/** * Displays the login page * @param object $formModel * @param bool $isMobile Whether this was called from mobile site controller */ public function login(LoginForm $model, $isMobile = false) { $model->attributes = $_POST['LoginForm']; // get user input data Session::cleanUpSessions(); $ip = $this->owner->getRealIp(); $userModel = $model->getUser(); $isRealUser = $userModel instanceof User; $effectiveUsername = $isRealUser ? $userModel->username : $model->username; $isActiveUser = $isRealUser && $userModel->status == User::STATUS_ACTIVE; /* increment count on every session with this user/IP, to prevent brute force attacks using session_id spoofing or whatever */ Yii::app()->db->createCommand('UPDATE x2_sessions SET status=status-1,lastUpdated=:time WHERE user=:name AND CAST(IP AS CHAR)=:ip AND status BETWEEN -2 AND 0')->bindValues(array(':time' => time(), ':name' => $effectiveUsername, ':ip' => $ip))->execute(); $activeUser = Yii::app()->db->createCommand()->select('username')->from('x2_users')->where('username=:name AND status=1', array(':name' => $model->username))->limit(1)->queryScalar(); // get the correctly capitalized username if (isset($_SESSION['sessionId'])) { $sessionId = $_SESSION['sessionId']; } else { $sessionId = $_SESSION['sessionId'] = session_id(); } $session = X2Model::model('Session')->findByPk($sessionId); /* get the number of failed login attempts from this IP within timeout interval. If the number of login attempts exceeds maximum, display captcha */ $badAttemptsRefreshTimeout = 900; $maxFailedLoginAttemptsPerIP = 100; $maxLoginsBeforeCaptcha = 5; $this->pruneTimedOutBans($badAttemptsRefreshTimeout); $failedLoginRecord = FailedLogins::model()->findActiveByIp($ip); $badAttemptsWithThisIp = $failedLoginRecord ? $failedLoginRecord->attempts : 0; if ($badAttemptsWithThisIp >= $maxFailedLoginAttemptsPerIP) { $this->recordFailedLogin($ip); throw new CHttpException(403, Yii::t('app', 'You are not authorized to use this application')); } // if this client has already tried to log in, increment their attempt count if ($session === null) { $session = new Session(); $session->id = $sessionId; $session->user = $model->getSessionUserName(); $session->lastUpdated = time(); $session->status = 0; $session->IP = $ip; } else { $session->lastUpdated = time(); $session->user = $model->getSessionUserName(); } if ($isActiveUser === false) { $model->verifyCode = ''; // clear captcha code $model->validate(); // validate captcha if it's being used $this->recordFailedLogin($ip); $session->save(); if ($badAttemptsWithThisIp + 1 >= $maxFailedLoginAttemptsPerIP) { throw new CHttpException(403, Yii::t('app', 'You are not authorized to use this application')); } else { if ($badAttemptsWithThisIp >= $maxLoginsBeforeCaptcha - 1) { $model->useCaptcha = true; $model->setScenario('loginWithCaptcha'); $session->status = -2; } } } else { if ($model->validate() && $model->login()) { // user successfully logged in if ($model->rememberMe) { foreach (array('username', 'rememberMe') as $attr) { // Expires in 30 days AuxLib::setCookie(CHtml::resolveName($model, $attr), $model->{$attr}, 2592000); } } else { foreach (array('username', 'rememberMe') as $attr) { // Remove the cookie if they unchecked the box AuxLib::clearCookie(CHtml::resolveName($model, $attr)); } } // We're not using the isAdmin parameter of the application // here because isAdmin in this context hasn't been set yet. $isAdmin = Yii::app()->user->checkAccess('AdminIndex'); if ($isAdmin && !$isMobile) { $this->owner->attachBehavior('updaterBehavior', new UpdaterBehavior()); $this->owner->checkUpdates(); // check for updates if admin } else { Yii::app()->session['versionCheck'] = true; } // ...or don't $session->status = 1; $session->save(); SessionLog::logSession($model->username, $sessionId, 'login'); $_SESSION['playLoginSound'] = true; if (YII_UNIT_TESTING && defined('X2_DEBUG_EMAIL') && X2_DEBUG_EMAIL) { Yii::app()->session['debugEmailWarning'] = 1; } // if ( isset($_POST['themeName']) ) { // $profile = X2Model::model('Profile')->findByPk(Yii::app()->user->id); // $profile->theme = array_merge( // $profile->theme, // ThemeGenerator::loadDefault( $_POST['themeName']) // ); // $profile->save(); // } LoginThemeHelper::login(); if ($isMobile) { $this->owner->redirect($this->owner->createUrl('/mobile/home')); } else { if (Yii::app()->user->returnUrl == '/site/index') { $this->owner->redirect(array('/site/index')); } else { // after login, redirect to wherever $this->owner->redirect(Yii::app()->user->returnUrl); } } } else { // login failed $model->verifyCode = ''; // clear captcha code $this->recordFailedLogin($ip); $session->save(); if ($badAttemptsWithThisIp + 1 >= $maxFailedLoginAttemptsPerIP) { throw new CHttpException(403, Yii::t('app', 'You are not authorized to use this application')); } else { if ($badAttemptsWithThisIp >= $maxLoginsBeforeCaptcha - 1) { $model->useCaptcha = true; $model->setScenario('loginWithCaptcha'); $session->status = -2; } } } } $model->rememberMe = false; }
public function testGetUser() { $lf = new LoginForm(); // Use username $lf->username = $this->user('testUser')->username; $lf->password = '******'; $this->assertEquals($this->user('testUser')->id, $lf->getUser()->id); $this->assertEquals($this->user('testUser')->id, $lf->getUser()->id); $lf = new LoginForm(); // Use alias $lf->username = $this->user('testUser')->userAlias; $lf->password = '******'; $this->assertEquals($this->user('testUser')->id, $lf->getUser()->id); $this->assertEquals($this->user('testUser')->id, $lf->getUser()->id); }
public static function checkAdminOrSelf($id) { LoginForm::checkLogin(); if (!(LoginForm::getUser()->isAdmin() || LoginForm::getUser()->id == $id)) { Yii::app()->getController()->redirect(array("site/index")); } }
/** * Creates a new model. * If creation is successful, the browser will be redirected to the 'view' page. */ public function actionCreate() { LoginForm::checkLogin(); $this->pageTitle = "Create Patient"; $model = new Patient(); // Uncomment the following line if AJAX validation is needed $this->performAjaxValidation($model); if (isset($_POST['Patient'])) { $model->attributes = $_POST['Patient']; $model->user_id = LoginForm::getUser()->id; $model->date_registered = date('Y-m-d H:i:s'); if ($model->save()) { Alert::alertMessage('success', 'Patient added successfully.'); $this->redirect(array('index')); } } $this->render('create', array('model' => $model)); }
<script language="javascript"> document.getElementById('menu_user').className = 'active'; </script> <?php if (LoginForm::getUser()->isAdmin()) { $this->breadcrumbs = array('Users' => array('index'), 'Update'); } else { $this->breadcrumbs = array('Update'); } ?> <?php $this->renderPartial('_form', array('model' => $model, 'title' => "Update User"));
?> <div class="well col-lg-8"> <?php $form = $this->beginWidget('CActiveForm', array('id' => 'user-form', 'enableAjaxValidation' => true, 'htmlOptions' => array('class' => 'form-horizontal'))); ?> <fieldset> <legend><?php echo isset($title) ? $title : ""; ?> </legend> <p class="note">Fields with <span class="required">*</span> are required.</p> <?php if ($model->isNewRecord || $model->id == LoginForm::getUser()->id) { ?> <div class="form-group"> <?php echo $form->labelEx($model, 'username', array('class' => 'control-label col-sm-3')); ?> <div class="col-sm-9"> <?php echo $form->textField($model, 'username', array('maxlength' => 15, 'class' => 'form-control')); ?> <?php echo $form->error($model, 'username', array('class' => 'text-danger')); ?> </div> </div>
">NTP Treatment Card</a></li> </ul> </li> </ul> <ul class="nav navbar-nav navbar-right"> <p class="navbar-text" style="color: white">Signed in as <?php echo LoginForm::getUser()->username; ?> </p> <li class="dropdown"> <a class="dropdown-toggle" data-toggle="dropdown" href="#" id="logout"><span class="icon-cog icon-white"></span> <span class="caret"></span></a> <ul class="dropdown-menu" aria-labelledby="logout"> <li><a href="<?php echo Yii::app()->createUrl('user/update', array('id' => LoginForm::getUser()->id)); ?> ">Manage Account</a></li> <li><a href="<?php echo Yii::app()->createUrl('site/logout'); ?> ">Logout</a></li> </ul> </li> </ul> </div> </div> </div> <div class="container" id="contents"> <?php