/**
* Displays the login page
* @param object $formModel
* @param bool $isMobile Whether this was called from mobile site controller
*/
public function login(LoginForm $model, $isMobile = false)
{
$model->attributes = $_POST['LoginForm'];
// get user input data
Session::cleanUpSessions();
$ip = $this->owner->getRealIp();
$userModel = $model->getUser();
$isRealUser = $userModel instanceof User;
$effectiveUsername = $isRealUser ? $userModel->username : $model->username;
$isActiveUser = $isRealUser && $userModel->status == User::STATUS_ACTIVE;
/* increment count on every session with this user/IP, to prevent brute force attacks
using session_id spoofing or whatever */
Yii::app()->db->createCommand('UPDATE x2_sessions SET status=status-1,lastUpdated=:time WHERE user=:name AND
CAST(IP AS CHAR)=:ip AND status BETWEEN -2 AND 0')->bindValues(array(':time' => time(), ':name' => $effectiveUsername, ':ip' => $ip))->execute();
$activeUser = Yii::app()->db->createCommand()->select('username')->from('x2_users')->where('username=:name AND status=1', array(':name' => $model->username))->limit(1)->queryScalar();
// get the correctly capitalized username
if (isset($_SESSION['sessionId'])) {
$sessionId = $_SESSION['sessionId'];
} else {
$sessionId = $_SESSION['sessionId'] = session_id();
}
$session = X2Model::model('Session')->findByPk($sessionId);
/* get the number of failed login attempts from this IP within timeout interval. If the
number of login attempts exceeds maximum, display captcha */
$badAttemptsRefreshTimeout = 900;
$maxFailedLoginAttemptsPerIP = 100;
$maxLoginsBeforeCaptcha = 5;
$this->pruneTimedOutBans($badAttemptsRefreshTimeout);
$failedLoginRecord = FailedLogins::model()->findActiveByIp($ip);
$badAttemptsWithThisIp = $failedLoginRecord ? $failedLoginRecord->attempts : 0;
if ($badAttemptsWithThisIp >= $maxFailedLoginAttemptsPerIP) {
$this->recordFailedLogin($ip);
throw new CHttpException(403, Yii::t('app', 'You are not authorized to use this application'));
}
// if this client has already tried to log in, increment their attempt count
if ($session === null) {
$session = new Session();
$session->id = $sessionId;
$session->user = $model->getSessionUserName();
$session->lastUpdated = time();
$session->status = 0;
$session->IP = $ip;
} else {
$session->lastUpdated = time();
$session->user = $model->getSessionUserName();
}
if ($isActiveUser === false) {
$model->verifyCode = '';
// clear captcha code
$model->validate();
// validate captcha if it's being used
$this->recordFailedLogin($ip);
$session->save();
if ($badAttemptsWithThisIp + 1 >= $maxFailedLoginAttemptsPerIP) {
throw new CHttpException(403, Yii::t('app', 'You are not authorized to use this application'));
} else {
if ($badAttemptsWithThisIp >= $maxLoginsBeforeCaptcha - 1) {
$model->useCaptcha = true;
$model->setScenario('loginWithCaptcha');
$session->status = -2;
}
}
} else {
if ($model->validate() && $model->login()) {
// user successfully logged in
if ($model->rememberMe) {
foreach (array('username', 'rememberMe') as $attr) {
// Expires in 30 days
AuxLib::setCookie(CHtml::resolveName($model, $attr), $model->{$attr}, 2592000);
}
} else {
foreach (array('username', 'rememberMe') as $attr) {
// Remove the cookie if they unchecked the box
AuxLib::clearCookie(CHtml::resolveName($model, $attr));
}
}
// We're not using the isAdmin parameter of the application
// here because isAdmin in this context hasn't been set yet.
