PageRenderTime 49ms CodeModel.GetById 21ms RepoModel.GetById 0ms app.codeStats 1ms

/webroot/updates/concrete5.6.0.2/concrete/core/controllers/single_pages/login.php

https://bitbucket.org/microwebedu/registratie_carem
PHP | 490 lines | 384 code | 68 blank | 38 comment | 86 complexity | 77cf281d77d74cbaf3cab5fa99f330fe MD5 | raw file
Possible License(s): MIT, LGPL-2.1, BSD-3-Clause
  1. <?php
  2. defined('C5_EXECUTE') or die("Access Denied.");
  3. Loader::library('authentication/open_id');
  4. class Concrete5_Controller_Login extends Controller {
  5. public $helpers = array('form');
  6. private $openIDReturnTo;
  7. protected $locales = array();
  8. public function on_start() {
  9. $this->error = Loader::helper('validation/error');
  10. if (USER_REGISTRATION_WITH_EMAIL_ADDRESS == true) {
  11. $this->set('uNameLabel', t('Email Address'));
  12. } else {
  13. $this->set('uNameLabel', t('Username'));
  14. }
  15. $txt = Loader::helper('text');
  16. if (strlen($_GET['uName'])) { // pre-populate the username if supplied, if its an email address with special characters the email needs to be urlencoded first,
  17. $this->set("uName",trim($txt->email($_GET['uName'])));
  18. }
  19. $languages = array();
  20. $locales = array();
  21. if (Config::get('LANGUAGE_CHOOSE_ON_LOGIN')) {
  22. Loader::library('3rdparty/Zend/Locale');
  23. Loader::library('3rdparty/Zend/Locale/Data');
  24. $languages = Localization::getAvailableInterfaceLanguages();
  25. if (count($languages) > 0) {
  26. array_unshift($languages, 'en_US');
  27. }
  28. $locales = array('' => t('** Default'));
  29. Zend_Locale_Data::setCache(Cache::getLibrary());
  30. foreach($languages as $lang) {
  31. $loc = new Zend_Locale($lang);
  32. $locales[$lang] = Zend_Locale::getTranslation($loc->getLanguage(), 'language', ACTIVE_LOCALE);
  33. }
  34. }
  35. $this->locales = $locales;
  36. $this->set('locales', $locales);
  37. $this->openIDReturnTo = BASE_URL . View::url("/login", "complete_openid");
  38. }
  39. /* automagically run by the controller once we're done with the current method */
  40. /* method is passed to this method, the method that we were just finished running */
  41. public function on_before_render() {
  42. if ($this->error->has()) {
  43. $this->set('error', $this->error);
  44. }
  45. }
  46. public function complete_openid_email() {
  47. $email = $this->post('uEmail');
  48. $vals = Loader::helper('validation/strings');
  49. $valc = Loader::helper('concrete/validation');
  50. if (!$vals->email($email)) {
  51. $this->error->add(t('Invalid email address provided.'));
  52. } else if (!$valc->isUniqueEmail($email)) {
  53. $this->error->add(t("The email address %s is already in use. Please choose another.", $_POST['uEmail']));
  54. }
  55. if (!$this->error->has()) {
  56. // complete the openid record with the provided email
  57. if (isset($_SESSION['uOpenIDRequested'])) {
  58. $oa = new OpenIDAuth();
  59. $ui = $oa->registerUser($_SESSION['uOpenIDRequested'], $email);
  60. User::loginByUserID($ui->getUserID());
  61. $oa->reinstatePreviousRequest();
  62. $this->finishLogin();
  63. }
  64. }
  65. }
  66. public function view() {
  67. $this->clearOpenIDSession();
  68. }
  69. private function clearOpenIDSession() {
  70. unset($_SESSION['uOpenIDError']);
  71. unset($_SESSION['uOpenIDRequested']);
  72. unset($_SESSION['uOpenIDExistingUser']);
  73. }
  74. public function complete_openid() {
  75. $v = Loader::helper('validation/numbers');
  76. $oa = new OpenIDAuth();
  77. $oa->setReturnURL($this->openIDReturnTo);
  78. $oa->complete();
  79. $response = $oa->getResponse();
