public function setUp()
{
parent::setUp();
$adduser = rex_sql::factory();
$adduser->setTable(rex::getTablePrefix() . 'user');
$adduser->setValue('name', 'test user');
$adduser->setValue('login', $this->login);
$adduser->setValue('password', rex_login::passwordHash($this->password));
$adduser->setValue('status', '1');
$adduser->setValue('login_tries', '0');
$adduser->setValue('cookiekey', $this->cookiekey);
$adduser->insert();
}
public function setUp()
{
if (rex::getUser()) {
$this->skipped = true;
$this->markTestSkipped('The rex_backend_login class can not be tested when test suite is running in redaxo backend.');
}
$adduser = rex_sql::factory();
$adduser->setTable(rex::getTablePrefix() . 'user');
$adduser->setValue('name', 'test user');
$adduser->setValue('login', $this->login);
$adduser->setValue('password', rex_login::passwordHash($this->password));
$adduser->setValue('status', '1');
$adduser->setValue('login_tries', '0');
$adduser->setValue('cookiekey', $this->cookiekey);
$adduser->insert();
}
function rex_version_initArticle($params)
{
global $REX;
$version = rex_request('rex_version', 'int');
if ($version == '') {
return;
}
rex_login::startSession();
$REX['LOGIN'] = new rex_backend_login($REX['TABLE_PREFIX'] . 'user');
if ($REX['PSWFUNC'] != '') {
$REX['LOGIN']->setPasswordFunction($REX['PSWFUNC']);
}
if ($REX['LOGIN']->checkLogin() !== true) {
return;
}
$REX['USER'] =& $REX['LOGIN']->USER;
$params['article']->setSliceRevision($version);
if (is_a($params['article'], 'rex_article')) {
$params['article']->getContentAsQuery();
}
$params['article']->setEval(true);
}
if ($noadmin != 1) {
if ($redaxo_user_login == '') {
$errors[] = rex_view::error(rex_i18n::msg('setup_601'));
}
if ($redaxo_user_pass == '') {
$errors[] = rex_view::error(rex_i18n::msg('setup_602'));
}
if (count($errors) == 0) {
$ga = rex_sql::factory();
$ga->setQuery('select * from ' . rex::getTablePrefix() . 'user where login = ? ', [$redaxo_user_login]);
if ($ga->getRows() > 0) {
$errors[] = rex_view::error(rex_i18n::msg('setup_603'));
} else {
// the server side encryption of pw is only required
// when not already encrypted by client using javascript
$redaxo_user_pass = rex_login::passwordHash($redaxo_user_pass, rex_post('javascript', 'boolean'));
$user = rex_sql::factory();
// $user->setDebug();
$user->setTable(rex::getTablePrefix() . 'user');
$user->setValue('name', 'Administrator');
$user->setValue('login', $redaxo_user_login);
$user->setValue('password', $redaxo_user_pass);
$user->setValue('admin', 1);
$user->addGlobalCreateFields('setup');
$user->setValue('status', '1');
try {
$user->insert();
} catch (rex_sql_exception $e) {
$errors[] = rex_view::error(rex_i18n::msg('setup_604'));
}
}
$updateuser->setValue('description', $userdesc);
$updateuser->setValue('language', $userperm_be_sprache);
$updateuser->addGlobalUpdateFields();
try {
$updateuser->update();
$success = rex_i18n::msg('user_data_updated');
} catch (rex_sql_exception $e) {
$error = $e->getMessage();
}
}
if (rex_post('upd_psw_button', 'bool')) {
// the server side encryption of pw is only required
// when not already encrypted by client using javascript
$isPreHashed = rex_post('javascript', 'boolean');
if ($userpsw != '' && $userpsw_new_1 != '' && $userpsw_new_1 == $userpsw_new_2 && rex_login::passwordVerify($userpsw, $user->getValue('password'), $isPreHashed)) {
$userpsw_new_1 = rex_login::passwordHash($userpsw_new_1, $isPreHashed);
$updateuser = rex_sql::factory();
$updateuser->setTable(rex::getTablePrefix() . 'user');
$updateuser->setWhere(['id' => $user_id]);
$updateuser->setValue('password', $userpsw_new_1);
