public function indexAction() { $auth = Zend_Auth::getInstance(); $registry = Zend_Registry::getInstance(); $router = Zend_Controller_Front::getInstance()->getRouter(); $request = $this->getRequest(); $params = $request->getParams(); $credential = Ml_Model_Credential::getInstance(); $session = Ml_Model_Session::getInstance(); if (!$auth->hasIdentity()) { $this->_redirect($router->assemble(array(), "index"), array("exit")); } if ($registry->isRegistered("signedUserInfo")) { $signedUserInfo = $registry->get("signedUserInfo"); } $form = $credential->logoutForm(); if ($request->isPost() && $form->isValid($request->getPost())) { ignore_user_abort(true); $unfilteredValues = $form->getUnfilteredValues(); if (isset($unfilteredValues['remote_signout'])) { $session->remoteLogout(); $this->view->remoteLogoutDone = true; } else { $session->logout(); $this->_redirect($router->assemble(array(), "index"), array("exit")); } } $recentActivity = $session->getRecentActivity($signedUserInfo['id']); $this->view->logoutForm = $form; $this->view->recentActivity = $recentActivity; }
public function isValid($value, $context = null) { $registry = Zend_Registry::getInstance(); $credential = Ml_Model_Credential::getInstance(); $this->_setValue($value); $valueString = (string) $value; if (mb_strlen($value) < 6 || mb_strlen($value) > 20) { return false; } if (!$registry->isRegistered('loginUserInfo')) { return false; } $loginUserInfo = $registry->get('loginUserInfo'); $adapter = $credential->getAuthAdapter($loginUserInfo['id'], $value); // Get our authentication adapter and check credentials if ($adapter) { $auth = Zend_Auth::getInstance(); $result = $auth->authenticate($adapter); if ($result->isValid()) { return true; } $this->_error(self::MSG_WRONG_PASSWORD); Ml_Model_AntiAttack::log(Ml_Model_AntiAttack::WRONG_CREDENTIAL); } return false; }
public function indexAction() { // shares/avatar files are deleted by an off-line routine in crontab $request = $this->getRequest(); $registry = Zend_Registry::getInstance(); $auth = Zend_Auth::getInstance(); $credential = Ml_Model_Credential::getInstance(); $peopleDelete = Ml_Model_PeopleDelete::getInstance(); $signedUserInfo = $registry->get("signedUserInfo"); $form = $peopleDelete->deleteAccountForm(); if ($request->isPost()) { $credentialInfo = $credential->getByUid($auth->getIdentity()); if (!$credentialInfo) { throw new Exception("Fatal error on checking credential in account delete controller."); } $registry->set('credentialInfoDataForPasswordChange', $credentialInfo); if ($form->isValid($request->getPost())) { $registry->set("canDeleteAccount", true); $peopleDelete->deleteAccount($signedUserInfo, sha1(serialize($signedUserInfo))); $auth->clearIdentity(); Zend_Session::namespaceUnset('Zend_Auth'); Zend_Session::regenerateId(); Zend_Session::destroy(true); $this->_redirect("/account/terminated", array("exit")); } } $this->view->deleteAccountForm = $form; }
public function indexAction() { $registry = Zend_Registry::getInstance(); $auth = Zend_Auth::getInstance(); $config = $registry->get("config"); $sessionConfig = $config['resources']['session']; Ml_Model_AntiAttack::loadRules(); $credential = Ml_Model_Credential::getInstance(); $logger = Ml_Model_Logger::getInstance(); if ($auth->hasIdentity()) { return $this->_forward("goback"); } $request = $this->getRequest(); $form = $credential->loginForm(); if (Ml_Model_AntiAttack::ensureHuman()) { $ensureHuman = true; } else { $ensureHuman = false; } if ($request->isPost()) { ignore_user_abort(true); //A way to sign in only if captcha is right. This is a workaround to //signout if the captcha is wrong. // //I've decided to put the sign in code in the validator itself, //but couldn't find a way to make the password validator //load after the captcha one (but to let it come first in code, //and that's ugly on the screen) and get a result if the //validation worked. Notice that it is only useful when //the captcha is required. if ($form->isValid($request->getPost())) { //@see below $session = Ml_Model_Session::getInstance(); //rememberMe and ForgetMe already regenerates the ID if ($form->getElement("remember_me")->isChecked()) { Zend_Session::rememberMe($sessionConfig['cookie_lifetime']); } else { Zend_Session::ForgetMe(); } $session->associate($auth->getIdentity(), Zend_Session::getId()); $logger->log(array("action" => "login", "username" => $form->getValue("username"))); $this->_forward("goback"); } else { //@see above if ($auth->hasIdentity()) { $auth->clearIdentity(); } $logger->log(array("action" => "login_denied", "username" => $form->getValue("username"))); $this->view->errorlogin = true; } //@end of workaround } $challenge = $form->getElement("challenge"); //don't show missing value in the first time that asks for the captcha if (!$ensureHuman && is_object($challenge)) { $challenge->setErrorMessages(array("missingValue" => '')); } $this->view->loginform = $form; }
