public function __construct() { $args = func_get_args(); if (isset($args[1])) { // first, we check to see if the username and password match the admin username and password // $username = uName normally, but if not it's email address $username = $args[0]; $password = $args[1]; if (!$args[2]) { Session::remove('uGroups'); Session::remove('accessEntities'); } $v = array($username); if (Config::get('concrete.user.registration.email_registration')) { $q = "select uID, uName, uIsActive, uIsValidated, uTimezone, uDefaultLanguage, uPassword, uLastPasswordChange from Users where uEmail = ?"; } else { $q = "select uID, uName, uIsActive, uIsValidated, uTimezone, uDefaultLanguage, uPassword, uLastPasswordChange from Users where uName = ?"; } $db = Loader::db(); $r = $db->query($q, $v); if ($r) { $row = $r->fetchRow(); $pw_is_valid_legacy = defined('PASSWORD_SALT') && User::legacyEncryptPassword($password) == $row['uPassword']; $pw_is_valid = $pw_is_valid_legacy || $this->getUserPasswordHasher()->checkPassword($password, $row['uPassword']); if ($row['uID'] && $row['uIsValidated'] === '0' && \Config::get('concrete.user.registration.validate_email')) { $this->loadError(USER_NON_VALIDATED); } elseif ($row['uID'] && $row['uIsActive'] && $pw_is_valid) { $this->uID = $row['uID']; $this->uName = $row['uName']; $this->uIsActive = $row['uIsActive']; $this->uTimezone = $row['uTimezone']; $this->uDefaultLanguage = $row['uDefaultLanguage']; $this->uLastPasswordChange = $row['uLastPasswordChange']; $this->uGroups = $this->_getUserGroups($args[2]); if ($row['uID'] == USER_SUPER_ID) { $this->superUser = true; } else { $this->superUser = false; } $this->recordLogin(); if (!$args[2]) { $session = Core::make('session'); $session->set('uID', $row['uID']); $session->set('uName', $row['uName']); $session->set('superUser', $this->superUser); $session->set('uBlockTypesSet', false); $session->set('uGroups', $this->uGroups); $session->set('uTimezone', $this->uTimezone); $session->set('uDefaultLanguage', $row['uDefaultLanguage']); $session->set('uLastPasswordChange', $row['uLastPasswordChange']); Loader::helper('concrete/ui')->cacheInterfaceItems(); } } elseif ($row['uID'] && !$row['uIsActive']) { $this->loadError(USER_INACTIVE); } else { $this->loadError(USER_INVALID); } $r->free(); if ($pw_is_valid_legacy) { // this password was generated on a previous version of Concrete5. // We re-hash it to make it more secure. $v = array($this->getUserPasswordHasher()->HashPassword($password), $this->uID); $db->execute($db->prepare("update Users set uPassword = ? where uID = ?"), $v); } } else { $this->getUserPasswordHasher()->hashpassword($password); // hashpassword and checkpassword are slow functions. // We run one here just take time. // Without it an attacker would be able to tell that the // username doesn't exist using a timing attack. $this->loadError(USER_INVALID); } } else { $req = Request::getInstance(); if ($req->hasCustomRequestUser()) { $this->uID = null; $this->uName = null; $this->superUser = false; $this->uDefaultLanguage = null; $this->uTimezone = null; $ux = $req->getCustomRequestUser(); if ($ux && is_object($ux)) { $this->uID = $ux->getUserID(); $this->uName = $ux->getUserName(); $this->superUser = $ux->getUserID() == USER_SUPER_ID; if ($ux->getUserDefaultLanguage()) { $this->uDefaultLanguage = $ux->getUserDefaultLanguage(); } $this->uTimezone = $ux->getUserTimezone(); } } elseif (Session::has('uID')) { $this->uID = Session::get('uID'); $this->uName = Session::get('uName'); $this->uTimezone = Session::get('uTimezone'); if (Session::has('uDefaultLanguage')) { $this->uDefaultLanguage = Session::get('uDefaultLanguage'); } $this->superUser = Session::get('uID') == USER_SUPER_ID ? true : false; } else { $this->uID = null; $this->uName = null; $this->superUser = false; $this->uDefaultLanguage = null; $this->uTimezone = null; } $this->uGroups = $this->_getUserGroups(); if (!isset($args[2]) && !$req->hasCustomRequestUser()) { Session::set('uGroups', $this->uGroups); } } return $this; }
public function legacyEncryptPassword($uPassword) { return parent::legacyEncryptPassword($uPassword); }