/** * Prüft ob Kombination Benutzer und Passwort existiert * @param string $username * @param string $password * @return bool Ja, wenn Benutzer + Passwort vorhanden ist */ public function checkUser($username, $password) { $userList = new \fpcm\model\users\userList(); $userid = $userList->getUserIdByUsername($username); if (!$userid) { trigger_error('Login failed for username ' . $username . '! User not found. Request was made by ' . \fpcm\classes\http::getIp()); return false; } $user = new \fpcm\model\users\author($userid); if ($user->getDisabled()) { trigger_error('Login failed for username ' . $username . '! User is disabled. Request was made by ' . \fpcm\classes\http::getIp()); return \fpcm\model\users\author::AUTHOR_ERROR_DISABLED; } if (\fpcm\classes\security::createPasswordHash($password, $user->getPasswd()) == $user->getPasswd()) { $timer = time(); $this->login = $timer; $this->lastaction = $timer; $this->logout = 0; $this->userid = $userid; $this->sessionid = \fpcm\classes\security::createSessionId(); $this->ip = \fpcm\classes\http::getIp(); $this->sessionExists = true; return true; } trigger_error('Login failed for username ' . $username . '! Wrong username or password. Request was made by ' . \fpcm\classes\http::getIp()); return false; }
public function request() { if (is_null($this->getRequestVar('userid'))) { $this->redirect('users/list'); } $this->userId = $this->getRequestVar('userid', array(9)); $author = new \fpcm\model\users\author($this->userId); if (!$author->exists()) { $this->view->setNotFound('LOAD_FAILED_USER', 'users/list'); return true; } $checkPageToken = $this->checkPageToken(); if (($this->buttonClicked('userSave') || $this->buttonClicked('resetProfileSettings')) && !$checkPageToken) { $this->view->addErrorMessage('CSRF_INVALID'); } if ($this->buttonClicked('resetProfileSettings') && $checkPageToken) { $author->setUserMeta(array()); $author->disablePasswordSecCheck(); if ($author->update() === false) { $this->view->addErrorMessage('SAVE_FAILED_USER_PROFILE'); } else { $this->view->addNoticeMessage('SAVE_SUCCESS_RESETPROFILE'); $this->view->assign('reloadSite', true); } } if ($this->buttonClicked('userSave') && $checkPageToken) { $author->setUserName($this->getRequestVar('username')); $author->setEmail($this->getRequestVar('email')); $author->setDisplayName($this->getRequestVar('displayname')); $author->setRoll($this->getRequestVar('roll', array(9))); $author->setUserMeta($this->getRequestVar('usermeta')); if ($this->getRequestVar('disabled') !== null) { $author->setDisabled($this->getRequestVar('disabled', array(9))); } $newpass = $this->getRequestVar('password'); $newpass_confirm = $this->getRequestVar('password_confirm'); $save = true; if ($newpass && $newpass_confirm) { if (md5($newpass) == md5($newpass_confirm)) { $author->setPassword($newpass); } else { $save = false; $this->view->addErrorMessage('SAVE_FAILED_PASSWORD_MATCH'); } } else { $author->disablePasswordSecCheck(); } if ($save) { $res = $author->update(); if ($res === false) { $this->view->addErrorMessage('SAVE_FAILED_USER'); } elseif ($res === true) { $this->redirect('users/list', array('edited' => 1)); } elseif ($res === \fpcm\model\users\author::AUTHOR_ERROR_PASSWORDINSECURE) { $this->view->addErrorMessage('SAVE_FAILED_PASSWORD_SECURITY'); } elseif ($res === \fpcm\model\users\author::AUTHOR_ERROR_EXISTS) { $this->view->addErrorMessage('SAVE_FAILED_USER_EXISTS'); } elseif ($res === \fpcm\model\users\author::AUTHOR_ERROR_NOEMAIL) { $this->view->addErrorMessage('SAVE_FAILED_USER_EMAIL'); } } } $this->userEnabled = $author->getDisabled(); $this->view->assign('author', $author); return true; }