/**
* Set the field values
*
* @param array $values
* @return UserEmail
*/
public function setFieldValues(array $values = null)
{
parent::setFieldValues($values);
if ($_POST && null !== $this->email) {
// Check for dupe email
$user = null;
$email = null;
if (null !== $this->email) {
$user = Table\Users::findBy(['username' => $this->email]);
if (isset($user->id) && $this->id != $user->id) {
$this->getElement('email')->addValidator(new Validator\NotEqual($this->email, 'That email already exists.'));
} else {
$email = Table\Users::findBy(['email' => $this->email]);
if (isset($email->id) && $this->id != $email->id) {
$this->getElement('email')->addValidator(new Validator\NotEqual($this->email1, 'That email already exists.'));
}
}
}
// If existing user
if ((int) $_POST['id'] > 0) {
if (!empty($this->password1)) {
$this->getElement('password2')->setRequired(true)->addValidator(new Validator\Equal($this->password1, 'The passwords do not match.'));
}
// Else, if new user, check email and password matches
} else {
$this->getElement('password2')->setRequired(true)->addValidator(new Validator\Equal($this->password1, 'The passwords do not match.'));
}
}
return $this;
}
/**
* Config the auth object
*
* @param \Phire\Table\UserTypes $type
* @param string $username
* @param array $options
* @return \Phire\Auth\Auth
*/
public function config($type, $username = null, $options = array())
{
// Set the password encryption and salt
$this->setEncryption((int) $type->password_encryption);
$this->setEncryptionOptions($options);
// Set attempt limit
$this->setAttemptLimit((int) $type->allowed_attempts);
// Set allowed IPs
if (!empty($type->ip_allowed)) {
$allowed = explode(',', $type->ip_allowed);
$this->setAllowedIps($allowed);
$this->setAllowedSubnets($allowed);
}
// Set blocked IPs
if (!empty($type->ip_blocked)) {
$blocked = explode(',', $type->ip_blocked);
$this->setBlockedIps($blocked);
$this->setBlockedSubnets($blocked);
}
// Set failed attempts
if (null !== $username) {
$user = Table\Users::findBy(array('username' => $username));
if (isset($user->id)) {
$this->setAttempts((int) $user->failed_attempts);
}
}
return $this;
}
/**
* Set the field values
*
* @param array $values
* @param array $filters
* @param \Phire\Auth\Auth $auth
* @param \Phire\Table\UserTypes $type
* @param \Phire\Model\User $user
* @return \Pop\Form\Form
*/
public function setFieldValues(array $values = null, $filters = null, $auth = null, $type = null, $user = null)
{
parent::setFieldValues($values, $filters);
if ($_POST) {
// Authenticate and get the auth result
$auth->authenticate($this->username, $this->password);
$result = $auth->getAuthResult($type, $this->username);
if (null !== $result) {
$user->login($this->username, $type, false);
if ($auth->getResult() == \Pop\Auth\Auth::PASSWORD_INCORRECT) {
$this->getElement('password')->addValidator(new Validator\NotEqual($this->password, $result));
} else {
$this->getElement('username')->addValidator(new Validator\NotEqual($this->username, $result));
}
}
// Check the user's allowed sites
if (strtolower($type->type) != 'user') {
$u = Table\Users::findBy(array('username' => $this->username));
if (isset($u->id)) {
$siteIds = unserialize($u->site_ids);
$site = Table\Sites::findBy(array('document_root' => $_SERVER['DOCUMENT_ROOT']));
$siteId = isset($site->id) ? $site->id : '0';
if (!in_array($siteId, $siteIds)) {
$this->getElement('username')->addValidator(new Validator\NotEqual($this->username, $this->i18n->__('That user is not allowed on this site.')));
}
}
}
}
return $this;
}
/**
* Set the field values
*
* @param array $values
* @return Unsubscribe
*/
public function setFieldValues(array $values = null)
{
parent::setFieldValues($values);
if ($_POST && null !== $this->email) {
$member = Table\Users::findBy(['email' => $this->email]);
if (!isset($member->id)) {
$this->getElement('email')->addValidator(new Validator\NotEqual($this->email, 'That email does not exist.'));
} else {
if (null !== $member->role_id) {
$sess = \Pop\Web\Session::getInstance();
$requireLogin = true;
$role = Table\Roles::findById($member->role_id);
if (isset($role->id) && null !== $role->permissions) {
$permissions = unserialize($role->permissions);
if (isset($permissions['deny'])) {
foreach ($permissions['deny'] as $deny) {
if ($deny['resource'] == 'member-login') {
$requireLogin = false;
}
}
}
}
if ($requireLogin) {
if (!isset($sess->member) || isset($sess->member) && $sess->member->id != $member->id) {
$memberAdmin = new \Phire\Members\Model\MembersAdmin();
$memberAdmin->getByRoleId($member->role_id);
$memberUri = isset($memberAdmin->uri) ? $memberAdmin->uri : APP_URI;
$this->getElement('email')->addValidator(new Validator\NotEqual($this->email, 'You must <a href="' . BASE_PATH . $memberUri . '/login">log in</a> to unsubscribe.'));
}
}
}
}
}
return $this;
}
/**
* Set the field values
*
* @param array $values
* @param array $filters
* @return \Pop\Form\Form
*/
public function setFieldValues(array $values = null, $filters = null)