  80. if ($response->code == OpenIDAuth::E_CANCEL) {
  81. $this->error->add(t('OpenID Verification Cancelled'));
  82. $this->clearOpenIDSession();
  83. } else if ($response->code == OpenIDAuth::E_FAILURE) {
  84. $this->error->add(t('OpenID Authentication Failed: %s', $response->message));
  85. $this->clearOpenIDSession();
  86. } else {
  87. switch($response->code) {
  88. case OpenIDAuth::S_USER_CREATED:
  89. case OpenIDAuth::S_USER_AUTHENTICATED:
  90. if ($v->integer($response->message)) {
  91. User::loginByUserID($response->message);
  92. $this->set('uOpenID', $response->openid);
  93. $oa->reinstatePreviousRequest();
  94. $this->finishLogin();
  95. }
  96. break;
  97. case OpenIDAuth::E_REGISTRATION_EMAIL_INCOMPLETE:
  98. // we don't have an email address, but the account is valid
  99. // valid display identifier comes back in message
  100. $_SESSION['uOpenIDRequested'] = $response->message;
  101. $_SESSION['uOpenIDError'] = OpenIDAuth::E_REGISTRATION_EMAIL_INCOMPLETE;
  102. break;
  103. case OpenIDAuth::E_REGISTRATION_EMAIL_EXISTS:
  104. // an email address came back with us from the openid server
  105. // but that email already exists
  106. $_SESSION['uOpenIDRequested'] = $response->openid;
  107. $_SESSION['uOpenIDExistingUser'] = $response->user;
  108. $_SESSION['uOpenIDError'] = OpenIDAuth::E_REGISTRATION_EMAIL_EXISTS;
  109. break;
  110. }
  111. }
  112. $this->set('oa', $oa);
  113. }
  114. public function account_deactivated() {
  115. $this->error->add(t('This user is inactive. Please contact us regarding this account.'));
  116. }
  117. public function do_login() {
  118. $ip = Loader::helper('validation/ip');
  119. $vs = Loader::helper('validation/strings');
  120. $loginData['success']=0;
  121. try {
  122. if (!$ip->check()) {
  123. throw new Exception($ip->getErrorMessage());
  124. }
  125. if (OpenIDAuth::isEnabled() && $vs->notempty($this->post('uOpenID'))) {
  126. $oa = new OpenIDAuth();
  127. $oa->setReturnURL($this->openIDReturnTo);
  128. $return = $oa->request($this->post('uOpenID'));
  129. $resp = $oa->getResponse();
  130. if ($resp->code == OpenIDAuth::E_INVALID_OPENID) {
  131. throw new Exception(t('Invalid OpenID.'));
  132. }
  133. }
  134. if ((!$vs->notempty($this->post('uName'))) || (!$vs->notempty($this->post('uPassword')))) {
  135. if (USER_REGISTRATION_WITH_EMAIL_ADDRESS) {
  136. throw new Exception(t('An email address and password are required.'));
  137. } else {
  138. throw new Exception(t('A username and password are required.'));
  139. }
  140. }
  141. $u = new User($this->post('uName'), $this->post('uPassword'));
  142. if ($u->isError()) {
  143. switch($u->getError()) {
  144. case USER_NON_VALIDATED:
  145. throw new Exception(t('This account has not yet been validated. Please check the email associated with this account and follow the link it contains.'));
  146. break;
  147. case USER_INVALID:
  148. if (USER_REGISTRATION_WITH_EMAIL_ADDRESS) {
  149. throw new Exception(t('Invalid email address or password.'));
  150. } else {
  151. throw new Exception(t('Invalid username or password.'));
  152. }
  153. break;
  154. case USER_INACTIVE:
  155. throw new Exception(t('This user is inactive. Please contact us regarding this account.'));
  156. break;
  157. }
  158. } else {
  159. if (OpenIDAuth::isEnabled() && $_SESSION['uOpenIDExistingUser'] > 0) {
  160. $oa = new OpenIDAuth();
  161. if ($_SESSION['uOpenIDExistingUser'] == $u->getUserID()) {
  162. // the account we logged in with is the same as the existing user from the open id. that means
  163. // we link the account to open id and keep the user logged in.
