/**
* Validate the forms
*/
private function validateForm()
{
if ($this->frm->isSubmitted()) {
$txtEmail = $this->frm->getField('backend_email');
$txtPassword = $this->frm->getField('backend_password');
// required fields
if (!$txtEmail->isFilled() || !$txtPassword->isFilled()) {
// add error
$this->frm->addError('fields required');
// show error
$this->tpl->assign('hasError', true);
}
$this->getContainer()->get('logger')->info("Trying to authenticate user '{$txtEmail->getValue()}'.");
// invalid form-token?
if ($this->frm->getToken() != $this->frm->getField('form_token')->getValue()) {
// set a correct header, so bots understand they can't mess with us.
if (!headers_sent()) {
header('400 Bad Request', true, 400);
}
}
// get the user's id
$userId = BackendUsersModel::getIdByEmail($txtEmail->getValue());
// all fields are ok?
if ($txtEmail->isFilled() && $txtPassword->isFilled() && $this->frm->getToken() == $this->frm->getField('form_token')->getValue()) {
// try to login the user
if (!BackendAuthentication::loginUser($txtEmail->getValue(), $txtPassword->getValue())) {
$this->getContainer()->get('logger')->info("Failed authenticating user '{$txtEmail->getValue()}'.");
// add error
$this->frm->addError('invalid login');
// store attempt in session
$current = \SpoonSession::exists('backend_login_attempts') ? (int) \SpoonSession::get('backend_login_attempts') : 0;
// increment and store
\SpoonSession::set('backend_login_attempts', ++$current);
// save the failed login attempt in the user's settings
if ($userId !== false) {
BackendUsersModel::setSetting($userId, 'last_failed_login_attempt', time());
}
// show error
$this->tpl->assign('hasError', true);
}
}
// check sessions
if (\SpoonSession::exists('backend_login_attempts') && (int) \SpoonSession::get('backend_login_attempts') >= 5) {
// get previous attempt
$previousAttempt = \SpoonSession::exists('backend_last_attempt') ? \SpoonSession::get('backend_last_attempt') : time();
// calculate timeout
$timeout = 5 * (\SpoonSession::get('backend_login_attempts') - 4);
// too soon!
if (time() < $previousAttempt + $timeout) {
// sleep until the user can login again
sleep($timeout);
// set a correct header, so bots understand they can't mess with us.
if (!headers_sent()) {
header('503 Service Unavailable', true, 503);
}
} else {
// increment and store
\SpoonSession::set('backend_last_attempt', time());
}
// too many attempts
$this->frm->addEditor('too many attempts');
$this->getContainer()->get('logger')->info("Too many login attempts for user '{$txtEmail->getValue()}'.");
// show error
$this->tpl->assign('hasTooManyAttemps', true);
$this->tpl->assign('hasError', false);
}
// no errors in the form?
if ($this->frm->isCorrect()) {
// cleanup sessions
\SpoonSession::delete('backend_login_attempts');
\SpoonSession::delete('backend_last_attempt');
// save the login timestamp in the user's settings
$lastLogin = BackendUsersModel::getSetting($userId, 'current_login');
BackendUsersModel::setSetting($userId, 'current_login', time());
if ($lastLogin) {
BackendUsersModel::setSetting($userId, 'last_login', $lastLogin);
}
$this->getContainer()->get('logger')->info("Successfully authenticated user '{$txtEmail->getValue()}'.");
// redirect to the correct URL (URL the user was looking for or fallback)
$this->redirectToAllowedModuleAndAction();
}
}
// is the form submitted
if ($this->frmForgotPassword->isSubmitted()) {
// backend email
$email = $this->frmForgotPassword->getField('backend_email_forgot')->getValue();
// required fields
if ($this->frmForgotPassword->getField('backend_email_forgot')->isEmail(BL::err('EmailIsInvalid'))) {
// check if there is a user with the given emailaddress
if (!BackendUsersModel::existsEmail($email)) {
$this->frmForgotPassword->getField('backend_email_forgot')->addError(BL::err('EmailIsUnknown'));
}
}
// no errors in the form?
if ($this->frmForgotPassword->isCorrect()) {
// generate the key for the reset link and fetch the user ID for this email
$key = BackendAuthentication::getEncryptedString($email, uniqid());
// insert the key and the timestamp into the user settings
$userId = BackendUsersModel::getIdByEmail($email);
$user = new User($userId);
$user->setSetting('reset_password_key', $key);
$user->setSetting('reset_password_timestamp', time());
// variables to parse in the e-mail
$variables['resetLink'] = SITE_URL . BackendModel::createURLForAction('ResetPassword') . '&email=' . $email . '&key=' . $key;
// send e-mail to user
$from = $this->get('fork.settings')->get('Core', 'mailer_from');
$replyTo = $this->get('fork.settings')->get('Core', 'mailer_reply_to');
$message = \Common\Mailer\Message::newInstance(\SpoonFilter::ucfirst(BL::msg('ResetYourPasswordMailSubject')))->setFrom(array($from['email'] => $from['name']))->setTo(array($email))->setReplyTo(array($replyTo['email'] => $replyTo['name']))->parseHtml(BACKEND_MODULES_PATH . '/Authentication/Layout/Templates/Mails/ResetPassword.tpl', $variables);
$this->get('mailer')->send($message);
// clear post-values
$_POST['backend_email_forgot'] = '';
// show success message
$this->tpl->assign('isForgotPasswordSuccess', true);
// show form
$this->tpl->assign('showForm', true);
} else {
// errors?
