public function __construct()
{
parent::__construct();
$oAffModel = new AffiliateModel();
$oSecurityModel = new SecurityModel();
$sEmail = $this->httpRequest->post('mail');
$sPassword = $this->httpRequest->post('password');
/** Check if the connection is not locked **/
$bIsLoginAttempt = (bool) DbConfig::getSetting('isAffiliateLoginAttempt');
$iMaxAttempts = (int) DbConfig::getSetting('maxAffiliateLoginAttempts');
$iTimeDelay = (int) DbConfig::getSetting('loginAffiliateAttemptTime');
if ($bIsLoginAttempt && !$oSecurityModel->checkLoginAttempt($iMaxAttempts, $iTimeDelay, $sEmail, $this->view, 'Affiliates')) {
\PFBC\Form::setError('form_login_aff', Form::loginAttemptsExceededMsg($iTimeDelay));
return;
// Stop execution of the method.
}
// Check Login
$sLogin = $oAffModel->login($sEmail, $sPassword, 'Affiliates');
if ($sLogin === 'email_does_not_exist' || $sLogin === 'password_does_not_exist') {
sleep(1);
// Security against brute-force attack to avoid drowning the server and the database
if ($sLogin === 'email_does_not_exist') {
$this->session->set('captcha_enabled', 1);
// Enable Captcha
\PFBC\Form::setError('form_login_aff', t('Oops! "%0%" is not associated with any %site_name% account.', escape(substr($sEmail, 0, PH7_MAX_EMAIL_LENGTH))));
$oSecurityModel->addLoginLog($sEmail, 'Guest', 'No Password', 'Failed! Incorrect Username', 'Affiliates');
} elseif ($sLogin === 'password_does_not_exist') {
$oSecurityModel->addLoginLog($sEmail, 'Guest', $sPassword, 'Failed! Incorrect Password', 'Affiliates');
if ($bIsLoginAttempt) {
$oSecurityModel->addLoginAttempt('Affiliates');
}
$this->session->set('captcha_enabled', 1);
// Enable Captcha
$sWrongPwdTxt = t('Oops! This password you entered is incorrect.') . '<br />';
$sWrongPwdTxt .= t('Please try again (make sure your caps lock is off).') . '<br />';
$sWrongPwdTxt .= t('Forgot your password? <a href="%0%">Request a new one</a>.', Uri::get('lost-password', 'main', 'forgot', 'affiliate'));
\PFBC\Form::setError('form_login_aff', $sWrongPwdTxt);
}
} else {
$oSecurityModel->clearLoginAttempts('Affiliates');
$this->session->remove('captcha_enabled');
$iId = $oAffModel->getId($sEmail, null, 'Affiliates');
$oAffData = $oAffModel->readProfile($iId, 'Affiliates');
if (true !== ($mStatus = (new AffiliateCore())->checkAccountStatus($oAffData))) {
\PFBC\Form::setError('form_login_aff', $mStatus);
} else {
// Is disconnected if the user is logged on as "user" or "administrator".
if (UserCore::auth() || AdminCore::auth()) {
$this->session->destroy();
}
// Regenerate the session ID to prevent the session fixation
$this->session->regenerateId();
$aSessionData = ['affiliate_id' => $oAffData->profileId, 'affiliate_email' => $oAffData->email, 'affiliate_username' => $oAffData->username, 'affiliate_first_name' => $oAffData->firstName, 'affiliate_sex' => $oAffData->sex, 'affiliate_ip' => Ip::get(), 'affiliate_http_user_agent' => $this->browser->getUserAgent(), 'affiliate_token' => Various::genRnd($oAffData->email)];
$this->session->set($aSessionData);
$oSecurityModel->addLoginLog($oAffData->email, $oAffData->username, '*****', 'Logged in!', 'Affiliates');
$oAffModel->setLastActivity($oAffData->profileId, 'Affiliates');
Header::redirect(Uri::get('affiliate', 'account', 'index'), t('You are successfully logged!'));
}
}
}
public function __construct()
{
parent::__construct();
$sIp = Ip::get();
$oAdminModel = new AdminModel();
$oSecurityModel = new SecurityModel();
$sEmail = $this->httpRequest->post('mail');
$sUsername = $this->httpRequest->post('username');
$sPassword = $this->httpRequest->post('password');
/*** Security IP Login ***/
$sIpLogin = DbConfig::getSetting('ipLogin');
/*** Check if the connection is not locked ***/
$bIsLoginAttempt = (bool) DbConfig::getSetting('isAdminLoginAttempt');
$iMaxAttempts = (int) DbConfig::getSetting('maxAdminLoginAttempts');
$iTimeDelay = (int) DbConfig::getSetting('loginAdminAttemptTime');
if ($bIsLoginAttempt && !$oSecurityModel->checkLoginAttempt($iMaxAttempts, $iTimeDelay, $sEmail, $this->view, 'Admins')) {
\PFBC\Form::setError('form_admin_login', Form::loginAttemptsExceededMsg($iTimeDelay));
return;
// Stop execution of the method.
