/**
* Do login (AJAX call)
*
* @param TBGRequest $request
*/
public function runDoLogin(TBGRequest $request)
{
$i18n = TBGContext::getI18n();
$options = $request->getParameters();
$forward_url = TBGContext::getRouting()->generate('home');
if ($request->hasParameter('persona') && $request['persona'] == 'true') {
$url = 'https://verifier.login.persona.org/verify';
$assert = filter_input(INPUT_POST, 'assertion', FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
//Use the $_POST superglobal array for PHP < 5.2 and write your own filter
$params = 'assertion=' . urlencode($assert) . '&audience=' . urlencode(TBGContext::getURLhost() . ':80');
$ch = curl_init();
$options = array(CURLOPT_URL => $url, CURLOPT_RETURNTRANSFER => TRUE, CURLOPT_POST => 2, CURLOPT_POSTFIELDS => $params);
curl_setopt_array($ch, $options);
$result = curl_exec($ch);
curl_close($ch);
$details = json_decode($result);
$user = null;
if ($details->status == 'okay') {
$user = TBGUser::getByEmail($details->email);
if ($user instanceof TBGUser) {
TBGContext::getResponse()->setCookie('tbg3_password', $user->getPassword());
TBGContext::getResponse()->setCookie('tbg3_username', $user->getUsername());
TBGContext::getResponse()->setCookie('tbg3_persona_session', true);
return $this->renderJSON(array('status' => 'login ok', 'redirect' => in_array($request['referrer_route'], array('home', 'login'))));
}
}
if (!$user instanceof TBGUser) {
$this->getResponse()->setHttpStatus(401);
$this->renderJSON(array('message' => $this->getI18n()->__('Invalid login')));
}
return;
}
if (TBGSettings::isOpenIDavailable()) {
$openid = new LightOpenID(TBGContext::getRouting()->generate('login_page', array(), false));
}
if (TBGSettings::isOpenIDavailable() && !$openid->mode && $request->isPost() && $request->hasParameter('openid_identifier')) {
$openid->identity = $request->getRawParameter('openid_identifier');
$openid->required = array('contact/email');
$openid->optional = array('namePerson/first', 'namePerson/friendly');
return $this->forward($openid->authUrl());
} elseif (TBGSettings::isOpenIDavailable() && $openid->mode == 'cancel') {
$this->error = TBGContext::getI18n()->__("OpenID authentication cancelled");
} elseif (TBGSettings::isOpenIDavailable() && $openid->mode) {
try {
if ($openid->validate()) {
if ($this->getUser()->isAuthenticated() && !$this->getUser()->isGuest()) {
if (TBGOpenIdAccountsTable::getTable()->getUserIDfromIdentity($openid->identity)) {
TBGContext::setMessage('openid_used', true);
throw new Exception('OpenID already in use');
}
$user = $this->getUser();
} else {
$user = TBGUser::getByOpenID($openid->identity);
}
if ($user instanceof TBGUser) {
$attributes = $openid->getAttributes();
$email = array_key_exists('contact/email', $attributes) ? $attributes['contact/email'] : null;
if (!$user->getEmail()) {
if (array_key_exists('contact/email', $attributes)) {
$user->setEmail($attributes['contact/email']);
}
if (array_key_exists('namePerson/first', $attributes)) {
$user->setRealname($attributes['namePerson/first']);
}
if (array_key_exists('namePerson/friendly', $attributes)) {
$user->setBuddyname($attributes['namePerson/friendly']);
}
if (!$user->getNickname() || $user->isOpenIdLocked()) {
$user->setBuddyname($user->getEmail());
}
if (!$user->getRealname()) {
$user->setRealname($user->getBuddyname());
}
$user->save();
}
if (!$user->hasOpenIDIdentity($openid->identity)) {
TBGOpenIdAccountsTable::getTable()->addIdentity($openid->identity, $email, $user->getID());
}
TBGContext::getResponse()->setCookie('tbg3_password', $user->getPassword());
TBGContext::getResponse()->setCookie('tbg3_username', $user->getUsername());
if ($this->checkScopeMembership($user)) {
return true;
}
return $this->forward(TBGContext::getRouting()->generate(TBGSettings::get('returnfromlogin')));
} else {
$this->error = TBGContext::getI18n()->__("Didn't recognize this OpenID. Please log in using your username and password, associate it with your user account in your account settings and try again.");
}
} else {
$this->error = TBGContext::getI18n()->__("Could not validate against the OpenID provider");
}
} catch (Exception $e) {
$this->error = TBGContext::getI18n()->__("Could not validate against the OpenID provider: %message", array('%message' => htmlentities($e->getMessage(), ENT_COMPAT, TBGContext::getI18n()->getCharset())));
}
} elseif ($request->getMethod() == TBGRequest::POST) {
try {
if ($request->hasParameter('tbg3_username') && $request->hasParameter('tbg3_password') && $request['tbg3_username'] != '' && $request['tbg3_password'] != '') {
$user = TBGUser::loginCheck($request, $this);
TBGContext::setUser($user);
if ($this->checkScopeMembership($user)) {
return true;
}
if ($request->hasParameter('return_to')) {
$forward_url = $request['return_to'];
} else {
if (TBGSettings::get('returnfromlogin') == 'referer') {
$forward_url = $request->getParameter('tbg3_referer', TBGContext::getRouting()->generate('dashboard'));
} else {
$forward_url = TBGContext::getRouting()->generate(TBGSettings::get('returnfromlogin'));
}
}
$forward_url = htmlentities($forward_url, ENT_COMPAT, TBGContext::getI18n()->getCharset());
} else {
throw new Exception('Please enter a username and password');
}
} catch (Exception $e) {
if ($request->isAjaxCall()) {
$this->getResponse()->setHttpStatus(401);
TBGLogging::log($e->getMessage(), 'openid', TBGLogging::LEVEL_WARNING_RISK);
return $this->renderJSON(array("error" => $i18n->__("Invalid login details")));
} else {
$this->forward403($e->getMessage());
}
}
} else {
if ($request->isAjaxCall()) {
$this->getResponse()->setHttpStatus(401);
return $this->renderJSON(array("error" => $i18n->__('Please enter a username and password')));
} else {
$this->forward403($i18n->__('Please enter a username and password'));
}
}
if ($this->checkScopeMembership($user)) {
return true;
}
if ($request->isAjaxCall()) {
return $this->renderJSON(array('forward' => $forward_url));
} else {
$this->forward($this->getRouting()->generate('account'));
}
}