/** * Login user * * This function logs the user in the system, using the specified password * <br/>Example: * <code> * $user = EfrontUserFactory :: factory('jdoe'); * $user -> login('mypass'); * </code> * * @param string $password The password to login with * @param boolean $encrypted Whether the password is already encrypted * @return boolean True if the user logged in successfully * @since 3.5.0 * @access public */ public function login($password, $encrypted = false) { //If the user is already logged in, log him out if ($this->isLoggedIn()) { //If the user is logged in right now on the same pc with the same session, return true (nothing to do) if ($this->isLoggedIn(session_id())) { if (!$encrypted && EfrontUser::createPassword($password) != $this->user['password']) { throw new EfrontUserException(_INVALIDPASSWORD, EfrontUserException::INVALID_PASSWORD); } else { if ($encrypted && $password != $this->user['password']) { throw new EfrontUserException(_INVALIDPASSWORD, EfrontUserException::INVALID_PASSWORD); } } return true; } elseif (!$this->allowMultipleLogin()) { $this->logout(); } } //If we are logged in as another user, log him out if (isset($_SESSION['s_login']) && $_SESSION['s_login'] != $this->user['login']) { try { EfrontUserFactory::factory($_SESSION['s_login'])->logout(session_id()); } catch (Exception $e) { } } //Empty session without destroying it foreach ($_SESSION as $key => $value) { if ($key != 'login_mode' && strpos($key, "facebook") === false) { //'login_mode' is used to facilitate lesson registrations unset($_SESSION[$key]); } } if ($this->user['pending']) { throw new EfrontUserException(_USERPENDING, EfrontUserException::USER_PENDING); } if (!$this->user['active']) { throw new EfrontUserException(_USERINACTIVE, EfrontUserException::USER_INACTIVE); } if ($this->isLdapUser) { //Authenticate LDAP user if (!eF_checkUserLdap($this->user['login'], $password)) { throw new EfrontUserException(_INVALIDPASSWORD, EfrontUserException::INVALID_PASSWORD); } } else { if (!$encrypted) { $password = EfrontUser::createPassword($password); } if ($password != $this->user['password']) { throw new EfrontUserException(_INVALIDPASSWORD, EfrontUserException::INVALID_PASSWORD); } } //if user language is deactivated or deleted, login user with system default language if ($GLOBALS['configuration']['onelanguage']) { $loginLanguage = $GLOBALS['configuration']['default_language']; } else { $activeLanguages = array_keys(EfrontSystem::getLanguages(true, true)); if (in_array($this->user['languages_NAME'], $activeLanguages)) { $loginLanguage = $this->user['languages_NAME']; } else { $loginLanguage = $GLOBALS['configuration']['default_language']; } } //Assign session variables $_SESSION['s_login'] = $this->user['login']; $_SESSION['s_password'] = $this->user['password']; $_SESSION['s_type'] = $this->user['user_type']; $_SESSION['s_language'] = $loginLanguage; $_SESSION['s_custom_identifier'] = sha1(microtime() . $this->user['login']); $_SESSION['s_time_target'] = array(0 => 'system'); //'s_time_target' is used to signify which of the system's area the user is currently accessing. It is a id => entity pair //$_SESSION['last_action_timestamp'] = time(); //Initialize first action //Insert log entry $fields_insert = array('users_LOGIN' => $this->user['login'], 'timestamp' => time(), 'action' => 'login', 'comments' => session_id(), 'session_ip' => eF_encodeIP($_SERVER['REMOTE_ADDR'])); eF_insertTableData("logs", $fields_insert); eF_updateTableData("users", array('last_login' => time()), "login='******'login']}'"); if ($GLOBALS['configuration']['ban_failed_logins']) { eF_deleteTableData("logs", "users_LOGIN='******'login'] . "' and action='failed_login'"); } //Insert user times entry $fields = array("session_timestamp" => time(), "session_id" => session_id(), "session_custom_identifier" => $_SESSION['s_custom_identifier'], "session_expired" => 0, "users_LOGIN" => $_SESSION['s_login'], "timestamp_now" => time(), "time" => 0, "entity" => 'system', "entity_id" => 0); eF_insertTableData("user_times", $fields); return true; }
// Check if the mobile version of eFront is required - if so set a session variable accordingly //eF_setMobile(); if ($GLOBALS['configuration']['show_license_note'] && $user->user['viewed_license'] == 0) { eF_redirect("index.php?ctg=agreement"); } else { EfrontEvent::triggerEvent(array("type" => EfrontEvent::SYSTEM_VISITED, "users_LOGIN" => $user->user['login'], "users_name" => $user->user['name'], "users_surname" => $user->user['surname'])); loginRedirect($user->user['user_type']); } exit; } catch (EfrontUserException $e) { if ($GLOBALS['configuration']['activate_ldap'] && $e->getCode() == EfrontUserException::USER_NOT_EXISTS) { if (!extension_loaded('ldap')) { $message = $e->getMessage() . '<br/>' . _LDAPEXTENSIONNOTLOADED; $message_type = 'failure'; } else { $result = eF_checkUserLdap($fb_form_new->exportValue('login'), $fb_form_new->exportValue('password')); if ($result) { //The user exists in the LDAP server eF_redirect("index.php?ctg=signup&ldap=1&login=" . $fb_form_new->exportValue('login')); } else { $message = _LOGINERRORPLEASEMAKESURECAPSLOCKISOFF; $message_type = 'failure'; } } } elseif ($e->getCode() == EfrontUserException::USER_PENDING) { $message = $e->getMessage(); $message_type = 'failure'; } elseif ($e->getCode() == EfrontUserException::USER_INACTIVE) { $message = $e->getMessage(); $message_type = 'failure'; } else {