private function doLogIn()
{
if (!AntiForgeryToken::getInstance()->validate()) {
return Response::fiveHundred();
}
if (!Honeypot::getInstance()->validate()) {
return Response::fiveHundred();
}
$hookEngine = HookEngine::getInstance();
$hookEngine->runAction('userIsLoggingIn');
$user = CurrentUser::getUserSession();
if ($user->isLoggedIn()) {
return Response::redirect(new Link(""));
}
$username = Request::getPostParameter("username");
$password = Request::getPostParameter("password");
if (!$username) {
return $this->showErrorMessage();
}
if (!$password) {
return $this->showErrorMessage();
}
$lockoutEngine = LockoutEngine::getInstance();
if ($lockoutEngine->isLockedOut($_SERVER['REMOTE_ADDR'])) {
return Response::redirect(new Link("users/login"));
}
$logger = Logger::getInstance();
$username = preg_replace('/\\s+/', '', strip_tags($username));
if (!$user->logIn($username, $password)) {
$logger->logIt(new LogEntry(0, logEntryType::warning, 'Someone failed to log into ' . $username . '\'s account from IP:' . $_SERVER['REMOTE_ADDR'], 0, new DateTime()));
return $this->showErrorMessage();
}
$user = CurrentUser::getUserSession();
$logger->logIt(new LogEntry(0, logEntryType::info, 'A new session was opened for ' . $user->getFullName() . ', who has an IP of ' . $_SERVER['REMOTE_ADDR'] . '.', $user->getUserID(), new DateTime()));
$hookEngine->runAction('userLoggedIn');
return Response::redirect(new Link(""));
}
private function secondStepPost($inParam2)
{
if (!$this->request->isPostRequest()) {
$this->response = Response::fourOhFour();
return;
}
if (!AntiForgeryToken::getInstance()->validate()) {
$this->response = Response::fiveHundred();
return;
}
if (!Honeypot::getInstance()->validate()) {
$this->response = Response::fiveHundred();
return;
}
$token = Request::getPostParameter('token');
$email = Request::getPostParameter('email');
$newPassword = Request::getPostParameter('newPassword');
$confirmNewPassword = Request::getPostParameter('confirmNewPassword');
if ($token === false) {
$this->response = Response::fiveHundred();
return;
}
if ($email === false) {
$this->response = Response::fiveHundred();
return;
}
if ($newPassword === false) {
$this->response = Response::fiveHundred();
return;
}
if ($confirmNewPassword === false) {
$this->response = Response::fiveHundred();
return;
}
$token = preg_replace('/\\s+/', '', strip_tags($token));
if ($inParam2 !== $token) {
$this->response = Response::fiveHundred();
return;
}
$forgotPasswordEngine = ForgotPasswordEngine::getInstance();
$forgotPassword1 = $forgotPasswordEngine->getForgotPasswordByToken($token);
if ($forgotPassword1 === false) {
$this->response = Response::fiveHundred();
return;
}
if (!$forgotPasswordEngine->forgotPasswordIsOfValidAge($forgotPassword1)) {
$this->response = Response::fourOhFour();
return;
}
$username = preg_replace('/\\s+/', '', strip_tags($email));
$validator = new emailValidator();
if (!$validator->validate($username)) {
$this->showErrorMessageForForgotPasswordIdentity();
$this->redirectOnError($inParam2);
return;
}
$user = UserEngine::getInstance()->getUserByEmail($username);
if ($user === false) {
$this->showErrorMessageForForgotPasswordIdentity();
$this->redirectOnError($inParam2);
return;
}
$forgotPassword2 = $forgotPasswordEngine->getForgotPasswordByUserID($user->getUserID());
if ($forgotPassword2 === false) {
$this->showErrorMessageForForgotPasswordIdentity();
$this->redirectOnError($inParam2);
return;
}
if (!$forgotPasswordEngine->forgotPasswordIsOfValidAge($forgotPassword2)) {
$this->showErrorMessageForForgotPasswordIdentity();
$this->redirectOnError($inParam2);
return;
}
if ($forgotPassword1->getID() !== $forgotPassword2->getID()) {
$this->showErrorMessageForForgotPasswordIdentity();
$this->redirectOnError($inParam2);
return;
}
if (!$forgotPassword1->verify($forgotPassword2->getToken(), $forgotPassword2->getUserID())) {
$this->showErrorMessageForForgotPasswordIdentity();
$this->redirectOnError($inParam2);
return;
}
if (!$forgotPassword2->verify($forgotPassword1->getToken(), $forgotPassword1->getUserID())) {
$this->showErrorMessageForForgotPasswordIdentity();
$this->redirectOnError($inParam2);
return;
}
$minimumPasswordLength = $forgotPasswordEngine->getMinimumPasswordLength();
if ($newPassword !== $confirmNewPassword) {
$this->showErrorMessageForForgotPasswordNonMatch($minimumPasswordLength);
$this->redirectOnError($inParam2);
return;
}
if (!$forgotPasswordEngine->resetUsersPassword($forgotPassword1->getToken(), $forgotPassword2->getUserID(), $newPassword, $confirmNewPassword)) {
$this->showErrorMessageForForgotPasswordNonMatch($minimumPasswordLength);
$this->redirectOnError($inParam2);
return;
}
$forgotPasswordEngine->removeForgotPassword($forgotPassword1);
$this->showSuccessMessageForForgotPasswordChange();
$this->response = Response::redirect(new Link("users/login"));
}
