Beispiel #1
0
 /**
  * Execute the action
  */
 public function execute()
 {
     parent::execute();
     BackendAuthentication::logout();
     // redirect to login-screen
     $this->redirect(BackendModel::createUrlForAction('index', $this->getModule()));
 }
Beispiel #2
0
 /**
  * Execute the action
  *
  * @return	void
  */
 public function execute()
 {
     // call parent, this will probably add some general CSS/JS or other required files
     parent::execute();
     // log out the current user
     BackendAuthentication::logout();
     // redirect to login-screen
     $this->redirect(BackendModel::createUrlForAction('index', $this->getModule()));
 }
Beispiel #3
0
 /**
  * Validate the forms
  */
 private function validateForm()
 {
     if ($this->frm->isSubmitted()) {
         $txtEmail = $this->frm->getField('backend_email');
         $txtPassword = $this->frm->getField('backend_password');
         // required fields
         if (!$txtEmail->isFilled() || !$txtPassword->isFilled()) {
             // add error
             $this->frm->addError('fields required');
             // show error
             $this->tpl->assign('hasError', true);
         }
         // invalid form-token?
         if ($this->frm->getToken() != $this->frm->getField('form_token')->getValue()) {
             // set a correct header, so bots understand they can't mess with us.
             if (!headers_sent()) {
                 header('400 Bad Request', true, 400);
             }
         }
         // all fields are ok?
         if ($txtEmail->isFilled() && $txtPassword->isFilled() && $this->frm->getToken() == $this->frm->getField('form_token')->getValue()) {
             // try to login the user
             if (!BackendAuthentication::loginUser($txtEmail->getValue(), $txtPassword->getValue())) {
                 // add error
                 $this->frm->addError('invalid login');
                 // store attempt in session
                 $current = SpoonSession::exists('backend_login_attempts') ? (int) SpoonSession::get('backend_login_attempts') : 0;
                 // increment and store
                 SpoonSession::set('backend_login_attempts', ++$current);
                 // show error
                 $this->tpl->assign('hasError', true);
             }
         }
         // check sessions
         if (SpoonSession::exists('backend_login_attempts') && (int) SpoonSession::get('backend_login_attempts') >= 5) {
             // get previous attempt
             $previousAttempt = SpoonSession::exists('backend_last_attempt') ? SpoonSession::get('backend_last_attempt') : time();
             // calculate timeout
             $timeout = 5 * (SpoonSession::get('backend_login_attempts') - 4);
             // too soon!
             if (time() < $previousAttempt + $timeout) {
                 // sleep untill the user can login again
                 sleep($timeout);
                 // set a correct header, so bots understand they can't mess with us.
                 if (!headers_sent()) {
                     header('503 Service Unavailable', true, 503);
                 }
             } else {
                 // increment and store
                 SpoonSession::set('backend_last_attempt', time());
             }
             // too many attempts
             $this->frm->addEditor('too many attempts');
             // show error
             $this->tpl->assign('hasTooManyAttemps', true);
             $this->tpl->assign('hasError', false);
         }
         // no errors in the form?
         if ($this->frm->isCorrect()) {
             // cleanup sessions
             SpoonSession::delete('backend_login_attempts');
             SpoonSession::delete('backend_last_attempt');
             // create filter with modules which may not be displayed
             $filter = array('authentication', 'error', 'core');
             // get all modules
             $modules = array_diff(BackendModel::getModules(), $filter);
             // loop through modules and break on first allowed module
             foreach ($modules as $module) {
                 if (BackendAuthentication::isAllowedModule($module)) {
                     break;
                 }
             }
             // redirect to the correct URL (URL the user was looking for or fallback)
             $this->redirect($this->getParameter('querystring', 'string', BackendModel::createUrlForAction(null, $module)));
         }
     }
     // is the form submitted
     if ($this->frmForgotPassword->isSubmitted()) {
         // backend email
         $email = $this->frmForgotPassword->getField('backend_email_forgot')->getValue();
         // required fields
         if ($this->frmForgotPassword->getField('backend_email_forgot')->isEmail(BL::err('EmailIsInvalid'))) {
             // check if there is a user with the given emailaddress
             if (!BackendUsersModel::existsEmail($email)) {
                 $this->frmForgotPassword->getField('backend_email_forgot')->addError(BL::err('EmailIsUnknown'));
             }
         }
         // no errors in the form?
         if ($this->frmForgotPassword->isCorrect()) {
             // generate the key for the reset link and fetch the user ID for this email
             $key = BackendAuthentication::getEncryptedString($email, uniqid());
             // insert the key and the timestamp into the user settings
             $userId = BackendUsersModel::getIdByEmail($email);
             $user = new BackendUser($userId);
             $user->setSetting('reset_password_key', $key);
             $user->setSetting('reset_password_timestamp', time());
             // variables to parse in the e-mail
             $variables['resetLink'] = SITE_URL . BackendModel::createURLForAction('reset_password') . '&email=' . $email . '&key=' . $key;
             // send e-mail to user
             BackendMailer::addEmail(SpoonFilter::ucfirst(BL::msg('ResetYourPasswordMailSubject')), BACKEND_MODULE_PATH . '/layout/templates/mails/reset_password.tpl', $variables, $email);
             // clear post-values
             $_POST['backend_email_forgot'] = '';
             // show success message
             $this->tpl->assign('isForgotPasswordSuccess', true);
             // show form
             $this->tpl->assign('showForm', true);
         } else {
             $this->tpl->assign('showForm', true);
         }
     }
 }
Beispiel #4
0
 /**
  * Validate the form
  *
  * @return	void
  */
 private function validateForm()
 {
     // is the form submitted
     if ($this->frm->isSubmitted()) {
         // shorten fields
         $newPassword = $this->frm->getField('backend_new_password');
         $newPasswordRepeated = $this->frm->getField('backend_new_password_repeated');
         // required fields
         $newPassword->isFilled(BL::err('PasswordIsRequired'));
         $newPasswordRepeated->isFilled(BL::err('PasswordRepeatIsRequired'));
         // all fields are ok?
         if ($newPassword->isFilled() && $newPasswordRepeated->isFilled()) {
             // the passwords entered match
             if ($newPassword->getValue() !== $newPasswordRepeated->getValue()) {
                 // add error
                 $this->frm->addError(BL::err('PasswordsDontMatch'));
                 // show error
                 $this->tpl->assign('error', BL::err('PasswordsDontMatch'));
             }
         }
         // is the form submitted
         if ($this->frm->isCorrect()) {
             // change the users password
             BackendUsersModel::updatePassword($this->user, $newPassword->getValue());
             // attempt to login the user
             if (!BackendAuthentication::loginUser($this->user->getEmail(), $newPassword->getValue())) {
                 // redirect to the login form with an error
                 $this->redirect(BackendModel::createURLForAction('index', null, null, array('login' => 'failed')));
             }
             // redirect to the login form
             $this->redirect(BackendModel::createUrlForAction('index', 'dashboard', null, array('password_reset' => 'success')));
         }
     }
 }