$isAdmin = Yii::app()->user->checkAccess('AdminIndex');
if ($isAdmin && !$isMobile) {
$this->owner->attachBehavior('updaterBehavior', new UpdaterBehavior());
$this->owner->checkUpdates();
// check for updates if admin
} else {
Yii::app()->session['versionCheck'] = true;
}
// ...or don't
$session->status = 1;
$session->save();
SessionLog::logSession($model->username, $sessionId, 'login');
$_SESSION['playLoginSound'] = true;
if (YII_UNIT_TESTING && defined('X2_DEBUG_EMAIL') && X2_DEBUG_EMAIL) {
Yii::app()->session['debugEmailWarning'] = 1;
}
// if ( isset($_POST['themeName']) ) {
// $profile = X2Model::model('Profile')->findByPk(Yii::app()->user->id);
// $profile->theme = array_merge(
// $profile->theme,
// ThemeGenerator::loadDefault( $_POST['themeName'])
// );
// $profile->save();
// }
LoginThemeHelper::login();
if ($isMobile) {
$this->owner->redirect($this->owner->createUrl('/mobile/home'));
} else {
if (Yii::app()->user->returnUrl == '/site/index') {
$this->owner->redirect(array('/site/index'));
} else {
// after login, redirect to wherever
$this->owner->redirect(Yii::app()->user->returnUrl);
}
}
} else {
// login failed
$model->verifyCode = '';
// clear captcha code
$this->recordFailedLogin($ip);
$session->save();
if ($badAttemptsWithThisIp + 1 >= $maxFailedLoginAttemptsPerIP) {
throw new CHttpException(403, Yii::t('app', 'You are not authorized to use this application'));
} else {
if ($badAttemptsWithThisIp >= $maxLoginsBeforeCaptcha - 1) {
$model->useCaptcha = true;
$model->setScenario('loginWithCaptcha');
$session->status = -2;
}
}
}
}
$model->rememberMe = false;
}
public function actionIndex()
{
$this->layout = "login";
$model = new LoginForm();
$model->setScenario('Existing');
// collect user input data
if (isset($_POST['LoginForm'])) {
$model->attributes = $_POST['LoginForm'];
// validate user input and redirect to the previous page if valid
if ($model->validate() && $model->loginadmin()) {
$this->redirect($this->createAbsoluteUrl("/admin/default"));
} else {
$model->addError('password', Yii::t('global', 'Invalid username or password.'));
}
}
// display the login form
$this->render('index', array('model' => $model));
}
/**
* Checkout as a guest or as an existing user
*
* @return void
*/
public function actionIndex()
{
$this->checkoutForm = MultiCheckoutForm::loadFromSessionOrNew();
// did user leave checkout and come back?
$returnRoute = $this->checkoutForm->getCheckoutPoint();
if (is_null($returnRoute) === false && isset($_GET['showLogin']) === false) {
// send user to correct checkout point
$this->redirect($this->createAbsoluteUrl($returnRoute));
}
// if the user is already logged in take them straight to shipping
if (!Yii::app()->user->isGuest) {
$objCustomer = Customer::GetCurrent();
$this->checkoutForm->contactEmail = $this->checkoutForm->contactEmail_repeat = $objCustomer->email;
$this->checkoutForm->saveFormToSession();
// set cart customer if missing
$objCart = Yii::app()->shoppingcart;
if ($objCart->customer_id !== $objCustomer->id) {
$objCart->customer_id = $objCustomer->id;
$objCart->save();
}
$this->redirect($this->createAbsoluteUrl('/checkout/shippingaddress'));
}
$this->publishJS('index');
$this->layout = '/layouts/checkout-column2';
$model = new LoginForm();
$showLoginPasswordField = false;
// collect user input data
if (isset($_POST['LoginForm'])) {
$model->attributes = $_POST['LoginForm'];
// validate user input and continue if valid
if ($model->guest == 0) {
$showLoginPasswordField = true;
$success = $model->validate() && $model->login();
} else {
$model->setScenario('Guest');
$success = $model->validate();
}
if ($success) {
$this->checkoutForm->passedScenario = $model->getScenario();
$this->checkoutForm->contactEmail = strtolower($model->email);
$this->checkoutForm->contactEmail_repeat = strtolower($model->email);
