/** * beforeExecuteRoute($dispatcher) before init route * * @param $dispatcher * @return bool */ public function beforeExecuteRoute($dispatcher) { //auth token if ($this->cookies->has('remember')) { // if user was remembered $userId = $this->cookies->get('remember')->getValue(); $rememberToken = $this->cookies->get('rememberToken')->getValue(); $users = new Users(); $user = $users->findFirst(["id = ?0", "bind" => [$userId]]); // create user auth token $userToken = md5($user->getPassword() . $user->getSalt()); // set authentication for logged user if ($rememberToken == $userToken) { $this->session->set('auth', $user); } } $auth = $this->session->get('auth'); // if the user is logged in if (!$auth) { $this->flashSession->error("You don't have access"); // dispatch to login page return $dispatcher->forward(['controller' => 'auth', 'action' => 'index']); } $this->_user = $auth; }
public function submitAction() { if ($this->request->isPost()) { $form = new \Forms\Login(); if ($form->isValid($this->request->getPost())) { if (\Models\Users::login($this->request->getPost('email'), $this->request->getPost('password'), $this->request->getPost('remember') ? 1 : 0)) { $user = \Models\Users::findFirst($this->session->get('user')); static::flash('success', sprintf('Welcome %s!', ucfirst($user->name))); static::redirect('/cabinet/'); return true; } else { static::flash('error', 'E-Mail or Password not valid.'); } } else { static::flash('warning', $form->getMessages()); } } static::forward('login/index'); return false; }
/** * LogIn action */ public function indexAction() { if ($this->request->isPost()) { if ($this->security->checkToken()) { // The token is ok, check authorization $login = $this->request->getPost('username'); $password = $this->request->getPost('password'); $remember = $this->request->getPost('remember'); $users = new Users(); $user = $users->findFirst(["login = ?0", "bind" => [$login]]); if ($user) { if ($this->security->checkHash($password, $user->getPassword())) { // Check if the "remember me" was selected if (isset($remember)) { $this->cookies->set('remember', $user->getId(), time() + $this->_config->rememberKeep); $this->cookies->set('rememberToken', md5($user->getPassword() . $user->getSalt()), time() + $this->_config->rememberKeep); } // set authentication for logged user $this->session->set('auth', $user); // update auth params $user->setDateLastvisit(date('Y-m-d H:i:s'))->setIp($this->request->getClientAddress())->setUa($this->request->getUserAgent())->save(); $referrer = parse_url($this->request->getHTTPReferer(), PHP_URL_PATH); if ($this->_logger) { $this->_logger->log('Authenticate success from ' . $this->request->getClientAddress()); } // full http redirect to the referrer page if ($referrer != $this->request->getURI()) { return $this->response->redirect($referrer); } else { return $this->response->redirect('dashboard'); } } else { // Wrong authenticate data (password or login) $this->flashSession->error("Wrong authenticate data"); if ($this->_logger) { $this->_logger->error('Authenticate failed from ' . $this->request->getClientAddress() . '. Wrong authenticate data'); } $this->response->redirect('dashboard/auth'); $this->view->disable(); } } else { // user does not exist in database $this->flashSession->error("The user not found"); if ($this->_logger) { $this->_logger->error('Authenticate failed from ' . $this->request->getClientAddress() . '. The user ' . $login . ' not found'); } $this->response->redirect('dashboard/auth'); $this->view->disable(); } } else { // CSRF protection if ($this->_logger) { $this->_logger->error('Authenticate failed from ' . $this->request->getClientAddress() . '. CSRF attack'); } $this->flashSession->error("Invalid access token"); $this->response->redirect('dashboard/auth'); $this->view->disable(); } } $this->view->setMainView('non-auth-layout'); }
/** * Saves the user from the 'edit' action * */ public function editAction($id = null) { if (!$this->request->isPost()) { $id = $this->filter->sanitize($id, array("int")); $model = \Models\Users::findFirst(array("conditions" => "id = ?1", "bind" => array(1 => "{$id}"))); if (!$model) { $this->flashSession->error("Такой пользователь не найден"); return $this->response->redirect("backend/users"); } Tag::displayTo("name", $model->name); Tag::displayTo("email", $model->email); Tag::displayTo("active", $model->active); Tag::displayTo("role_id", $model->role->id); Tag::displayTo("banned", $model->banned); Tag::displayTo("suspended", $model->suspended); $this->view->setVar("model", $model); } elseif ($this->request->isPost()) { $id = $this->request->getPost('id', 'int'); $model = \Models\Users::findFirst("id = '{$id}'"); if (!$model) { $this->flashSession->error("Такой пользователь не найден"); return $this->response->redirect("backend/users/index"); } $model->assign(array('name' => $this->request->getPost('name', 'striptags'), 'role_id' => $this->request->getPost('role_id', 'int'), 'email' => $this->request->getPost('email', 'email'), 'banned' => $this->request->getPost('banned'), 'suspended' => $this->request->getPost('suspended'), 'active' => $this->request->getPost('active'))); if (!$model->save()) { $this->flash->error($model->getMessages()); } else { $this->flashSession->success("Данные о пользователе обновлены"); return $this->response->redirect("backend/users"); } } }