Ferreteria/v2/usage/login

from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
< Ferreteria‎ | v2‎ | usage
Jump to: navigation, search

Data

This uses essentially the same tables as VbzCart/tables#Users -- documentation to be moved here eventually.

Code

log in with existing user/password

clsPageLogin (see pages): <php>

   protected function DoLoginCheck() {

$this->App()->Session()->UserLogin($this->LoginName(),$this->sPass);

   }

</php> clsUserSession: <php>

   /*----
     ACTION: Attempts to log the user in with the given credentials.
     RETURNS: user object if successful, NULL otherwise.
   */
   public function UserLogin($iUser,$iPass) {

$tUsers = $this->UserTable(); $oUser = $tUsers->Login($iUser,$iPass); $this->SetUserRecord($oUser); // set user for this session

   }

</php> clsUserAccts: <php>

   /*----
     RETURNS: user object if login successful, NULL otherwise
   */
   public function Login($iUser,$iPass) {

$rc = $this->FindUser($iUser); if (is_null($rc)) { // username not found $oUser = NULL; } elseif ($rc->PassMatches($iPass)) { $oUser = $rc; } else { // username found, password wrong $oUser = NULL; } return $oUser;

   }

</php> clsUserAcct: <php>

   public function PassMatches($iPass) {

// get salt for this user $sSalt = $this->Value('PassSalt');

// hash [stored salt]+[given pass] $sThisHashed = $this->Table()->HashPass($sSalt,$iPass); // get stored hash $sSavedHash = $this->Value('PassHash');

// see if they match $ok = ($sThisHashed == $sSavedHash); return $ok;

   }

</php>

detect whether user is logged in

clsPageLogin: <php>

   protected function IsLoggedIn() {

return $this->App()->Session()->HasUser();

   }

</php> clsUserSession: <php>

   public function HasUser() {

return !is_null($this->UserID());

   }

</php>

reset password for existing user

clsPageLogin -- RenderUserAccess() calls UserAccess_ResetRequest(); application must call RenderUserAccess() after calling ParseInput_Login(): <php>

   protected function RenderUserAccess() {

$oSkin = $this->Skin(); $ht = $this->SectionHeader($this->TitleString()); $oEmAuth = $this->Data()->EmailAuth(); $this->doShowLogin = TRUE; // By default, we'll still show the login form if not logged in $isEmailAuth = FALSE; // Assume this page is not an email authorization link...

$ht = NULL; $ok = FALSE; // set false initially so we do one iteration while (!$ok) { $ok = TRUE; // assume success

// check auth link and display form if it checks out if ($this->IsAuthLink()) {

// this is an AUTH link, so ignore any other stuff

$ar = $this->CheckAuth(); // check token $ht = $this->UserAccess_ProcessAuth($ar);

if ($this->IsCreateRequest()) { $ht .= $this->UserAccess_CreateRequest($ar); } elseif ($this->IsResetRequest()) { // password change request submitted $ht .= $this->UserAccess_ResetRequest(); }

} elseif($this->doEmail) {

// REQUEST AUTH LINK form has been submitted

$ht .= $this->SendPassReset_forAddr( $this->EmailAddress(), $this->LoginName() ); // END do email } elseif($this->isLogin) { if ($this->IsLoggedIn()) { die('LOGGED IN'); } else { die('LOGIN FAILED'); }

// LOGIN FAILED: login was tried, but we're still here (not logged in), so it must have failed:

$ht .= $oSkin->ErrorMessage('Sorry, the given username/password combination was not valid.'); $ht .= $oSkin->HLine(); // END is login } else { // TODO : log as possible illicit hacking attempt }

if ($this->doShowLogin) { $ht .= "\nIf you already have a user account on this site, you can log in now:
" .$this->RenderLogin($this->LoginName()) .$oSkin->HLine(); } if ($this->IsAuthLink()) { $htMsgPre = 'You can request another authorization email here'; $htMsgPost = NULL; } else { $htMsgPre = 'If you have forgotten your password or have not set up an account'; $htMsgPost = '
This will email you a link to set or reset your password.'; }

$ht .= "\n$htMsgPre:
" .$oSkin->RenderForm_Email_RequestReset($this->EmailAddress()) ."\n$htMsgPost"; } return $ht;

   }
   /*----
     PURPOSE: process User Access forms when a password-reset request has been received
   */
   protected function UserAccess_ResetRequest() {

$ht = NULL; // check token, but don't display messages $this->CheckAuth(); if ($this->Success()) { // auth token checks out // check for duplicate username $tblUsers = $this->App()->Users(); $sUser = $this->LoginName(); $ht .= $this->ChangePassword($this->EmailAddress(),$this->sPass,$this->sPassX); if (!$this->Success()) { // if that didn't work... $ok = FALSE; $this->IsAuthLink(TRUE); // display form again }

} // END authorized return $ht;

   }

</php>