$this->checkoutForm->saveFormToSession();
if ($this->checkoutForm->validate()) {
if ($model->guest) {
$this->redirect($this->createAbsoluteUrl('/checkout/shipping'));
} else {
$this->redirect($this->createAbsoluteUrl("/checkout/shippingaddress"));
}
}
}
$this->checkoutForm->addErrors($model->getErrors());
}
$blnShowLogin = false;
if (isset($_SESSION['checkoutform.cache'])) {
$model->email = $_SESSION['checkoutform.cache']['contactEmail'];
}
if (isset($_GET['showLogin'])) {
$blnShowLogin = $_GET['showLogin'];
}
// display the login form
$this->render('index', array('model' => $model, 'error' => $this->formatErrors(), 'blnShowLogin' => $blnShowLogin, 'showLoginPasswordField' => $showLoginPasswordField));
}
/**
* Displays the login page
*/
public function actionLogin()
{
$model = new LoginForm();
$model->useCaptcha = false;
if ($this->loginRequiresCaptcha()) {
$model->useCaptcha = true;
$model->setScenario('loginWithCaptcha');
}
$profile = null;
if (isset($_COOKIE['LoginForm'])) {
$model->setAttributes($_COOKIE['LoginForm']);
if (is_array($_COOKIE['LoginForm']) && in_array('username', array_keys($_COOKIE['LoginForm']))) {
$username = $_COOKIE['LoginForm']['username'];
$profile = Profile::model()->findByAttributes(array('username' => $username));
if ($profile) {
Yii::app()->params->profile = $profile;
}
}
}
$this->layout = '//layouts/login';
if (Yii::app()->user->isInitialized && !Yii::app()->user->isGuest) {
$this->redirect(Yii::app()->homeUrl);
return;
}
if (isset($_POST['LoginForm'])) {
$this->login($model);
}
header('REQUIRES_AUTH: 1');
// tell windows making AJAX requests to redirect
$this->render('login', array('model' => $model, 'profile' => $profile));
// display the login form
}
/**
* Displays the login page
*/
public function actionLogin()
{
if (Yii::app()->user->isInitialized && !Yii::app()->user->isGuest) {
$this->redirect($this->createAbsoluteUrl('home'));
return;
}
// allows client to detect login page redirect
if ($this->isAjaxRequest()) {
header('X2-Requested-Url: ' . AuxLib::getRequestUrl());
}
$model = new LoginForm();
$model->useCaptcha = false;
if ($this->loginRequiresCaptcha()) {
$model->useCaptcha = true;
$model->setScenario('loginWithCaptcha');
}
// if it is ajax validation request
/* this would bypass captcha. commented out to prevent security vulnerability */
/*if (isset($_POST['ajax']) && $_POST['ajax'] === 'login-form') {
echo CActiveForm::validate($model);
Yii::app()->end();
}*/
// collect user input data
if (isset($_POST['LoginForm'])) {
$this->login($model, true);
}
// display the login form
$this->render('login', array('model' => $model));
}
/**
* Process login from the popup Login box
*/
public function actionLogin()
{
if (!Yii::app()->user->isGuest && Yii::app()->isCommonSSL) {
Yii::app()->user->logout();
}
if (!Yii::app()->user->isGuest) {
$this->redirect($this->createAbsoluteUrl("/site"));
}
$model = new LoginForm();
$model->setScenario('Existing');
$response_array = array();
// collect user input data
if (isset($_POST['LoginForm'])) {
Yii::log("Attempting login", 'info', 'application.' . __CLASS__ . "." . __FUNCTION__);
$model->attributes = $_POST['LoginForm'];
// validate user input and redirect to the previous page if valid
if ($model->validate() && $model->login()) {
// remove any existing form information in cache
unset(Yii::app()->session[MultiCheckoutForm::$sessionKey]);
//If we're doing this as a shared login, redirect
if (Yii::app()->isCommonSSL) {
Yii::log("Common login redirecting", 'info', 'application.' . __CLASS__ . "." . __FUNCTION__);
//We logged in under the common URL but we don't stay here, so pass our login back
$strTimestamp = date("YmdHis");
$intCart = Yii::app()->shoppingcart->id;
$strIdentity = Yii::app()->user->id . "," . $intCart . "," . $strTimestamp;
