum = $version->attribute('version'); eZContentObjectTreeNode::updateMainNodeID($existingNodeID, $contentObjectID, $versionNum, $defaultUserPlacement); $objectIsChanged = true; } } $db->commit(); // Finally, clear object view cache if something was changed if ($objectIsChanged) { eZContentCacheManager::clearObjectViewCache($contentObjectID, true); } } } eZUser::updateLastVisit($userID); //eZUser::setCurrentlyLoggedInUser( $user, $userID ); // Reset number of failed login attempts eZUser::setFailedLoginAttempts($userID, 0); return $user; }
static function loginUser($login, $password, $authenticationMatch = false) { $http = eZHTTPTool::instance(); $db = eZDB::instance(); if ($authenticationMatch === false) { $authenticationMatch = eZUser::authenticationMatch(); } $loginEscaped = $db->escapeString($login); $passwordEscaped = $db->escapeString($password); $loginArray = array(); if ($authenticationMatch & eZUser::AUTHENTICATE_LOGIN) { $loginArray[] = "login='******'"; } if ($authenticationMatch & eZUser::AUTHENTICATE_EMAIL) { $loginArray[] = "email='{$loginEscaped}'"; } if (count($loginArray) == 0) { $loginArray[] = "login='******'"; } $loginText = implode(' OR ', $loginArray); $contentObjectStatus = eZContentObject::STATUS_PUBLISHED; $ini = eZINI::instance(); $textFileIni = eZINI::instance('textfile.ini'); $databaseName = $db->databaseName(); // if mysql if ($databaseName === 'mysql') { $query = "SELECT contentobject_id, password_hash, password_hash_type, email, login\n FROM ezuser, ezcontentobject\n WHERE ( {$loginText} ) AND\n ezcontentobject.status='{$contentObjectStatus}' AND\n ( ezcontentobject.id=contentobject_id OR ( password_hash_type=4 AND ( {$loginText} ) AND password_hash=PASSWORD('{$passwordEscaped}') ) )"; } else { $query = "SELECT contentobject_id, password_hash, password_hash_type, email, login\n FROM ezuser, ezcontentobject\n WHERE ( {$loginText} ) AND\n ezcontentobject.status='{$contentObjectStatus}' AND\n ezcontentobject.id=contentobject_id"; } $users = $db->arrayQuery($query); $exists = false; if (count($users) >= 1) { foreach ($users as $userRow) { $userID = $userRow['contentobject_id']; $hashType = $userRow['password_hash_type']; $hash = $userRow['password_hash']; $exists = eZUser::authenticateHash($userRow['login'], $password, eZUser::site(), $hashType, $hash); // If hash type is MySql if ($hashType == eZUser::PASSWORD_HASH_MYSQL and $databaseName === 'mysql') { $queryMysqlUser = "******"; $mysqlUsers = $db->arrayQuery($queryMysqlUser); if (count($mysqlUsers) >= 1) { $exists = true; } } eZDebugSetting::writeDebug('kernel-user', eZUser::createHash($userRow['login'], $password, eZUser::site(), $hashType), "check hash"); eZDebugSetting::writeDebug('kernel-user', $hash, "stored hash"); // If current user has been disabled after a few failed login attempts. $canLogin = eZUser::isEnabledAfterFailedLogin($userID); if ($exists) { // We should store userID for warning message. $GLOBALS['eZFailedLoginAttemptUserID'] = $userID; $userSetting = eZUserSetting::fetch($userID); $isEnabled = $userSetting->attribute("is_enabled"); if ($hashType != eZUser::hashType() and strtolower($ini->variable('UserSettings', 'UpdateHash')) == 'true') { $hashType = eZUser::hashType(); $hash = eZUser::createHash($login, $password, eZUser::site(), $hashType); $db->query("UPDATE ezuser SET password_hash='{$hash}', password_hash_type='{$hashType}' WHERE contentobject_id='{$userID}'"); } break; } } } if ($exists and $isEnabled and $canLogin) { eZDebugSetting::writeDebug('kernel-user', $userRow, 'user row'); $user = new eZUser($userRow); eZDebugSetting::writeDebug('kernel-user', $user, 'user'); $userID = $user->attribute('contentobject_id'); eZUser::updateLastVisit($userID); eZUser::setCurrentlyLoggedInUser($user, $userID); // Reset number of failed login attempts eZUser::setFailedLoginAttempts($userID, 0); return $user; } else { if ($textFileIni->variable('TextFileSettings', 'TextFileEnabled') == "true") { $fileName = $textFileIni->variable('TextFileSettings', 'FileName'); $filePath = $textFileIni->variable('TextFileSettings', 'FilePath'); $defaultUserPlacement = $ini->variable("UserSettings", "DefaultUserPlacement"); $separator = $textFileIni->variable("TextFileSettings", "FileFieldSeparator"); $loginColumnNr = $textFileIni->variable("TextFileSettings", "LoginAttribute"); $passwordColumnNr = $textFileIni->variable("TextFileSettings", "PasswordAttribute"); $emailColumnNr = $textFileIni->variable("TextFileSettings", "EmailAttribute"); $lastNameColumnNr = $textFileIni->variable("TextFileSettings", "LastNameAttribute"); $firstNameColumnNr = $textFileIni->variable("TextFileSettings", "FirstNameAttribute"); if ($textFileIni->hasVariable('TextFileSettings', 'DefaultUserGroupType')) { $UserGroupType = $textFileIni->variable('TextFileSettings', 'DefaultUserGroupType'); $UserGroup = $textFileIni->variable('TextFileSettings', 'DefaultUserGroup'); } if ($UserGroupType != null) { if ($UserGroupType == "name") { $groupName = $UserGroup; $groupQuery = "SELECT ezcontentobject_tree.node_id\n FROM ezcontentobject, ezcontentobject_tree\n WHERE ezcontentobject.name='{$groupName}'\n AND ezcontentobject.id=ezcontentobject_tree.contentobject_id"; $groupObject = $db->arrayQuery($groupQuery); if (count($groupObject) > 0) { $defaultUserPlacement = $groupObject[0]['node_id']; } } else { if ($UserGroupType == "id") { $groupID = $UserGroup; $groupQuery = "SELECT ezcontentobject_tree.node_id\n FROM ezcontentobject, ezcontentobject_tree\n WHERE ezcontentobject.id='{$groupID}'\n AND ezcontentobject.id=ezcontentobject_tree.contentobject_id"; $groupObject = $db->arrayQuery($groupQuery); if (count($groupObject) > 0) { $defaultUserPlacement = $groupObject[0]['node_id']; } } } } if ($filePath != "root" and $filePath != null) { $fileName = $filePath . "/" . $fileName; } if (file_exists($fileName)) { $handle = fopen($fileName, "r"); } else { // Increase number of failed login attempts. if (isset($userID)) { eZUser::setFailedLoginAttempts($userID); } return false; } while (!feof($handle)) { $line = trim(fgets($handle, 4096)); if ($line === '') { continue; } if ($separator == "tab") { $userArray = explode("\t", $line); } else { $userArray = explode($separator, $line); } $uid = $userArray[$loginColumnNr - 1]; $email = $userArray[$emailColumnNr - 1]; $pass = $userArray[$passwordColumnNr - 1]; $firstName = $userArray[$firstNameColumnNr - 1]; $lastName = $userArray[$lastNameColumnNr - 1]; if ($login == $uid) { if (trim($pass) == $password) { $createNewUser = true; $existUser = eZUser::fetchByName($login); if ($existUser != null) { $createNewUser = false; } if ($createNewUser) { $userClassID = $ini->variable("UserSettings", "UserClassID"); $userCreatorID = $ini->variable("UserSettings", "UserCreatorID"); $defaultSectionID = $ini->variable("UserSettings", "DefaultSectionID"); $remoteID = "TextFile_" . $login; $db->begin(); // The content object may already exist if this process has failed once before, before the eZUser object was created. // Therefore we try to fetch the eZContentObject before instantiating it. $contentObject = eZContentObject::fetchByRemoteID($remoteID); if (!is_object($contentObject)) { $class = eZContentClass::fetch($userClassID); $contentObject = $class->instantiate($userCreatorID, $defaultSectionID); } $contentObject->setAttribute('remote_id', $remoteID); $contentObject->store(); $contentObjectID = $contentObject->attribute('id'); $userID = $contentObjectID; $nodeAssignment = eZNodeAssignment::create(array('contentobject_id' => $contentObjectID, 'contentobject_version' => 1, 'parent_node' => $defaultUserPlacement, 'is_main' => 1)); $nodeAssignment->store(); $version = $contentObject->version(1); $version->setAttribute('modified', time()); $version->setAttribute('status', eZContentObjectVersion::STATUS_DRAFT); $version->store(); $contentObjectID = $contentObject->attribute('id'); $contentObjectAttributes = $version->contentObjectAttributes(); $contentObjectAttributes[0]->setAttribute('data_text', $firstName); $contentObjectAttributes[0]->store(); $contentObjectAttributes[1]->setAttribute('data_text', $lastName); $contentObjectAttributes[1]->store(); $user = eZUser::create($userID); $user->setAttribute('login', $login); $user->setAttribute('email', $email); $user->setAttribute('password_hash', ""); $user->setAttribute('password_hash_type', 0); $user->store(); eZUser::updateLastVisit($userID); eZUser::setCurrentlyLoggedInUser($user, $userID); // Reset number of failed login attempts eZUser::setFailedLoginAttempts($userID, 0); $operationResult = eZOperationHandler::execute('content', 'publish', array('object_id' => $contentObjectID, 'version' => 1)); $db->commit(); return $user; } else { $db->begin(); // Update user information $userID = $existUser->attribute('contentobject_id'); $contentObject = eZContentObject::fetch($userID); $parentNodeID = $contentObject->attribute('main_parent_node_id'); $currentVersion = $contentObject->attribute('current_version'); $version = $contentObject->attribute('current'); $contentObjectAttributes = $version->contentObjectAttributes(); $contentObjectAttributes[0]->setAttribute('data_text', $firstName); $contentObjectAttributes[0]->store(); $contentObjectAttributes[1]->setAttribute('data_text', $lastName); $contentObjectAttributes[1]->store(); $existUser = eZUser::fetch($userID); $existUser->setAttribute('email', $email); $existUser->setAttribute('password_hash', ""); $existUser->setAttribute('password_hash_type', 0); $existUser->store(); if ($defaultUserPlacement != $parentNodeID) { $newVersion = $contentObject->createNewVersion(); $newVersion->assignToNode($defaultUserPlacement, 1); $newVersion->removeAssignment($parentNodeID); $newVersionNr = $newVersion->attribute('version'); $operationResult = eZOperationHandler::execute('content', 'publish', array('object_id' => $userID, 'version' => $newVersionNr)); } eZUser::updateLastVisit($userID); eZUser::setCurrentlyLoggedInUser($existUser, $userID); // Reset number of failed login attempts eZUser::setFailedLoginAttempts($userID, 0); $db->commit(); return $existUser; } } else { // Increase number of failed login attempts. if (isset($userID)) { eZUser::setFailedLoginAttempts($userID); } return false; } } } fclose($handle); } } // Increase number of failed login attempts. if (isset($userID)) { eZUser::setFailedLoginAttempts($userID); } return false; }
function LogInOpenIDUser($identifier = false, $email = false) { $moduleINI = eZINI::instance('module.ini'); $attributeID = $moduleINI->variable('ModuleSettings', 'OpenIDAttributeID'); $nodeID = $moduleINI->variable('ModuleSettings', 'DefaultUserPlacement'); if ($email) { $userByEmail = eZUser::fetchByEmail($email); if ($userByEmail and $userByEmail->isEnabled()) { $userID = $userByEmail->attribute('contentobject_id'); eZUser::setCurrentlyLoggedInUser($userByEmail, $userID); eZUser::updateLastVisit($userID); eZUser::setFailedLoginAttempts($userID, 0); return $userByEmail; } } else { $params = array('AttributeFilter' => array(array($attributeID, '=', $identifier)), 'ClassFilterType' => 'include', 'ClassFilterArray' => array('user'), 'Limit' => 1, 'Limitation' => array()); $userSubTree = eZContentObjectTreeNode::subTreeByNodeID($params, $nodeID); if (count($userSubTree) == 1) { $userContentObjectID = $userSubTree[0]->attribute('contentobject_id'); $user = eZUser::fetch($userContentObjectID, true); if ($user and $user->isEnabled()) { $userID = $user->attribute('contentobject_id'); eZUser::setCurrentlyLoggedInUser($user, $userID); eZUser::updateLastVisit($userID); eZUser::setFailedLoginAttempts($userID, 0); return $user; } } } return false; }