/**
* Displays the login page
* @param object $formModel
* @param bool $isMobile Whether this was called from mobile site controller
*/
public function login(LoginForm $model, $isMobile = false)
{
$model->attributes = $_POST['LoginForm'];
// get user input data
Session::cleanUpSessions();
$ip = $this->owner->getRealIp();
$userModel = $model->getUser();
$isRealUser = $userModel instanceof User;
$effectiveUsername = $isRealUser ? $userModel->username : $model->username;
$isActiveUser = $isRealUser && $userModel->status == User::STATUS_ACTIVE;
/* increment count on every session with this user/IP, to prevent brute force attacks
using session_id spoofing or whatever */
Yii::app()->db->createCommand('UPDATE x2_sessions SET status=status-1,lastUpdated=:time WHERE user=:name AND
CAST(IP AS CHAR)=:ip AND status BETWEEN -2 AND 0')->bindValues(array(':time' => time(), ':name' => $effectiveUsername, ':ip' => $ip))->execute();
$activeUser = Yii::app()->db->createCommand()->select('username')->from('x2_users')->where('username=:name AND status=1', array(':name' => $model->username))->limit(1)->queryScalar();
// get the correctly capitalized username
if (isset($_SESSION['sessionId'])) {
$sessionId = $_SESSION['sessionId'];
} else {
$sessionId = $_SESSION['sessionId'] = session_id();
}
$session = X2Model::model('Session')->findByPk($sessionId);
/* get the number of failed login attempts from this IP within timeout interval. If the
number of login attempts exceeds maximum, display captcha */
$badAttemptsRefreshTimeout = 900;
$maxFailedLoginAttemptsPerIP = 100;
$maxLoginsBeforeCaptcha = 5;
$this->pruneTimedOutBans($badAttemptsRefreshTimeout);
$failedLoginRecord = FailedLogins::model()->findActiveByIp($ip);
$badAttemptsWithThisIp = $failedLoginRecord ? $failedLoginRecord->attempts : 0;
if ($badAttemptsWithThisIp >= $maxFailedLoginAttemptsPerIP) {
$this->recordFailedLogin($ip);
throw new CHttpException(403, Yii::t('app', 'You are not authorized to use this application'));
}
// if this client has already tried to log in, increment their attempt count
if ($session === null) {
$session = new Session();
$session->id = $sessionId;
$session->user = $model->getSessionUserName();
$session->lastUpdated = time();
$session->status = 0;
$session->IP = $ip;
} else {
$session->lastUpdated = time();
$session->user = $model->getSessionUserName();
}
if ($isActiveUser === false) {
$model->verifyCode = '';
// clear captcha code
$model->validate();
// validate captcha if it's being used
$this->recordFailedLogin($ip);
$session->save();
if ($badAttemptsWithThisIp + 1 >= $maxFailedLoginAttemptsPerIP) {
throw new CHttpException(403, Yii::t('app', 'You are not authorized to use this application'));
} else {
if ($badAttemptsWithThisIp >= $maxLoginsBeforeCaptcha - 1) {
$model->useCaptcha = true;
$model->setScenario('loginWithCaptcha');
$session->status = -2;
}
}
} else {
if ($model->validate() && $model->login()) {
// user successfully logged in
if ($model->rememberMe) {
foreach (array('username', 'rememberMe') as $attr) {
// Expires in 30 days
AuxLib::setCookie(CHtml::resolveName($model, $attr), $model->{$attr}, 2592000);
}
} else {
foreach (array('username', 'rememberMe') as $attr) {
// Remove the cookie if they unchecked the box
AuxLib::clearCookie(CHtml::resolveName($model, $attr));
}
}
// We're not using the isAdmin parameter of the application
// here because isAdmin in this context hasn't been set yet.
