Example #1
0
 /**
  * Authenticate user.
  *
  * @param  array $form Form fields.
  *
  * @return bool
  */
 protected function authenticate($form)
 {
     /** @var User $user */
     $user = $this->grav['user'];
     if (!$user->authenticated) {
         $username = isset($form['username']) ? $form['username'] : $this->rememberMe->login();
         // Normal login process
         $user = User::load($username);
         if ($user->exists()) {
             if (!empty($form['username']) && !empty($form['password'])) {
                 // Authenticate user
                 $user->authenticated = $user->authenticate($form['password']);
                 if ($user->authenticated) {
                     $this->grav['session']->user = $user;
                     unset($this->grav['user']);
                     $this->grav['user'] = $user;
                     // If the user wants to be remembered, create Rememberme cookie
                     if (!empty($form['rememberme'])) {
                         $this->rememberMe->createCookie($form['username']);
                     } else {
                         $this->rememberMe->clearCookie();
                         $this->rememberMe->getStorage()->cleanAllTriplets($user->get('username'));
                     }
                 }
             }
         }
     }
     // Authorize against user ACL
     $user_authorized = $user->authorize('site.login');
     $user->authenticated = $user->authenticated && $user_authorized;
     return $user->authenticated;
 }
Example #2
0
 /**
  * Logs the user in.
  *
  * @return \API\Document\User The user document
  */
 public function loginPost($request)
 {
     $params = new Set($request->post());
     // CSRF protection
     if (!$params->has('csrfToken') || !isset($_SESSION['csrfToken']) || $params->get('csrfToken') !== $_SESSION['csrfToken']) {
         throw new \Exception('Invalid CSRF token.', Resource::STATUS_BAD_REQUEST);
     }
     // This could be in JSON schema as well :)
     if (!$params->has('email') || !$params->has('password')) {
         throw new \Exception('Username or password missing!', Resource::STATUS_BAD_REQUEST);
     }
     $collection = $this->getDocumentManager()->getCollection('users');
     $cursor = $collection->find();
     $cursor->where('email', $params->get('email'));
     $cursor->where('passwordHash', sha1($params->get('password')));
     $document = $cursor->current();
     if (null === $document) {
         $errorMessage = 'Invalid login attempt. Try again!';
         $this->errors[] = $errorMessage;
         throw new \Exception($errorMessage, Resource::STATUS_UNAUTHORIZED);
     }
     $this->single = true;
     $this->users = [$document];
     // Set the session
     $_SESSION['userId'] = $document->getId();
     $_SESSION['expiresAt'] = time() + 3600;
     //1 hour
     // Set the Remember me cookie
     $rememberMeStorage = new RemembermeMongoStorage($this->getDocumentManager());
     $rememberMe = new Rememberme\Authenticator($rememberMeStorage);
     if ($params->has('rememberMe')) {
         $rememberMe->createCookie($document->getId());
     } else {
         $rememberMe->clearCookie();
     }
     return $document;
 }
Example #3
0
}
// Normally you would store the credentials in a DB
$username = "******";
$password = "******";
// Initialize RememberMe Library with file storage
$storagePath = dirname(__FILE__) . "/tokens";
if (!is_writable($storagePath) || !is_dir($storagePath)) {
    die("'{$storagePath}' does not exist or is not writable by the web server.\n            To run the example, please create the directory and give it the\n            correct permissions.");
}
$storage = new Rememberme\Storage\File($storagePath);
$rememberMe = new Rememberme\Authenticator($storage);
// First, we initialize the session, to see if we are already logged in
session_start();
if (!empty($_SESSION['username'])) {
    if (!empty($_GET['logout'])) {
        $rememberMe->clearCookie($_SESSION['username']);
        redirect(true);
    }
    if (!empty($_GET['completelogout'])) {
        $storage->cleanAllTriplets($_SESSION['username']);
        redirect(true);
    }
    // Check, if the Rememberme cookie exists and is still valid.
    // If not, we log out the current session
    if (!empty($_COOKIE[$rememberMe->getCookieName()]) && !$rememberMe->cookieIsValid()) {
        redirect(true);
    }
    // User is still logged in - show content
    $content = tpl("user_is_logged_in");
} else {
    // If we can present the correct tokens from the cookie, we are logged in