  164. $oa->linkUser($_SESSION['uOpenIDRequested'], $u);
  165. } else {
  166. // The user HAS logged in. But the account they logged into is NOT the same as the one
  167. // that links to their OpenID. So we log them out and tell them so.
  168. $u->logout();
  169. throw new Exception(t('This account does not match the email address provided.'));
  170. }
  171. }
  172. $loginData['success']=1;
  173. $loginData['msg']=t('Login Successful');
  174. $loginData['uID'] = intval($u->getUserID());
  175. }
  176. $loginData = $this->finishLogin($loginData);
  177. } catch(Exception $e) {
  178. $ip->logSignupRequest();
  179. if ($ip->signupRequestThreshholdReached()) {
  180. $ip->createIPBan();
  181. }
  182. $this->error->add($e);
  183. $loginData['error']=$e->getMessage();
  184. }
  185. if( $_REQUEST['format']=='JSON' ){
  186. $jsonHelper=Loader::helper('json');
  187. echo $jsonHelper->encode($loginData);
  188. die;
  189. }
  190. }
  191. protected function finishLogin( $loginData=array() ) {
  192. $u = new User();
  193. if ($this->post('uMaintainLogin')) {
  194. $u->setUserForeverCookie();
  195. }
  196. if (count($this->locales) > 0) {
  197. if (Config::get('LANGUAGE_CHOOSE_ON_LOGIN') && $this->post('USER_LOCALE') != '') {
  198. $u->setUserDefaultLanguage($this->post('USER_LOCALE'));
  199. }
  200. }
  201. // Verify that the user has filled out all
  202. // required items that are required on register
  203. // That means users logging in after new user attributes
  204. // have been created and required will be prompted here to
  205. // finish their profile
  206. $this->set('invalidRegistrationFields', false);
  207. Loader::model('attribute/categories/user');
  208. $ui = UserInfo::getByID($u->getUserID());
  209. $aks = UserAttributeKey::getRegistrationList();
  210. $unfilledAttributes = array();
  211. foreach($aks as $uak) {
  212. if ($uak->isAttributeKeyRequiredOnRegister()) {
  213. $av = $ui->getAttributeValueObject($uak);
  214. if (!is_object($av)) {
  215. $unfilledAttributes[] = $uak;
  216. }
  217. }
  218. }
  219. if ($this->post('completePartialProfile')) {
  220. foreach($unfilledAttributes as $uak) {
  221. $e1 = $uak->validateAttributeForm();
  222. if ($e1 == false) {
  223. $this->error->add(t('The field "%s" is required', $uak->getAttributeKeyName()));
  224. } else if ($e1 instanceof ValidationErrorHelper) {
  225. $this->error->add($e1);
  226. }
  227. }
  228. if (!$this->error->has()) {
  229. // the user has needed to complete a partial profile, and they have done so,
  230. // and they have no errors. So we save our profile data against the account.
  231. foreach($unfilledAttributes as $uak) {
  232. $uak->saveAttributeForm($ui);
  233. $unfilledAttributes = array();
  234. }
  235. }
  236. }
  237. if (count($unfilledAttributes) > 0) {
  238. $u->logout();
  239. $this->set('invalidRegistrationFields', true);
  240. $this->set('unfilledAttributes', $unfilledAttributes);
  241. }
  242. $txt = Loader::helper('text');
  243. $rcID = $this->post('rcID');
  244. $nh = Loader::helper('validation/numbers');
  245. //set redirect url
  246. if ($nh->integer($rcID)) {
  247. $nh = Loader::helper('navigation');
  248. $rc = Page::getByID($rcID);
  249. $url = $nh->getLinkToCollection($rc, true);
  250. $loginData['redirectURL'] = $url;
  251. }elseif( strlen($rcID) ){
  252. $rcID = trim($rcID, '/');
  253. $nc2 = Page::getByPath('/' . $rcID);
  254. if (is_object($nc2) && !$nc2->isError()) {
  255. $loginData['redirectURL'] = BASE_URL . DIR_REL . '/' . DISPATCHER_FILENAME . '/' . $rcID;
  256. }
  257. }
  258. /*
  259. //full page login redirect (non-ajax login)
  260. if( strlen($loginData['redirectURL']) && $_REQUEST['format']!='JSON' ){
  261. header('Location: ' . $loginData['redirectURL']);
  262. exit;
  263. }
  264. */
  265. $dash = Page::getByPath("/dashboard", "RECENT");
  266. $dbp = new Permissions($dash);
  267. Events::fire('on_user_login',$this);
  268. //End JSON Login
  269. if($_REQUEST['format']=='JSON')
  270. return $loginData;
  271. //should administrator be redirected to dashboard? defaults to yes if not set.