Yii::log("Going to Shared URL with info: " . $strIdentity, 'info', 'application.' . __CLASS__ . "." . __FUNCTION__);
$redirString = _xls_encrypt($strIdentity);
$url = Yii::app()->createAbsoluteUrl("commonssl/login", array('link' => $redirString), 'http');
$strCustomUrl = Yii::app()->params['LIGHTSPEED_HOSTING_CUSTOM_URL'];
$strLightSpeedUrl = Yii::app()->params['LIGHTSPEED_HOSTING_LIGHTSPEED_URL'];
$url = str_replace($strLightSpeedUrl, $strCustomUrl, $url);
Yii::app()->getRequest()->redirect($url, true);
} else {
$this->redirect($this->createAbsoluteUrl("site/index", array(), 'http'));
}
}
}
if (Yii::app()->request->isAjaxRequest) {
echo json_encode($response_array);
} else {
$this->render('login', array('model' => $model));
}
}
public function actionLogin()
{
$this->layout = '//layouts/login';
// echo var_dump(Session::getOnlineUsers());
if (Yii::app()->user->isInitialized && !Yii::app()->user->isGuest) {
$this->redirect(Yii::app()->homeUrl);
return;
}
$model = new LoginForm();
$model->useCaptcha = false;
// collect user input data
if (isset($_POST['LoginForm'])) {
$model->attributes = $_POST['LoginForm'];
$ip = $this->getRealIp();
x2base::cleanUpSessions();
$session = CActiveRecord::model('Session')->findByAttributes(array('user' => $model->username, 'IP' => $ip));
if (isset($session)) {
$session->lastUpdated = time();
if ($session->status < 1) {
if ($session->status > -3) {
$session->status -= 1;
}
} else {
$session->status = -1;
}
if ($session->status < -1) {
$model->useCaptcha = true;
}
if ($session->status < -2) {
$model->setScenario('loginWithCaptcha');
}
} else {
$session = new Session();
$session->user = $model->username;
$session->lastUpdated = time();
$session->status = 1;
$session->IP = $ip;
}
if ($model->validate() && $model->login()) {
$user = User::model()->findByPk(Yii::app()->user->getId());
$user->login = time();
$user->save();
if ($user->username == 'admin') {
if (ini_get('allow_url_fopen') == 1) {
$context = stream_context_create(array('http' => array('timeout' => 2)));
$updateSources = array('http://x2planet.com/updates/versionCheck.php', 'http://x2base.com/updates/versionCheck.php');
$newVersion = '';
foreach ($updateSources as $url) {
$sourceVersion = @file_get_contents($url, 0, $context);
if ($sourceVersion !== false) {
$newVersion = $sourceVersion;
break;
}
}
if (empty($newVersion)) {
$newVersion = Yii::app()->params->version;
}
/*
// check X2Planet for updates
$x2planetVersion = @file_get_contents('http://x2planet.com/updates/versionCheck.php',0,$context);
if($x2planetVersion !== false)
$newVersion = $x2planetVersion;
else {
// try X2Base if that didn't work
$x2baseVersion = @file_get_contents('http://x2base.com/updates/versionCheck.php',0,$context);
if($x2baseVersion !== false)
$newVersion=$x2baseVersion;
else
$newVersion=Yii::app()->params->version;
} */
if (version_compare($newVersion, Yii::app()->params->version) > 0) {
// if the latest version is newer than our version
Yii::app()->session['versionCheck'] = false;
Yii::app()->session['newVersion'] = $newVersion;
} else {
Yii::app()->session['versionCheck'] = true;
}
} else {
Yii::app()->session['versionCheck'] = true;
}
} else {
Yii::app()->session['versionCheck'] = true;
}
Yii::app()->session['loginTime'] = time();
$session->status = 1;
$session->save();
if (Yii::app()->user->returnUrl == 'site/index') {
$this->redirect('index');
} else {
$this->redirect(Yii::app()->user->returnUrl);
}
} else {
$session->save();
$model->verifyCode = '';
if ($model->hasErrors()) {
$model->addError('username', Yii::t('app', 'Incorrect username or password.'));
}
$model->addError('password', Yii::t('app', 'Incorrect username or password.'));
}
}
// display the login form
$this->render('login', array('model' => $model));
}