}
/*** Check Login ***/
$bIsLogged = $oAdminModel->adminLogin($sEmail, $sUsername, $sPassword);
$bIsIpBanned = !empty($sIpLogin) && $sIpLogin !== $sIp;
if (!$bIsLogged || $bIsIpBanned) {
sleep(2);
// Security against brute-force attack to avoid drowning the server and the database
if (!$bIsLogged) {
$oSecurityModel->addLoginLog($sEmail, $sUsername, $sPassword, 'Failed! Incorrect Email, Username or Password', 'Admins');
if ($bIsLoginAttempt) {
$oSecurityModel->addLoginAttempt('Admins');
}
$this->session->set('captcha_admin_enabled', 1);
// Enable Captcha
\PFBC\Form::setError('form_admin_login', t('"Email", "Username" or "Password" is Incorrect'));
} elseif ($bIsIpBanned) {
$this->session->set('captcha_admin_enabled', 1);
// Enable Captcha
\PFBC\Form::setError('form_admin_login', t('Incorrect Login!'));
$oSecurityModel->addLoginLog($sEmail, $sUsername, $sPassword, 'Failed! Bad Ip adress', 'Admins');
}
} else {
$oSecurityModel->clearLoginAttempts('Admins');
$this->session->remove('captcha_admin_enabled');
// Is disconnected if the user is logged on as "user" or "affiliate".
if (UserCore::auth() || AffiliateCore::auth()) {
$this->session->destroy();
}
$iId = $oAdminModel->getId($sEmail, null, 'Admins');
$oAdminData = $oAdminModel->readProfile($iId, 'Admins');
// Regenerate the session ID to prevent the session fixation
$this->session->regenerateId();
$aSessionData = array('admin_id' => $oAdminData->profileId, 'admin_email' => $oAdminData->email, 'admin_username' => $oAdminData->username, 'admin_first_name' => $oAdminData->firstName, 'admin_ip' => $sIp, 'admin_http_user_agent' => $this->browser->getUserAgent(), 'admin_token' => Various::genRnd($oAdminData->email));
$this->session->set($aSessionData);
$oSecurityModel->addLoginLog($sEmail, $sUsername, '*****', 'Logged in!', 'Admins');
$oAdminModel->setLastActivity($oAdminData->profileId, 'Admins');
HeaderUrl::redirect(Uri::get(PH7_ADMIN_MOD, 'main', 'index'), t('You signup is successfully!'));
}
}
public function __construct()
{
parent::__construct();
$oUserModel = new UserCoreModel();
$oSecurityModel = new SecurityModel();
$sEmail = $this->httpRequest->post('mail');
$sPassword = $this->httpRequest->post('password');
/** Check if the connection is not locked **/
$bIsLoginAttempt = (bool) DbConfig::getSetting('isUserLoginAttempt');
$iMaxAttempts = (int) DbConfig::getSetting('maxUserLoginAttempts');
$iTimeDelay = (int) DbConfig::getSetting('loginUserAttemptTime');
if ($bIsLoginAttempt && !$oSecurityModel->checkLoginAttempt($iMaxAttempts, $iTimeDelay, $sEmail, $this->view)) {
\PFBC\Form::setError('form_login_user', Form::loginAttemptsExceededMsg($iTimeDelay));
return;
// Stop execution of the method.
}
// Check Login
$sLogin = $oUserModel->login($sEmail, $sPassword);
if ($sLogin === 'email_does_not_exist' || $sLogin === 'password_does_not_exist') {
sleep(1);
// Security against brute-force attack to avoid drowning the server and the database
if ($sLogin === 'email_does_not_exist') {
$this->session->set('captcha_enabled', 1);
// Enable Captcha
\PFBC\Form::setError('form_login_user', t('Oops! "%0%" is not associated with any %site_name% account.', escape(substr($sEmail, 0, PH7_MAX_EMAIL_LENGTH))));
$oSecurityModel->addLoginLog($sEmail, 'Guest', 'No Password', 'Failed! Incorrect Username');
} elseif ($sLogin === 'password_does_not_exist') {
$oSecurityModel->addLoginLog($sEmail, 'Guest', $sPassword, 'Failed! Incorrect Password');
if ($bIsLoginAttempt) {
$oSecurityModel->addLoginAttempt();
}
$this->session->set('captcha_enabled', 1);
// Enable Captcha
$sWrongPwdTxt = t('Oops! This password you entered is incorrect.') . '<br />';
$sWrongPwdTxt .= t('Please try again (make sure your caps lock is off).') . '<br />';
$sWrongPwdTxt .= t('Forgot your password? <a href="%0%">Request a new one</a>.', Uri::get('lost-password', 'main', 'forgot', 'user'));
\PFBC\Form::setError('form_login_user', $sWrongPwdTxt);
}
} else {
$oSecurityModel->clearLoginAttempts();
$this->session->remove('captcha_enabled');
$iId = $oUserModel->getId($sEmail);
$oUserData = $oUserModel->readProfile($iId);
if ($this->httpRequest->postExists('remember')) {
// We hash again the password
(new Framework\Cookie\Cookie())->set(array('member_remember' => Security::hashCookie($oUserData->password), 'member_id' => $oUserData->profileId));
}
$oUser = new UserCore();
if (true !== ($mStatus = $oUser->checkAccountStatus($oUserData))) {
\PFBC\Form::setError('form_login_user', $mStatus);
} else {
$oUser->setAuth($oUserData, $oUserModel, $this->session);
Header::redirect(Uri::get('user', 'account', 'index'), t('You are successfully logged!'));
}
}
}