$this->tpl->assign('showForm', true);
}
}
}
/**
* Validate the form
*/
private function validateForm()
{
if ($this->frm->isSubmitted()) {
// shorten fields
$newPassword = $this->frm->getField('backend_new_password');
$newPasswordRepeated = $this->frm->getField('backend_new_password_repeated');
// required fields
$newPassword->isFilled(BL::err('PasswordIsRequired'));
$newPasswordRepeated->isFilled(BL::err('PasswordRepeatIsRequired'));
// all fields are ok?
if ($newPassword->isFilled() && $newPasswordRepeated->isFilled()) {
// the passwords entered match
if ($newPassword->getValue() !== $newPasswordRepeated->getValue()) {
// add error
$this->frm->addError(BL::err('PasswordsDontMatch'));
// show error
$this->tpl->assign('error', BL::err('PasswordsDontMatch'));
}
}
if ($this->frm->isCorrect()) {
// change the users password
BackendUsersModel::updatePassword($this->user, $newPassword->getValue());
// attempt to login the user
if (!BackendAuthentication::loginUser($this->user->getEmail(), $newPassword->getValue())) {
// redirect to the login form with an error
$this->redirect(BackendModel::createURLForAction('Index', null, null, array('login' => 'failed')));
}
// redirect to the login form
$this->redirect(BackendModel::createURLForAction('Index', 'Dashboard', null, array('password_reset' => 'success')));
}
}
}
/**
* @return bool
*/
private function askToInstall()
{
if (array_key_exists($this->workingLocale, $this->installedLocale)) {
$reinstallLocale = $this->formatter->confirm('The locale is already installed, would you like to reinstall and overwrite the current translations?', false);
if (!$reinstallLocale) {
return true;
}
$this->installWorkingLocale(true);
return true;
}
$install = $this->formatter->confirm('Would you like to install this locale?');
if (!$install) {
return false;
}
$this->formatter->writeln('<info>Before you can enable a new locale you need to authenticate to be able to create the pages</info>');
while (!Authentication::loginUser($this->formatter->ask('Login'), $this->formatter->askHidden('Password'))) {
$this->formatter->error('Failed to login, please try again');
}
if (!Authentication::isAllowedAction('Copy', 'Pages')) {
$this->formatter->error('Your profile doesn\'t have the permission to execute the action Copy of the Pages module');
return false;
}
$this->installWorkingLocale();
$this->formatter->writeln('<info>Copying pages from the default locale to the current locale</info>');
BackendPagesModel::copy($this->defaultEnabledLocale, $this->workingLocale);
return true;
}
/**
* Get the API-key for a user.
*
* @param string $email The emailaddress for the user.
* @param string $password The password for the user.
* @return array
*/
public static function getAPIKey($email, $password)
{
$email = (string) $email;
$password = (string) $password;
// validate
if ($email == '') {
BaseAPI::output(BaseAPI::BAD_REQUEST, array('message' => 'No email-parameter provided.'));
}
if ($password == '') {
BaseAPI::output(BaseAPI::BAD_REQUEST, array('message' => 'No password-parameter provided.'));
}
// load user
try {
$user = new User(null, $email);
} catch (Exception $e) {
BaseAPI::output(BaseAPI::FORBIDDEN, array('message' => 'Can\'t authenticate you.'));
}
// validate password
if (!Authentication::loginUser($email, $password)) {
BaseAPI::output(BaseAPI::FORBIDDEN, array('message' => 'Can\'t authenticate you.'));
} else {
// does the user have access?
if ($user->getSetting('api_access', false) == false) {
BaseAPI::output(BaseAPI::FORBIDDEN, array('message' => 'Your account isn\'t allowed to use the API. Contact an administrator.'));
} else {
// create the key if needed
if ($user->getSetting('api_key', null) == null) {
$user->setSetting('api_key', uniqid());
}
// return the key
return array('api_key' => $user->getSetting('api_key'));
}
}
}
/**
* Logs in a user. We do this directly in the authentication class because
* this is a lot faster than submitting forms and following redirects
*
* Logging in using the forms is tested in the Authentication module
*/
protected function login()
{
Authentication::tearDown();
Authentication::loginUser('*****@*****.**', 'fork');
}