  272. $adminToDash=intval(Config::get('LOGIN_ADMIN_TO_DASHBOARD'));
  273. //Full page login, standard redirection
  274. $u = new User(); // added for the required registration attribute change above. We recalc the user and make sure they're still logged in
  275. if ($u->isRegistered()) {
  276. if ($u->config('NEWSFLOW_LAST_VIEWED') == 'FIRSTRUN') {
  277. $u->saveConfig('NEWSFLOW_LAST_VIEWED', 0);
  278. }
  279. if ($loginData['redirectURL']) {
  280. //make double secretly sure there's no caching going on
  281. header("Cache-Control: no-store, no-cache, must-revalidate");
  282. header("Pragma: no-cache");
  283. header('Expires: Fri, 30 Oct 1998 14:19:41 GMT'); //in the past
  284. $this->externalRedirect( $loginData['redirectURL'] );
  285. }else if ( $dbp->canRead() && $adminToDash ) {
  286. $this->redirect('/dashboard');
  287. } else {
  288. //options set in dashboard/users/registration
  289. $login_redirect_cid=intval(Config::get('LOGIN_REDIRECT_CID'));
  290. $login_redirect_mode=Config::get('LOGIN_REDIRECT');
  291. //redirect to user profile
  292. if( $login_redirect_mode=='PROFILE' && ENABLE_USER_PROFILES ){
  293. $this->redirect( '/profile/', $u->uID );
  294. //redirect to custom page
  295. }elseif( $login_redirect_mode=='CUSTOM' && $login_redirect_cid > 0 ){
  296. $redirectTarget = Page::getByID( $login_redirect_cid );
  297. if(intval($redirectTarget->cID)>0) $this->redirect( $redirectTarget->getCollectionPath() );
  298. else $this->redirect('/');
  299. //redirect home
  300. }else $this->redirect('/');
  301. }
  302. }
  303. }
  304. public function password_sent() {
  305. $this->set('intro_msg', $this->getPasswordSentMsg() );
  306. }
  307. public function getPasswordSentMsg(){
  308. return t('An email containing instructions on resetting your password has been sent to your account address.');
  309. }
  310. public function logout() {
  311. $u = new User();
  312. $u->logout();
  313. $this->redirect('/');
  314. }
  315. public function forward($cID = 0) {
  316. $nh = Loader::helper('validation/numbers');
  317. if ($nh->integer($cID)) {
  318. $this->set('rcID', $cID);
  319. }
  320. }
  321. // responsible for validating a user's email address
  322. public function v($hash = '') {
  323. $ui = UserInfo::getByValidationHash($hash);
  324. if (is_object($ui)) {
  325. $ui->markValidated();
  326. $this->set('uEmail', $ui->getUserEmail());
  327. $this->set('validated', true);
  328. }
  329. }
  330. // responsible for validating a user's email address
  331. public function change_password($uHash = '') {
  332. $db = Loader::db();
  333. $h = Loader::helper('validation/identifier');
  334. $e = Loader::helper('validation/error');
  335. $ui = UserInfo::getByValidationHash($uHash);
  336. if (is_object($ui)){
  337. $hashCreated = $db->GetOne("select uDateGenerated FROM UserValidationHashes where uHash=?", array($uHash));
  338. if($hashCreated < (time()-(USER_CHANGE_PASSWORD_URL_LIFETIME))) {
  339. $h->deleteKey('UserValidationHashes','uHash',$uHash);
  340. throw new Exception( t('Key Expired. Please visit the forgot password page again to have a new key generated.') );
  341. }else{
  342. if(strlen($_POST['uPassword'])){
