public function validateCredentials($Email = '', $ID = 0, $Password)
{
$this->EventArguments['Credentials'] = ['Email' => $Email, 'ID' => $ID, 'Password' => $Password];
$this->fireEvent('BeforeValidateCredentials');
if (!$Email && !$ID) {
throw new Exception('The email or id is required');
}
try {
$this->SQL->select('UserID, Name, Attributes, Admin, Password, HashMethod, Deleted, Banned')->from('User');
if ($ID) {
$this->SQL->where('UserID', $ID);
} else {
if (strpos($Email, '@') > 0) {
$this->SQL->where('Email', $Email);
} else {
$this->SQL->where('Name', $Email);
}
}
$DataSet = $this->SQL->get();
} catch (Exception $Ex) {
$this->SQL->reset();
// Try getting the user information without the new fields.
$this->SQL->select('UserID, Name, Attributes, Admin, Password')->from('User');
if ($ID) {
$this->SQL->where('UserID', $ID);
} else {
if (strpos($Email, '@') > 0) {
$this->SQL->where('Email', $Email);
} else {
$this->SQL->where('Name', $Email);
}
}
$DataSet = $this->SQL->get();
}
if ($DataSet->numRows() < 1) {
return false;
}
$UserData = $DataSet->firstRow();
// Check for a deleted user.
if (val('Deleted', $UserData)) {
return false;
}
$PasswordHash = new Gdn_PasswordHash();
$HashMethod = val('HashMethod', $UserData);
if (!$PasswordHash->checkPassword($Password, $UserData->Password, $HashMethod, $UserData->Name)) {
return false;
}
if ($PasswordHash->Weak || $HashMethod && strcasecmp($HashMethod, 'Vanilla') != 0) {
$Pw = $PasswordHash->hashPassword($Password);
$this->SQL->update('User')->set('Password', $Pw)->set('HashMethod', 'Vanilla')->where('UserID', $UserData->UserID)->put();
}
$UserData->Attributes = dbdecode($UserData->Attributes);
return $UserData;
}