Example #1
0
 /**
  * validate current password
  *
  * @return object $this
  */
 protected function validatePassword()
 {
     $current = $this->getSubmittedValue('current');
     try {
         $oCheckLogin = new UserAuth($this->Registry);
         $User = $oCheckLogin->validateLogin($this->Registry->Viewer->username, $current);
     } catch (\Lampcms\LoginException $e) {
         $this->setError('current', $this->_('This is not the correct password'));
     }
     return $this;
 }
Example #2
0
 /**
  * Use Credentials from Basic Auth headers
  * to instantiate our BasicAuthUser
  *
  * @throws \Lampcms\HttpResponseCodeException
  */
 protected function initBasicAuthUser($username, $pwd)
 {
     try {
         $UserAuth = new UserAuth($this->Registry);
         $User = $UserAuth->validateLogin($username, $pwd, '\\Lampcms\\Api\\UserBasicAuth');
         /**
          * If user logged in that means he got the email
          * with password,
          * thus we confirmed email address
          * and can activate user
          */
         $User->activate();
         $this->Registry->Viewer = $User;
         /**
          * Set $this->viewerId
          * it will result in increasing
          * access rate limit
          *
          *
          */
         $this->viewerId = $User->getUid();
     } catch (\Lampcms\LoginException $e) {
         e('Login error: ' . $e->getMessage() . ' in file: ' . $e->getFile() . ' on line: ' . $e->getLine());
         /**
          * Re-throw exception here with
          * proper HTTP Code (as HttpResponseCodeException)
          */
         throw new \Lampcms\HttpResponseCodeException('Wrong login credentials: ' . $e->getMessage(), 401);
     }
 }
Example #3
0
 public function main()
 {
     /**
      * Will not check for the valid 'form token'
      * in this form because potential
      * hacher has nothing to gain by
      * exploiting CSRF of a login form because
      * the user using this form is be definition
      * 'not yet logged in', so there is really
      * nothing to gain by tricking someonw to login
      */
     $bRemember = isset($this->Request['chkRemember']) ? (bool) $this->Request['chkRemember'] : false;
     d('$bRemember ' . $bRemember . ' $this->Request ' . print_r($this->Request->getArrayCopy(), 1));
     try {
         $oCheckLogin = new UserAuth($this->Registry);
         $User = $oCheckLogin->validateLogin($this->Request['login'], $this->Request['pwd']);
         /**
          * If user logged in that means he got the email
          * with password,
          * thus we confirmed email address
          * and can activate user
          */
         $User->activate();
     } catch (\Lampcms\LoginException $e) {
         /**
          * @todo may add extra setting to !config.ini to send login errors
          * to special dedicated email address that will receive all security (hacking attempts)
          * related errors.
          */
         d('Login error: ' . $e->getMessage() . ' in file: ' . $e->getFile() . ' on line: ' . $e->getLine());
         if (Request::isAjax()) {
             Responder::sendJSON(array('error' => $e->getMessage()));
         }
         $_SESSION['login_error'] = $e->getMessage();
         d('$_SESSION[login_error] ' . $_SESSION['login_error']);
         Responder::redirectToPage();
     }
     d('User: '******'onUserLogin');
     if ($bRemember) {
         \Lampcms\Cookie::sendLoginCookie($User->getUid(), $User['rs']);
     }
     Responder::redirectToPage();
 }