Ejemplo n.º 1
0
 public function __construct()
 {
     parent::__construct();
     $sIp = Ip::get();
     $oAdminModel = new AdminModel();
     $oSecurityModel = new SecurityModel();
     $sEmail = $this->httpRequest->post('mail');
     $sUsername = $this->httpRequest->post('username');
     $sPassword = $this->httpRequest->post('password');
     /*** Security IP Login ***/
     $sIpLogin = DbConfig::getSetting('ipLogin');
     /*** Check if the connection is not locked ***/
     $bIsLoginAttempt = (bool) DbConfig::getSetting('isAdminLoginAttempt');
     $iMaxAttempts = (int) DbConfig::getSetting('maxAdminLoginAttempts');
     $iTimeDelay = (int) DbConfig::getSetting('loginAdminAttemptTime');
     if ($bIsLoginAttempt && !$oSecurityModel->checkLoginAttempt($iMaxAttempts, $iTimeDelay, $sEmail, $this->view, 'Admins')) {
         \PFBC\Form::setError('form_admin_login', Form::loginAttemptsExceededMsg($iTimeDelay));
         return;
         // Stop execution of the method.
     }
     /*** Check Login ***/
     $bIsLogged = $oAdminModel->adminLogin($sEmail, $sUsername, $sPassword);
     $bIsIpBanned = !empty($sIpLogin) && $sIpLogin !== $sIp;
     if (!$bIsLogged || $bIsIpBanned) {
         sleep(2);
         // Security against brute-force attack to avoid drowning the server and the database
         if (!$bIsLogged) {
             $oSecurityModel->addLoginLog($sEmail, $sUsername, $sPassword, 'Failed! Incorrect Email, Username or Password', 'Admins');
             if ($bIsLoginAttempt) {
                 $oSecurityModel->addLoginAttempt('Admins');
             }
             $this->session->set('captcha_admin_enabled', 1);
             // Enable Captcha
             \PFBC\Form::setError('form_admin_login', t('"Email", "Username" or "Password" is Incorrect'));
         } elseif ($bIsIpBanned) {
             $this->session->set('captcha_admin_enabled', 1);
             // Enable Captcha
             \PFBC\Form::setError('form_admin_login', t('Incorrect Login!'));
             $oSecurityModel->addLoginLog($sEmail, $sUsername, $sPassword, 'Failed! Bad Ip adress', 'Admins');
         }
     } else {
         $oSecurityModel->clearLoginAttempts('Admins');
         $this->session->remove('captcha_admin_enabled');
         // Is disconnected if the user is logged on as "user" or "affiliate".
         if (UserCore::auth() || AffiliateCore::auth()) {
             $this->session->destroy();
         }
         $iId = $oAdminModel->getId($sEmail, null, 'Admins');
         $oAdminData = $oAdminModel->readProfile($iId, 'Admins');
         // Regenerate the session ID to prevent the session fixation
         $this->session->regenerateId();
         $aSessionData = array('admin_id' => $oAdminData->profileId, 'admin_email' => $oAdminData->email, 'admin_username' => $oAdminData->username, 'admin_first_name' => $oAdminData->firstName, 'admin_ip' => $sIp, 'admin_http_user_agent' => $this->browser->getUserAgent(), 'admin_token' => Various::genRnd($oAdminData->email));
         $this->session->set($aSessionData);
         $oSecurityModel->addLoginLog($sEmail, $sUsername, '*****', 'Logged in!', 'Admins');
         $oAdminModel->setLastActivity($oAdminData->profileId, 'Admins');
         HeaderUrl::redirect(Uri::get(PH7_ADMIN_MOD, 'main', 'index'), t('You signup is successfully!'));
     }
 }
 public function __construct()
 {
     parent::__construct();
     // Admin Security, if you have forgotten your admin password, comment this code below
     if ($this->httpRequest->get('mod') == PH7_ADMIN_MOD && ($this->registry->action == 'forgot' || $this->registry->action == 'reset')) {
         Header::redirect(Uri::get(PH7_ADMIN_MOD, 'main', 'login'), t('For security reasons, you do not have the right to generate a new password. To disable this security option, you must go to the Permission file of "lost-password" module'), 'error');
     }
     if ((UserCore::auth() || AffiliateCore::auth() || AdminCore::auth()) && ($this->registry->action == 'forgot' || $this->registry->action == 'reset')) {
         Header::redirect(Uri::get('lost-password', 'main', 'account'), $this->alreadyConnectedMsg(), 'error');
     }
 }
 public function account()
 {
     if (UserCore::auth()) {
         $sUrl = Uri::get('user', 'account', 'index');
     } elseif (AffiliateCore::auth()) {
         $sUrl = Uri::get('affiliate', 'account', 'index');
     } elseif (AdminCore::auth()) {
         $sUrl = Uri::get(PH7_ADMIN_MOD, 'main', 'index');
     } else {
         $sUrl = $this->registry->site_url;
     }
     Header::redirect($sUrl);
 }
 public function __construct()
 {
     parent::__construct();
     $bAffAuth = AffiliateCore::auth();
     $bAdminAuth = AdminCore::auth();
     if (!$bAffAuth && ($this->registry->controller === 'AdsController' || $this->registry->action === 'logout')) {
         Header::redirect(Uri::get('affiliate', 'signup', 'step1'), $this->signUpMsg(), 'error');
     }
     if (!$bAffAuth && !$bAdminAuth && ($this->registry->controller === 'AccountController' && $this->registry->action !== 'activate')) {
         Header::redirect(Uri::get('affiliate', 'signup', 'step1'), $this->signUpMsg(), 'error');
     }
     if ($bAffAuth && ($this->registry->controller === 'SignupController' || $this->registry->action === 'activate' || $this->registry->action === 'resendactivation' || $this->registry->action === 'login')) {
         Header::redirect(Uri::get('affiliate', 'account', 'index'), $this->alreadyConnectedMsg(), 'error');
     }
     if (!$bAdminAuth && $this->registry->controller === 'AdminController') {
         // For security reasons, we do not redirectionnons the user to hide the url of the administrative part.