  343. $userHelper = Loader::helper('concrete/user');
  344. $userHelper->validNewPassword($_POST['uPassword'],$e);
  345. if(strlen($_POST['uPassword']) && $_POST['uPasswordConfirm']!=$_POST['uPassword']){
  346. $e->add(t('The two passwords provided do not match.'));
  347. }
  348. if (!$e->has()){
  349. $ui->changePassword( $_POST['uPassword'] );
  350. $h->deleteKey('UserValidationHashes','uHash',$uHash);
  351. $this->set('passwordChanged', true);
  352. $u = $ui->getUserObject();
  353. if (USER_REGISTRATION_WITH_EMAIL_ADDRESS) {
  354. $_POST['uName'] = $ui->getUserEmail();
  355. } else {
  356. $_POST['uName'] = $u->getUserName();
  357. }
  358. $this->do_login();
  359. return;
  360. }else{
  361. $this->set('uHash', $uHash);
  362. $this->set('changePasswordForm', true);
  363. $this->set('errorMsg', join( '<br>', $e->getList() ) );
  364. }
  365. }else{
  366. $this->set('uHash', $uHash);
  367. $this->set('changePasswordForm', true);
  368. }
  369. }
  370. }else{
  371. throw new Exception( t('Invalid Key. Please visit the forgot password page again to have a new key generated.') );
  372. }
  373. }
  374. public function forgot_password() {
  375. $loginData['success']=0;
  376. $vs = Loader::helper('validation/strings');
  377. $em = $this->post('uEmail');
  378. try {
  379. if (!$vs->email($em)) {
  380. throw new Exception(t('Invalid email address.'));
  381. }
  382. $oUser = UserInfo::getByEmail($em);
  383. if (!$oUser) {
  384. throw new Exception(t('We have no record of that email address.'));
  385. }
  386. $mh = Loader::helper('mail');
  387. //$mh->addParameter('uPassword', $oUser->resetUserPassword());
  388. $mh->addParameter('uName', $oUser->getUserName());
  389. $mh->to($oUser->getUserEmail());
  390. //generate hash that'll be used to authenticate user, allowing them to change their password
  391. $h = Loader::helper('validation/identifier');
  392. $uHash = $h->generate('UserValidationHashes', 'uHash');
  393. $db = Loader::db();
  394. $db->Execute("DELETE FROM UserValidationHashes WHERE uID=?", array( $oUser->uID ) );
  395. $db->Execute("insert into UserValidationHashes (uID, uHash, uDateGenerated, type) values (?, ?, ?, ?)", array($oUser->uID, $uHash, time(),intval(UVTYPE_CHANGE_PASSWORD)));
  396. $changePassURL=BASE_URL . View::url('/login', 'change_password', $uHash);
  397. $mh->addParameter('changePassURL', $changePassURL);
  398. if (defined('EMAIL_ADDRESS_FORGOT_PASSWORD')) {
  399. $mh->from(EMAIL_ADDRESS_FORGOT_PASSWORD, t('Forgot Password'));
  400. } else {
  401. $adminUser = UserInfo::getByID(USER_SUPER_ID);
  402. if (is_object($adminUser)) {
  403. $mh->from($adminUser->getUserEmail(), t('Forgot Password'));
  404. }
  405. }
  406. $mh->load('forgot_password');
  407. @$mh->sendMail();
  408. $loginData['success']=1;
  409. $loginData['msg']=$this->getPasswordSentMsg();
  410. } catch(Exception $e) {
  411. $this->error->add($e);
  412. $loginData['error']=$e->getMessage();
  413. }
  414. if( $_REQUEST['format']=='JSON' ){
  415. $jsonHelper=Loader::helper('json');
  416. echo $jsonHelper->encode($loginData);
  417. die;
  418. }
  419. if($loginData['success']==1)
  420. $this->redirect('/login', 'password_sent');
  421. }
  422. }