/**
* Simple check if given username/password are correct
*/
public function executeCheckLogin(sfWebRequest $request)
{
$email = trim($request->getParameter('email'));
$password = trim($request->getParameter('password'));
if ($email == '' || $password == '') {
return $this->renderText('FAIL');
}
$user = UserPeer::checkLogin($request->getParameter('email'), $request->getParameter('password'));
return $this->renderText($user instanceof User ? 'OK' : 'FAIL');
}
/**
* Action to check login credentials
*/
public function executeLoginCheck()
{
$connection = RaykuCommon::getDatabaseConnection();
$sEmail = trim($this->getRequestParameter('name'));
$sPassword = trim($this->getRequestParameter('pass'));
if ($sEmail == '' && $sPassword == '') {
StatsD::increment("login.failure");
$this->redirect('login/index');
}
//Check the user credentials
$this->user = UserPeer::checkLogin($sEmail, $sPassword);
if (!$this->user) {
StatsD::increment("login.failure");
$_SESSION['loginErrorMsg'] = 'Your username or password was incorrect.';
} else {
StatsD::increment("login.success");
}
/**
* @todo - check if we ever got a chance to hit this place with recaptch - it looks like no so either lets remove it or make it working
*/
if (isset($_SESSION['loginWrongPass']) && $_SESSION['loginWrongPass'] >= 5) {
require_once $_SERVER['DOCUMENT_ROOT'] . '/recaptcha/recaptchalib.php';
// Get a key from https://www.google.com/recaptcha/admin/create
$publickey = "6Lc_mscSAAAAAE0Bxon37XRl56V_l3Ba0sqib2Zm";
$privatekey = "6Lc_mscSAAAAAKG3YnU2l3uHYqcBDB6R31XlVTW8";
# the response from reCAPTCHA
$resp = null;
# the error code from reCAPTCHA, if any
$error = null;
# was there a reCAPTCHA response?
$resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]);
if ($resp->is_valid) {
$_SESSION['loginWrongPass'] = 0;
$_SESSION['recaptchaError'] = '';
} else {
# set the error code so that we can display it
$_SESSION['recaptchaError'] = $resp->error;
$this->user = false;
}
}
if (!$this->user) {
$this->msg = 'Your username or password was incorrect.';
/////incrementing session value plus one if the password is wrong
$_SESSION['loginWrongPass'] = @$_SESSION['loginWrongPass'] + 1;
if ($_SESSION['loginWrongPass'] >= 5) {
$this->redirect("/login");
}
return sfView::ERROR;
}
//If the user hasn't confirmed their account, display a message
if ($this->user->isTypeUnconfirmed()) {
$this->msg = 'You have not confirmed your account yet. Please go to your email inbox and click on the link in the confirmation email.';
return sfView::ERROR;
}
//If the user is banned, display a message
if ($this->user->getHidden()) {
$this->msg = 'You are currently banned.';
return sfView::ERROR;
}
$this->getUser()->signIn($this->user, $this->getRequestParameter('remember', false));
/**
* Invisible in practice means "invisible until next login"
* On each login this flag is set either to 0 or 1
* There is no possibility to change invisible status while being logged in
*/
$this->user->setInvisible($this->getRequestParameter('invisible', false));
$_SESSION[$this->user->getUsername()] = time();
$this->user->save();
$currentUser = $this->getUser()->getRaykuUser();
$userId = $currentUser->getId();
if (!empty($userId)) {
mysql_query("delete from popup_close where user_id=" . $userId, $connection) or die(mysql_error());
mysql_query("delete from sendmessage where asker_id =" . $userId, $connection) or die(mysql_error());
mysql_query("delete from user_expert where checked_id=" . $userId, $connection) or die(mysql_error());
}
if (isset($_SESSION['modelPopupOpen'])) {
unset($_SESSION['modelPopupOpen']);
if ($_SESSION['popup_session']) {
unset($_SESSION['popup_session']);
}
}
if ($this->getRequestParameter('referer') != 'http://' . RaykuCommon::getCurrentHttpDomain() . '/login') {
if ($this->getRequestParameter('referer') != NULL) {
return $this->redirect($this->getRequestParameter('referer'));
}
} else {
return sfView::SUCCESS;
}
}