public function passwordAction() { $request = $this->getRequest(); $auth = Zend_Auth::getInstance(); $registry = Zend_Registry::getInstance(); $router = Zend_Controller_Front::getInstance()->getRouter(); $people = Ml_Model_People::getInstance(); $credential = Ml_Model_Credential::getInstance(); $recover = Ml_Model_Recover::getInstance(); $params = $request->getParams(); $this->view->request = $request; if ($auth->hasIdentity()) { if (isset($params['confirm_uid'])) { $this->_redirect($router->assemble(array(), "logout") . "?please", array("exit")); } $form = $credential->newPasswordForm(); $uid = $auth->getIdentity(); $registry->set("changeUserProperPassword", true); $signedUserInfo = $registry->get("signedUserInfo"); } else { if (isset($params['confirm_uid']) && isset($params['security_code'])) { $recoverInfo = $recover->getAuthorization($params["confirm_uid"], $params["security_code"]); if (!$recoverInfo) { return $this->_forward("unavailable"); } $form = $credential->newPasswordForm($params["confirm_uid"], $params["security_code"]); $uid = $recoverInfo['uid']; } else { return $this->_forward("redirect", "login"); } } if ($auth->hasIdentity()) { $this->view->userInfoDataForPasswordChange = $signedUserInfo; } else { $userInfo = $people->getById($request->getParam("confirm_uid")); $this->view->userInfoDataForPasswordChange = $userInfo; } if ($request->isPost()) { $credentialInfo = $credential->getByUid($uid); if (!$credentialInfo) { $this->_redirect($router->assemble(array(), "index"), array("exit")); } $registry->set('credentialInfoDataForPasswordChange', $credentialInfo); if ($form->isValid($request->getPost())) { $password = $form->getValue("password"); if (isset($recoverInfo)) { $recover->closeCase($uid); } $credential->setCredential($uid, $password); $this->view->passwordReset = true; } } if (!isset($this->view->passwordReset)) { $this->view->passwordForm = $form; } }
public function isValid($value) { $registry = Zend_Registry::getInstance(); $credential = Ml_Model_Credential::getInstance(); $this->_setValue($value); $valueString = (string) $value; if (mb_strlen($value) < 6 || mb_strlen($value) > 20) { return false; } $credentialInfoData = $registry->get('credentialInfoDataForPasswordChange'); $adapter = $credential->getAuthAdapter($credentialInfoData['uid'], $value); $authenticate = $adapter->authenticate(); if ($authenticate->getCode() != Zend_Auth_Result::SUCCESS) { $this->_error(self::MSG_WRONG_PASSWORD); return false; } return true; }
public function confirmAction() { $auth = Zend_Auth::getInstance(); $request = $this->getRequest(); $registry = Zend_Registry::getInstance(); $router = Zend_Controller_Front::getInstance()->getRouter(); $config = $registry->get("config"); if ($auth->hasIdentity()) { $registry->set("pleaseSignout", true); return $this->_forward("index", "logout"); } $signUp = Ml_Model_SignUp::getInstance(); $credential = Ml_Model_Credential::getInstance(); $people = Ml_Model_People::getInstance(); $profile = Ml_Model_Profile::getInstance(); if ($config['ssl'] && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on")) { $this->_redirect("https://" . $config['webhostssl'] . $router->assemble(array($request->getUserParams()), "join_emailconfirm"), array("exit")); } $securityCode = $request->getParam("security_code"); $confirmationInfo = $signUp->getByHash($securityCode); if (!$confirmationInfo) { $this->getResponse()->setHttpResponseCode(404); return $this->_forward("unavailable"); } $form = $signUp->newIdentityForm($securityCode); if ($request->isPost() && $form->isValid($request->getPost())) { $newUsername = $form->getValue("newusername"); $password = $form->getValue("password"); $preUserInfo = array("alias" => $newUsername, "membershipdate" => $confirmationInfo['timestamp'], "name" => $confirmationInfo['name'], "email" => $confirmationInfo['email']); $uid = $people->create($newUsername, $password, $preUserInfo, $confirmationInfo); $getUserByUsername = $people->getByUsername($preUserInfo['alias']); $adapter = $credential->getAuthAdapter($getUserByUsername['id'], $password); if ($adapter) { $result = $auth->authenticate($adapter); if ($result->getCode() != Zend_Auth_Result::SUCCESS) { throw new Exception("Could not authenticate 'just created' user"); } } Zend_Session::regenerateId(); $this->_redirect($router->assemble(array(), "join_welcome"), array("exit")); } $this->view->entry = $confirmationInfo; $this->view->confirmForm = $form; }
public function isValid($value) { $registry = Zend_Registry::getInstance(); $credential = Ml_Model_Credential::getInstance(); $this->_setValue($value); $valueString = (string) $value; if (mb_strlen($value) < 6 || mb_strlen($value) > 20) { return false; } $credInfo = $registry->get('credentialInfoDataForPasswordChange'); $adapter = $credential->getAuthAdapter($credInfo['uid'], $value); $resp = $adapter->authenticate(); //shall not accept the same password as before if ($resp->getCode() == Zend_Auth_Result::SUCCESS) { $this->_error(self::MSG_SAME_PASSWORD); return false; } return true; }
public function create($username, $password, $data, $confirmationInfo) { $signUp = Ml_Model_SignUp::getInstance(); $credential = Ml_Model_Credential::getInstance(); $profile = Ml_Model_Profile::getInstance(); $this->_dbAdapter->beginTransaction(); try { $signUp->delete($confirmationInfo['id']); $this->_dbTable->insert($data); $uid = $this->_dbAdapter->lastInsertId(); if (!$uid) { throw new Exception("Failed to create user account"); } $credential->setCredential($uid, $password); $profile->create($uid); $this->_dbAdapter->commit(); } catch (Exception $e) { $this->_dbAdapter->rollBack(); throw $e; } return $uid; }