$isAdmin = Yii::app()->user->checkAccess('AdminIndex');
if ($isAdmin && !$isMobile) {
$this->owner->attachBehavior('updaterBehavior', new UpdaterBehavior());
$this->owner->checkUpdates();
// check for updates if admin
} else {
Yii::app()->session['versionCheck'] = true;
}
// ...or don't
$session->status = 1;
$session->save();
SessionLog::logSession($model->username, $sessionId, 'login');
$_SESSION['playLoginSound'] = true;
if (YII_UNIT_TESTING && defined('X2_DEBUG_EMAIL') && X2_DEBUG_EMAIL) {
Yii::app()->session['debugEmailWarning'] = 1;
}
// if ( isset($_POST['themeName']) ) {
// $profile = X2Model::model('Profile')->findByPk(Yii::app()->user->id);
// $profile->theme = array_merge(
// $profile->theme,
// ThemeGenerator::loadDefault( $_POST['themeName'])
// );
// $profile->save();
// }
LoginThemeHelper::login();
if ($isMobile) {
$this->owner->redirect($this->owner->createUrl('/mobile/home'));
} else {
if (Yii::app()->user->returnUrl == '/site/index') {
$this->owner->redirect(array('/site/index'));
} else {
// after login, redirect to wherever
$this->owner->redirect(Yii::app()->user->returnUrl);
}
}
} else {
// login failed
$model->verifyCode = '';
// clear captcha code
$this->recordFailedLogin($ip);
$session->save();
if ($badAttemptsWithThisIp + 1 >= $maxFailedLoginAttemptsPerIP) {
throw new CHttpException(403, Yii::t('app', 'You are not authorized to use this application'));
} else {
if ($badAttemptsWithThisIp >= $maxLoginsBeforeCaptcha - 1) {
$model->useCaptcha = true;
$model->setScenario('loginWithCaptcha');
$session->status = -2;
}
}
}
}
$model->rememberMe = false;
}
public function testGetUser()
{
$lf = new LoginForm();
// Use username
$lf->username = $this->user('testUser')->username;
$lf->password = '******';
$this->assertEquals($this->user('testUser')->id, $lf->getUser()->id);
$this->assertEquals($this->user('testUser')->id, $lf->getUser()->id);
$lf = new LoginForm();
// Use alias
$lf->username = $this->user('testUser')->userAlias;
$lf->password = '******';
$this->assertEquals($this->user('testUser')->id, $lf->getUser()->id);
$this->assertEquals($this->user('testUser')->id, $lf->getUser()->id);
}
public static function checkAdminOrSelf($id)
{
LoginForm::checkLogin();
if (!(LoginForm::getUser()->isAdmin() || LoginForm::getUser()->id == $id)) {
Yii::app()->getController()->redirect(array("site/index"));
}
}
/**
* Creates a new model.
* If creation is successful, the browser will be redirected to the 'view' page.
*/
public function actionCreate()
{
LoginForm::checkLogin();
$this->pageTitle = "Create Patient";
$model = new Patient();
// Uncomment the following line if AJAX validation is needed
$this->performAjaxValidation($model);
if (isset($_POST['Patient'])) {
$model->attributes = $_POST['Patient'];
$model->user_id = LoginForm::getUser()->id;
$model->date_registered = date('Y-m-d H:i:s');
if ($model->save()) {
Alert::alertMessage('success', 'Patient added successfully.');
$this->redirect(array('index'));
}
}
$this->render('create', array('model' => $model));
}
<script language="javascript">
document.getElementById('menu_user').className = 'active';
</script>
<?php
if (LoginForm::getUser()->isAdmin()) {
$this->breadcrumbs = array('Users' => array('index'), 'Update');
} else {
$this->breadcrumbs = array('Update');
}
?>
<?php
$this->renderPartial('_form', array('model' => $model, 'title' => "Update User"));
?>
<div class="well col-lg-8">
<?php
$form = $this->beginWidget('CActiveForm', array('id' => 'user-form', 'enableAjaxValidation' => true, 'htmlOptions' => array('class' => 'form-horizontal')));
?>
<fieldset>
<legend><?php
echo isset($title) ? $title : "";
?>
</legend>
<p class="note">Fields with <span class="required">*</span> are required.</p>
<?php
if ($model->isNewRecord || $model->id == LoginForm::getUser()->id) {
?>
<div class="form-group">
<?php
echo $form->labelEx($model, 'username', array('class' => 'control-label col-sm-3'));
?>
<div class="col-sm-9">
<?php
echo $form->textField($model, 'username', array('maxlength' => 15, 'class' => 'form-control'));
?>
<?php
echo $form->error($model, 'username', array('class' => 'text-danger'));
?>
</div>
</div>
">NTP Treatment Card</a></li>
</ul>
</li>
</ul>
<ul class="nav navbar-nav navbar-right">
<p class="navbar-text" style="color: white">Signed in as <?php
echo LoginForm::getUser()->username;
?>
</p>
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" href="#" id="logout"><span class="icon-cog icon-white"></span> <span class="caret"></span></a>
<ul class="dropdown-menu" aria-labelledby="logout">
<li><a href="<?php
echo Yii::app()->createUrl('user/update', array('id' => LoginForm::getUser()->id));
?>
">Manage Account</a></li>
<li><a href="<?php
echo Yii::app()->createUrl('site/logout');
?>
">Logout</a></li>
</ul>
</li>
</ul>
</div>
</div>
</div>
<div class="container" id="contents">
<?php
