public function __construct()
{
parent::__construct();
$sIp = Ip::get();
$oAdminModel = new AdminModel();
$oSecurityModel = new SecurityModel();
$sEmail = $this->httpRequest->post('mail');
$sUsername = $this->httpRequest->post('username');
$sPassword = $this->httpRequest->post('password');
/*** Security IP Login ***/
$sIpLogin = DbConfig::getSetting('ipLogin');
/*** Check if the connection is not locked ***/
$bIsLoginAttempt = (bool) DbConfig::getSetting('isAdminLoginAttempt');
$iMaxAttempts = (int) DbConfig::getSetting('maxAdminLoginAttempts');
$iTimeDelay = (int) DbConfig::getSetting('loginAdminAttemptTime');
if ($bIsLoginAttempt && !$oSecurityModel->checkLoginAttempt($iMaxAttempts, $iTimeDelay, $sEmail, $this->view, 'Admins')) {
\PFBC\Form::setError('form_admin_login', Form::loginAttemptsExceededMsg($iTimeDelay));
return;
// Stop execution of the method.
}
/*** Check Login ***/
$bIsLogged = $oAdminModel->adminLogin($sEmail, $sUsername, $sPassword);
$bIsIpBanned = !empty($sIpLogin) && $sIpLogin !== $sIp;
if (!$bIsLogged || $bIsIpBanned) {
sleep(2);
// Security against brute-force attack to avoid drowning the server and the database
if (!$bIsLogged) {
$oSecurityModel->addLoginLog($sEmail, $sUsername, $sPassword, 'Failed! Incorrect Email, Username or Password', 'Admins');
if ($bIsLoginAttempt) {
$oSecurityModel->addLoginAttempt('Admins');
}
$this->session->set('captcha_admin_enabled', 1);
// Enable Captcha
\PFBC\Form::setError('form_admin_login', t('"Email", "Username" or "Password" is Incorrect'));
} elseif ($bIsIpBanned) {
$this->session->set('captcha_admin_enabled', 1);
// Enable Captcha
\PFBC\Form::setError('form_admin_login', t('Incorrect Login!'));
$oSecurityModel->addLoginLog($sEmail, $sUsername, $sPassword, 'Failed! Bad Ip adress', 'Admins');
}
} else {
$oSecurityModel->clearLoginAttempts('Admins');
$this->session->remove('captcha_admin_enabled');
// Is disconnected if the user is logged on as "user" or "affiliate".
if (UserCore::auth() || AffiliateCore::auth()) {
$this->session->destroy();
}
$iId = $oAdminModel->getId($sEmail, null, 'Admins');
$oAdminData = $oAdminModel->readProfile($iId, 'Admins');
// Regenerate the session ID to prevent the session fixation
$this->session->regenerateId();
$aSessionData = array('admin_id' => $oAdminData->profileId, 'admin_email' => $oAdminData->email, 'admin_username' => $oAdminData->username, 'admin_first_name' => $oAdminData->firstName, 'admin_ip' => $sIp, 'admin_http_user_agent' => $this->browser->getUserAgent(), 'admin_token' => Various::genRnd($oAdminData->email));
$this->session->set($aSessionData);
$oSecurityModel->addLoginLog($sEmail, $sUsername, '*****', 'Logged in!', 'Admins');
$oAdminModel->setLastActivity($oAdminData->profileId, 'Admins');
HeaderUrl::redirect(Uri::get(PH7_ADMIN_MOD, 'main', 'index'), t('You signup is successfully!'));
}
}
public function __construct()
{
parent::__construct();
// Admin Security, if you have forgotten your admin password, comment this code below
if ($this->httpRequest->get('mod') == PH7_ADMIN_MOD && ($this->registry->action == 'forgot' || $this->registry->action == 'reset')) {
Header::redirect(Uri::get(PH7_ADMIN_MOD, 'main', 'login'), t('For security reasons, you do not have the right to generate a new password. To disable this security option, you must go to the Permission file of "lost-password" module'), 'error');
}
if ((UserCore::auth() || AffiliateCore::auth() || AdminCore::auth()) && ($this->registry->action == 'forgot' || $this->registry->action == 'reset')) {
Header::redirect(Uri::get('lost-password', 'main', 'account'), $this->alreadyConnectedMsg(), 'error');
}
}
public function account()
{
if (UserCore::auth()) {
$sUrl = Uri::get('user', 'account', 'index');
} elseif (AffiliateCore::auth()) {
$sUrl = Uri::get('affiliate', 'account', 'index');
} elseif (AdminCore::auth()) {
$sUrl = Uri::get(PH7_ADMIN_MOD, 'main', 'index');
} else {
$sUrl = $this->registry->site_url;
}
Header::redirect($sUrl);
}
public function __construct()
{
parent::__construct();
$bAffAuth = AffiliateCore::auth();
$bAdminAuth = AdminCore::auth();
if (!$bAffAuth && ($this->registry->controller === 'AdsController' || $this->registry->action === 'logout')) {
Header::redirect(Uri::get('affiliate', 'signup', 'step1'), $this->signUpMsg(), 'error');
}
if (!$bAffAuth && !$bAdminAuth && ($this->registry->controller === 'AccountController' && $this->registry->action !== 'activate')) {
Header::redirect(Uri::get('affiliate', 'signup', 'step1'), $this->signUpMsg(), 'error');
}
if ($bAffAuth && ($this->registry->controller === 'SignupController' || $this->registry->action === 'activate' || $this->registry->action === 'resendactivation' || $this->registry->action === 'login')) {
Header::redirect(Uri::get('affiliate', 'account', 'index'), $this->alreadyConnectedMsg(), 'error');
}
if (!$bAdminAuth && $this->registry->controller === 'AdminController') {
// For security reasons, we do not redirectionnons the user to hide the url of the administrative part.