$updateuser->addGlobalUpdateFields();
try {
$updateuser->update();
$success = rex_i18n::msg('user_psw_updated');
} catch (rex_sql_exception $e) {
$error = $e->getMessage();
}
} else {
$error = rex_i18n::msg('user_psw_error');
}
}
$page = "setup";
} else {
// ----------------- CREATE LANG OBJ
$I18N = rex_create_lang($REX['LANG']);
setlocale(LC_ALL, trim($I18N->msg("setlocale")));
header('Content-Type: text/html; charset=' . $I18N->msg("htmlcharset"));
header("Cache-Control: no-cache");
header("Pragma: no-cache");
// ----------------- CREATE LANG OBJ
if (!isset($REX_ULOGIN)) {
$REX_ULOGIN = '';
}
if (!isset($REX_UPSW)) {
$REX_UPSW = '';
}
$REX_LOGIN = new rex_login();
$REX_LOGIN->setSqlDb(1);
$REX_LOGIN->setSysID($REX['INSTNAME']);
$REX_LOGIN->setSessiontime(3000);
$REX_LOGIN->setLanguage($I18N->msg("htmllang"));
if ($REX['PSWFUNC'] != "") {
$REX_LOGIN->setPasswordFunction($REX['PSWFUNC']);
}
$REX_LOGIN->setLogin($REX_ULOGIN, $REX_UPSW);
if (isset($FORM['logout']) and $FORM['logout'] == 1) {
$REX_LOGIN->setLogout(true);
}
$REX_LOGIN->setUserID($REX['TABLE_PREFIX'] . "user.user_id");
$REX_LOGIN->setUserquery("SELECT * FROM " . $REX['TABLE_PREFIX'] . "user WHERE user_id = 'USR_UID'");
$REX_LOGIN->setLoginquery("SELECT * FROM " . $REX['TABLE_PREFIX'] . "user WHERE login = '******' and psw = 'USR_PSW' and lasttrydate <'" . (time() - $REX['RELOGINDELAY']) . "'");
if (!$REX_LOGIN->checkLogin()) {
/**
* Version.
*
* @author jan@kristinus.de
*
* @package redaxo5
*/
$mypage = 'version';
rex_perm::register('version[live_version]', null, rex_perm::OPTIONS);
// ***** an EPs andocken
rex_extension::register('ART_INIT', function (rex_extension_point $ep) {
$version = rex_request('rex_version', 'int');
if ($version != 1) {
return;
}
rex_login::startSession();
if (!rex_backend_login::hasSession()) {
throw new rex_exception('no permission for the working version');
}
$article = $ep->getParam('article');
$article->setSliceRevision($version);
if ($article instanceof rex_article_content) {
$article->getContentAsQuery();
}
$article->setEval(true);
});
rex_extension::register('PAGE_CONTENT_HEADER', function (rex_extension_point $ep) {
$params = $ep->getParams();
$return = '';
$rex_version_article = rex::getProperty('login')->getSessionVar('rex_version_article');
if (!is_array($rex_version_article)) {
public function checkLogin()
{
$sql = rex_sql::factory();
$userId = $this->getSessionVar('UID');
$cookiename = 'rex_user_' . sha1(rex::getProperty('instname'));
if ($cookiekey = rex_cookie($cookiename, 'string')) {
if (!$userId) {
$sql->setQuery('SELECT id FROM ' . rex::getTable('user') . ' WHERE cookiekey = ? LIMIT 1', [$cookiekey]);
if ($sql->getRows() == 1) {
$this->setSessionVar('UID', $sql->getValue('id'));
setcookie($cookiename, $cookiekey, time() + 60 * 60 * 24 * 365);
} else {
setcookie($cookiename, '', time() - 3600);
}
}
$this->setSessionVar('STAMP', time());
}
$check = parent::checkLogin();
if ($check) {
// gelungenen versuch speichern | login_tries = 0
if ($this->userLogin != '' || !$userId) {
$this->regenerateSessionId();
$params = [];
$add = '';
if ($this->stayLoggedIn || $cookiekey) {
$cookiekey = sha1($this->systemId . time() . $this->userLogin);
$add = 'cookiekey = ?, ';
$params[] = $cookiekey;
setcookie($cookiename, $cookiekey, time() + 60 * 60 * 24 * 365);
}
if (self::passwordNeedsRehash($this->user->getValue('password'))) {
$add .= 'password = ?, ';
$params[] = self::passwordHash($this->userPassword, true);
}
array_push($params, rex_sql::datetime(), session_id(), $this->userLogin);
