Ferreteria/v2/usage/login
Data
This uses essentially the same tables as VbzCart/tables#Users -- documentation to be moved here eventually.
Code
log in with existing user/password
clsPageLogin (see pages): <php>
protected function DoLoginCheck() {
$this->App()->Session()->UserLogin($this->LoginName(),$this->sPass);
}
</php> clsUserSession: <php>
/*---- ACTION: Attempts to log the user in with the given credentials. RETURNS: user object if successful, NULL otherwise. */ public function UserLogin($iUser,$iPass) {
$tUsers = $this->UserTable(); $oUser = $tUsers->Login($iUser,$iPass); $this->SetUserRecord($oUser); // set user for this session
}
</php> clsUserAccts: <php>
/*---- RETURNS: user object if login successful, NULL otherwise */ public function Login($iUser,$iPass) {
$rc = $this->FindUser($iUser); if (is_null($rc)) { // username not found $oUser = NULL; } elseif ($rc->PassMatches($iPass)) { $oUser = $rc; } else { // username found, password wrong $oUser = NULL; } return $oUser;
}
</php> clsUserAcct: <php>
public function PassMatches($iPass) {
// get salt for this user $sSalt = $this->Value('PassSalt');
// hash [stored salt]+[given pass] $sThisHashed = $this->Table()->HashPass($sSalt,$iPass); // get stored hash $sSavedHash = $this->Value('PassHash');
// see if they match $ok = ($sThisHashed == $sSavedHash); return $ok;
}
</php>
detect whether user is logged in
clsPageLogin: <php>
protected function IsLoggedIn() {
return $this->App()->Session()->HasUser();
}
</php> clsUserSession: <php>
public function HasUser() {
return !is_null($this->UserID());
}
</php>
reset password for existing user
clsPageLogin -- RenderUserAccess() calls UserAccess_ResetRequest(); application must call RenderUserAccess() after calling ParseInput_Login(): <php>
protected function RenderUserAccess() {
$oSkin = $this->Skin(); $ht = $this->SectionHeader($this->TitleString()); $oEmAuth = $this->Data()->EmailAuth(); $this->doShowLogin = TRUE; // By default, we'll still show the login form if not logged in $isEmailAuth = FALSE; // Assume this page is not an email authorization link...
$ht = NULL; $ok = FALSE; // set false initially so we do one iteration while (!$ok) { $ok = TRUE; // assume success
// check auth link and display form if it checks out if ($this->IsAuthLink()) {
// this is an AUTH link, so ignore any other stuff
$ar = $this->CheckAuth(); // check token $ht = $this->UserAccess_ProcessAuth($ar);
if ($this->IsCreateRequest()) { $ht .= $this->UserAccess_CreateRequest($ar); } elseif ($this->IsResetRequest()) { // password change request submitted $ht .= $this->UserAccess_ResetRequest(); }
} elseif($this->doEmail) {
// REQUEST AUTH LINK form has been submitted
$ht .= $this->SendPassReset_forAddr( $this->EmailAddress(), $this->LoginName() ); // END do email } elseif($this->isLogin) { if ($this->IsLoggedIn()) { die('LOGGED IN'); } else { die('LOGIN FAILED'); }
// LOGIN FAILED: login was tried, but we're still here (not logged in), so it must have failed:
$ht .= $oSkin->ErrorMessage('Sorry, the given username/password combination was not valid.'); $ht .= $oSkin->HLine(); // END is login } else { // TODO : log as possible illicit hacking attempt }
if ($this->doShowLogin) {
$ht .= "\nIf you already have a user account on this site, you can log in now:
"
.$this->RenderLogin($this->LoginName())
.$oSkin->HLine();
}
if ($this->IsAuthLink()) {
$htMsgPre = 'You can request another authorization email here';
$htMsgPost = NULL;
} else {
$htMsgPre = 'If you have forgotten your password or have not set up an account';
$htMsgPost = '
This will email you a link to set or reset your password.';
}
$ht .= "\n$htMsgPre:
"
.$oSkin->RenderForm_Email_RequestReset($this->EmailAddress())
."\n$htMsgPost";
}
return $ht;
}
/*---- PURPOSE: process User Access forms when a password-reset request has been received */ protected function UserAccess_ResetRequest() {
$ht = NULL; // check token, but don't display messages $this->CheckAuth(); if ($this->Success()) { // auth token checks out // check for duplicate username $tblUsers = $this->App()->Users(); $sUser = $this->LoginName(); $ht .= $this->ChangePassword($this->EmailAddress(),$this->sPass,$this->sPassX); if (!$this->Success()) { // if that didn't work... $ok = FALSE; $this->IsAuthLink(TRUE); // display form again }
} // END authorized return $ht;
}
</php>