Header::redirect(Uri::get('affiliate', 'home', 'index'), $this->adminSignInMsg(), 'error');
}
}
<?php
/**
* @author Pierre-Henry Soria <*****@*****.**>
* @copyright (c) 2012-2016, Pierre-Henry Soria. All Rights Reserved.
* @license GNU General Public License; See PH7.LICENSE.txt and PH7.COPYRIGHT.txt in the root directory.
* @package PH7 / App / System / Core / Asset / Ajax / Popup
*/
namespace PH7;
defined('PH7') or exit('Restricted access');
use PH7\Framework\Mvc\Request\Http, PH7\Framework\Layout\Html\Design, PH7\Framework\Url\Url, PH7\Framework\Mvc\Router\Uri, PH7\Framework\Url\Header;
if (AdminCore::auth() || UserCore::auth() || AffiliateCore::auth()) {
$oHttpRequest = new Http();
$oDesign = new Design();
$oDesign->htmlHeader();
$oDesign->usefulHtmlHeader();
echo '<div class="center">';
if ($oHttpRequest->getExists(array('mod', 'ctrl', 'act', 'id'))) {
$sLabel = $oHttpRequest->get('label');
$sMod = $oHttpRequest->get('mod');
$sCtrl = $oHttpRequest->get('ctrl');
$sAct = $oHttpRequest->get('act');
$mId = $oHttpRequest->get('id');
ConfirmCoreForm::display(array('label' => Url::decode($sLabel), 'module' => $sMod, 'controller' => $sCtrl, 'action' => $sAct, 'id' => $mId));
} else {
echo '<p>' . t('Bad parameters in the URL!') . '</p>';
}
echo '</div>';
$oDesign->htmlFooter();
unset($oHttpRequest, $oDesign);
/**
* Gets The Current Session Token.
*
* @access protected
* @return mixed (string | boolean) The "token" if a user is logged or "true" if no user is logged.
*/
protected function currentSess()
{
if (\PH7\UserCore::auth()) {
$sToken = $this->_oSession->get('member_token');
} elseif (\PH7\AdminCore::auth()) {
$sToken = $this->_oSession->get('admin_token');
} elseif (\PH7\AffiliateCore::auth()) {
$sToken = $this->_oSession->get('affiliate_token');
} else {
$sToken = true;
}
// If nobody is logged on, we did not need to do this test, so it returns true
return $sToken;
}
/**
* Display accurate homepage URL.
*
* @return void The homepage URL output.
*/
public function homePageUrl()
{
if (\PH7\AdminCore::auth()) {
$this->url(PH7_ADMIN_MOD, 'main', 'index');
} elseif (\PH7\AffiliateCore::auth()) {
$this->url('affiliate', 'account', 'index');
} else {
echo PH7_URL_ROOT;
}
}
/**
* Set a user authentication.
*
* @param object $oUserData User database object.
* @param object \PH7\UserCoreModel $oUserModel
* @param object \PH7\Framework\Session\Session $oSession
* @return void
*/
public function setAuth($oUserData, UserCoreModel $oUserModel, Session $oSession)
{
// Is disconnected if the user is logged on as "affiliate" or "administrator".
if (AffiliateCore::auth() || AdminCore::auth()) {
$oSession->destroy();
}
// Regenerate the session ID to prevent the session fixation
$oSession->regenerateId();
// Now we connect the member
$aSessionData = ['member_id' => $oUserData->profileId, 'member_email' => $oUserData->email, 'member_username' => $oUserData->username, 'member_first_name' => $oUserData->firstName, 'member_sex' => $oUserData->sex, 'member_group_id' => $oUserData->groupId, 'member_ip' => Ip::get(), 'member_http_user_agent' => (new Browser())->getUserAgent(), 'member_token' => Various::genRnd($oUserData->email)];
$oSession->set($aSessionData);
(new Framework\Mvc\Model\Security())->addLoginLog($oUserData->email, $oUserData->username, '*****', 'Logged in!');
$oUserModel->setLastActivity($oUserData->profileId);
unset($oUserModel, $oUserData);
}