$sql->setQuery('UPDATE ' . $this->tableName . ' SET ' . $add . 'login_tries=0, lasttrydate=?, session_id=? WHERE login=? LIMIT 1', $params);
}
$this->user = new rex_user($this->user);
} else {
// fehlversuch speichern | login_tries++
if ($this->userLogin != '') {
$sql->setQuery('SELECT login_tries FROM ' . $this->tableName . ' WHERE login=? LIMIT 1', [$this->userLogin]);
if ($sql->getRows() > 0) {
$login_tries = $sql->getValue('login_tries');
$sql->setQuery('UPDATE ' . $this->tableName . ' SET login_tries=login_tries+1,session_id="",cookiekey="",lasttrydate=? WHERE login=? LIMIT 1', [rex_sql::datetime(), $this->userLogin]);
if ($login_tries >= self::LOGIN_TRIES_1 - 1) {
$time = $login_tries < self::LOGIN_TRIES_2 ? self::RELOGIN_DELAY_1 : self::RELOGIN_DELAY_2;
$hours = floor($time / 3600);
$mins = floor(($time - $hours * 3600) / 60);
$secs = $time % 60;
$formatted = ($hours ? $hours . 'h ' : '') . ($hours || $mins ? $mins . 'min ' : '') . $secs . 's';
$this->message .= ' ' . rex_i18n::msg('login_wait', '<strong data-time="' . $time . '">' . $formatted . '</strong>');
}
}
}
}
if ($this->isLoggedOut() && $userId != '') {
$sql->setQuery('UPDATE ' . $this->tableName . ' SET session_id="", cookiekey="" WHERE id=? LIMIT 1', [$userId]);
setcookie($cookiename, '', time() - 3600);
}
return $check;
}
// man kann sich selbst nicht loeschen..
if (rex::getUser()->getId() != $user_id) {
$deleteuser = rex_sql::factory();
$deleteuser->setQuery('DELETE FROM ' . rex::getTablePrefix() . "user WHERE id = '{$user_id}' LIMIT 1");
$info = rex_i18n::msg('user_deleted');
$user_id = 0;
} else {
$warnings[] = rex_i18n::msg('user_notdeleteself');
}
} elseif ($FUNC_ADD != '' and $save == 1) {
$adduser = rex_sql::factory();
$adduser->setQuery('SELECT * FROM ' . rex::getTablePrefix() . "user WHERE login = '******'");
if ($adduser->getRows() == 0 && $userlogin != '' && $userpsw != '') {
// the server side encryption of pw is only required
// when not already encrypted by client using javascript
$userpsw = rex_login::passwordHash($userpsw, rex_post('javascript', 'boolean'));
$adduser = rex_sql::factory();
$adduser->setTable(rex::getTablePrefix() . 'user');
$adduser->setValue('name', $username);
$adduser->setValue('password', $userpsw);
$adduser->setValue('login', $userlogin);
$adduser->setValue('description', $userdesc);
$adduser->setValue('admin', rex::getUser()->isAdmin() && $useradmin == 1 ? 1 : 0);
$adduser->setValue('language', $userperm_be_sprache);
$adduser->setValue('startpage', $userperm_startpage);
$adduser->setValue('role', $userrole);
$adduser->addGlobalCreateFields();
if (isset($userstatus) and $userstatus == 1) {
$adduser->setValue('status', 1);
} else {
$adduser->setValue('status', 0);
function checkLogin()
{
global $REX;
$fvs = new rex_sql();
// $fvs->debugsql = true;
$userId = $this->getSessionVar('UID');
$check = parent::checkLogin();
if ($check) {
// gelungenen versuch speichern | login_tries = 0
if ($this->usr_login != '') {
$this->sessionFixation();
$fvs->setQuery('UPDATE ' . $this->tableName . ' SET login_tries=0, lasttrydate=' . time() . ', session_id="' . session_id() . '" WHERE login="******" LIMIT 1');
}
} else {
// fehlversuch speichern | login_tries++
if ($this->usr_login != '') {
$fvs->setQuery('UPDATE ' . $this->tableName . ' SET login_tries=login_tries+1,session_id="",lasttrydate=' . time() . ' WHERE login="******" LIMIT 1');
}
}
if ($this->isLoggedOut() && $userId != '') {
$fvs->setQuery('UPDATE ' . $this->tableName . ' SET session_id="" WHERE user_id="' . $userId . '" LIMIT 1');
}
if ($fvs->hasError()) {
return $fvs->getError();
}
return $check;
}