         Header::redirect(Uri::get('affiliate', 'home', 'index'), $this->adminSignInMsg(), 'error');
     }
 }
<?php

/**
 * @author         Pierre-Henry Soria <*****@*****.**>
 * @copyright      (c) 2012-2016, Pierre-Henry Soria. All Rights Reserved.
 * @license        GNU General Public License; See PH7.LICENSE.txt and PH7.COPYRIGHT.txt in the root directory.
 * @package        PH7 / App / System / Core / Asset / Ajax / Popup
 */
namespace PH7;

defined('PH7') or exit('Restricted access');
use PH7\Framework\Mvc\Request\Http, PH7\Framework\Layout\Html\Design, PH7\Framework\Url\Url, PH7\Framework\Mvc\Router\Uri, PH7\Framework\Url\Header;
if (AdminCore::auth() || UserCore::auth() || AffiliateCore::auth()) {
    $oHttpRequest = new Http();
    $oDesign = new Design();
    $oDesign->htmlHeader();
    $oDesign->usefulHtmlHeader();
    echo '<div class="center">';
    if ($oHttpRequest->getExists(array('mod', 'ctrl', 'act', 'id'))) {
        $sLabel = $oHttpRequest->get('label');
        $sMod = $oHttpRequest->get('mod');
        $sCtrl = $oHttpRequest->get('ctrl');
        $sAct = $oHttpRequest->get('act');
        $mId = $oHttpRequest->get('id');
        ConfirmCoreForm::display(array('label' => Url::decode($sLabel), 'module' => $sMod, 'controller' => $sCtrl, 'action' => $sAct, 'id' => $mId));
    } else {
        echo '<p>' . t('Bad parameters in the URL!') . '</p>';
    }
    echo '</div>';
    $oDesign->htmlFooter();
    unset($oHttpRequest, $oDesign);
 /**
  * Gets The Current Session Token.
  *
  * @access protected
  * @return mixed (string | boolean) The "token" if a user is logged or "true" if no user is logged.
  */
 protected function currentSess()
 {
     if (\PH7\UserCore::auth()) {
         $sToken = $this->_oSession->get('member_token');
     } elseif (\PH7\AdminCore::auth()) {
         $sToken = $this->_oSession->get('admin_token');
     } elseif (\PH7\AffiliateCore::auth()) {
         $sToken = $this->_oSession->get('affiliate_token');
     } else {
         $sToken = true;
     }
     // If nobody is logged on, we did not need to do this test, so it returns true
     return $sToken;
 }
 /**
  * Display accurate homepage URL.
  *
  * @return void The homepage URL output.
  */
 public function homePageUrl()
 {
     if (\PH7\AdminCore::auth()) {
         $this->url(PH7_ADMIN_MOD, 'main', 'index');
     } elseif (\PH7\AffiliateCore::auth()) {
         $this->url('affiliate', 'account', 'index');
     } else {
         echo PH7_URL_ROOT;
     }
 }
Ejemplo n.º 8
0
 /**
  * Set a user authentication.
  *
  * @param object $oUserData User database object.
  * @param object \PH7\UserCoreModel $oUserModel
  * @param object \PH7\Framework\Session\Session $oSession
  * @return void
  */
 public function setAuth($oUserData, UserCoreModel $oUserModel, Session $oSession)
 {
     // Is disconnected if the user is logged on as "affiliate" or "administrator".
     if (AffiliateCore::auth() || AdminCore::auth()) {
         $oSession->destroy();
     }
     // Regenerate the session ID to prevent the session fixation
     $oSession->regenerateId();
     // Now we connect the member
     $aSessionData = ['member_id' => $oUserData->profileId, 'member_email' => $oUserData->email, 'member_username' => $oUserData->username, 'member_first_name' => $oUserData->firstName, 'member_sex' => $oUserData->sex, 'member_group_id' => $oUserData->groupId, 'member_ip' => Ip::get(), 'member_http_user_agent' => (new Browser())->getUserAgent(), 'member_token' => Various::genRnd($oUserData->email)];
     $oSession->set($aSessionData);
     (new Framework\Mvc\Model\Security())->addLoginLog($oUserData->email, $oUserData->username, '*****', 'Logged in!');
     $oUserModel->setLastActivity($oUserData->profileId);
     unset($oUserModel, $oUserData);
 }