/**
* Singleton instance getter
*
* @return vB5_User
*/
public static function instance()
{
if (self::$instance === null) {
$class = __CLASS__;
self::$instance = new $class();
}
return self::$instance;
}
public function actionLoginForm(array $errors = array(), array $formData = array())
{
$disableLoginForm = false;
//@TODO: Validate URL to check against whitelisted URLs
// VBV-8394 Remove URLPATH querystring from Login form URL
// use referer URL instead of querystring
// however, if the query string is provided, use that instead to handle older URLs
if (empty($_REQUEST['url'])) {
// use referrer
$url = filter_var(isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : vB5_Template_Options::instance()->get('options.frontendurl'), FILTER_SANITIZE_STRING);
} else {
// it's an old url. Use the query string
$url = filter_var(isset($_REQUEST['url']) ? $_REQUEST['url'] : vB5_Template_Options::instance()->get('options.frontendurl'), FILTER_SANITIZE_STRING);
}
// if it's encoded, we need to decode it to check if it's gonna try to redirect to the login or registration form.
$url_decoded = base64_decode($url, true);
$url_decoded = $url_decoded ? $url_decoded : $url;
if (!empty($url_decoded) and (strpos($url_decoded, '/auth/') !== false or strpos($url_decoded, '/register') !== false)) {
$url = '';
}
// Try to resolve some XSS attack. See VBV-1124
// Make sure the URL hasn't been base64 encoded already
if (!base64_decode($url, true)) {
$url = base64_encode($url);
}
// VBV-7835 Stop search engine index this page
header("X-Robots-Tag: noindex, nofollow");
// START: Enforce using https for login if frontendurl_login is set to https (VBV-8474)
// get the current URL and the base login URL for comparison
$requestBaseUrl = vB5_Request::instance()->get('vBUrlWebroot');
$loginBaseUrl = vB5_Template_Options::instance()->get('options.frontendurl_login');
$matchA = preg_match('#^(https?)://#', $requestBaseUrl, $matchResultA);
$matchB = preg_match('#^(https?)://#', $loginBaseUrl, $matchResultB);
// if the URL scheme (http or https) doesn't match, redirect to the right one
if (!($matchA and $matchB and $matchResultA[1] === $matchResultB[1])) {
// avoid infinite redirects
if (isset($_REQUEST['vb_login_redirected']) and $_REQUEST['vb_login_redirected'] == 1) {
// Something exteral to vB is redirecting back from https to http.
// Since we can't allow logging in over http if configured for https,
// we can't show the login form here
if (!isset($errors['errors'])) {
$errors['errors'] = array();
}
$errors['errors'][] = 'unable_to_redirect_to_the_correct_login_url';
$disableLoginForm = true;
} else {
header('Location: ' . $loginBaseUrl . '/auth/login-form?vb_login_redirected=1&url=' . urlencode($url));
exit;
}
}
// END: Enforce using https for login if frontendurl_login is set to https
$user = vB5_User::instance();
$templater = new vB5_Template('login_form');
$templater->register('charset', $user['lang_charset']);
$templater->register('errors', $errors);
$templater->register('formData', $formData);
$templater->register('url', $url);
$templater->register('urlpath', $url);
$templater->register('disableLoginForm', $disableLoginForm);
$this->outputPage($templater->render());
}