{
parent::setFieldValues($values, $filters);
if ($_POST) {
if (Validator\Email::factory()->evaluate($this->email)) {
$user = Table\Users::findBy(array('email' => $this->email));
if (!isset($user->id)) {
$this->getElement('email')->addValidator(new Validator\NotEqual($this->email, $this->i18n->__('That email does not exist.')));
}
}
}
return $this;
}
/**
* Add action method
*
* @return void
*/
public function add()
{
$roleId = $this->getRoleId();
$username = '';
$email = null;
$role = new Model\Role();
$role->getById($roleId);
$this->console->write();
$dupeUser = Table\Users::findBy(['username' => $username]);
while ($username == '' || isset($dupeUser->id)) {
if (isset($dupeUser->id)) {
$this->console->write($this->console->colorize('That username already exists.', Console::BOLD_RED));
$username = '';
}
if ($role->email_as_username) {
while (!(new Email())->evaluate($username)) {
$username = $this->console->prompt($this->console->getIndent() . 'Enter Email: ');
}
$email = $username;
} else {
while ($username == '') {
$username = $this->console->prompt($this->console->getIndent() . 'Enter Username: '******'';
while (!(new Email())->evaluate($email)) {
$email = $this->console->prompt($this->console->getIndent() . 'Enter Email: ');
}
}
}
$dupeUser = Table\Users::findBy(['username' => $username]);
}
$password = '';
while ($password == '') {
$password = $this->console->prompt($this->console->getIndent() . 'Enter Password: '******'';
while (strtolower($active) != 'y' && strtolower($active) != 'n') {
$active = $this->console->prompt($this->console->getIndent() . 'Active? (Y/N): ');
}
$verified = '';
while (strtolower($verified) != 'y' && strtolower($verified) != 'n') {
$verified = $this->console->prompt($this->console->getIndent() . 'Verified? (Y/N): ');
}
$fields = ['role_id' => $roleId, 'username' => $username, 'password1' => $password, 'email' => $email, 'active' => strtolower($active) == 'y' ? 1 : 0, 'verified' => strtolower($verified) == 'y' ? 1 : 0];
$user = new Model\User();
$user->save($fields);
$this->console->write();
$this->console->write($this->console->colorize('User Added!', Console::BOLD_GREEN));
}
/**
* Set the field values
*
* @param array $values
* @return Forgot
*/
public function setFieldValues(array $values = null)
{
parent::setFieldValues($values);
if ($_POST && null !== $this->email) {
$user = Table\Users::findBy(['email' => $this->email]);
if (!isset($user->id)) {
$this->getElement('email')->addValidator(new Validator\NotEqual($this->email, 'That email does not exist.'));
} else {
$role = new Model\Role();
if (!$role->canSendReminder($user->role_id)) {
$this->getElement('email')->addValidator(new Validator\NotEqual($this->email, 'That request cannot be processed.'));
}
}
}
return $this;
}
/**
* Get user session data
*
* @param int $id
* @return array
*/
public function getUserData($id)
{
$user = \Phire\Table\Users::findById($id);
$userData = Table\UserSessionData::findById($id);
if (isset($userData->user_id)) {
$data = $userData->getColumns();
if (null !== $data['logins']) {
$this->data['logins'] = unserialize($data['logins']);
krsort($this->data['logins']);
}
$this->data['total_logins'] = (int) $data['total_logins'];
$this->data['failed_attempts'] = $data['failed_attempts'];
} else {
$this->data['logins'] = [];
$this->data['total_logins'] = 0;
$this->data['failed_attempts'] = 0;
}
$this->data['username'] = $user->username;
$this->data['user_id'] = $id;
}
/**
* Set the field values
*
* @param array $values
* @return RegisterEmail
*/
public function setFieldValues(array $values = null)
{
parent::setFieldValues($values);
if ($_POST && null !== $this->email) {
// Check for dupe email
if (null !== $this->email) {
$user = Table\Users::findBy(['username' => $this->email]);
if (isset($user->id)) {
$this->getElement('email')->addValidator(new Validator\NotEqual($this->email, 'That username is not allowed.'));
} else {
$email = Table\Users::findBy(['email' => $this->email]);
if (isset($email->id)) {
$this->getElement('email')->addValidator(new Validator\NotEqual($this->email, 'That email is not allowed.'));
}
}
}
// Check password matches
$this->getElement('password2')->addValidator(new Validator\Equal($this->password1, 'The passwords do not match.'));
}
return $this;
}
/**
* Set the field values
*
* @param array $values
* @return Profile
*/
public function setFieldValues(array $values = null)
{
parent::setFieldValues($values);
if ($_POST && null !== $this->username) {
// Check for dupe username
$user = null;
if (null !== $this->username) {
$user = Table\Users::findBy(['username' => $this->username]);
if (isset($user->id) && $this->id != $user->id) {
$this->getElement('username')->addValidator(new Validator\NotEqual($this->username, 'That username is not allowed.'));
}
}
// Check for dupe email
$email = Table\Users::findBy(['email' => $this->email]);
if (isset($email->id) && $this->id != $email->id) {
$this->getElement('email')->addValidator(new Validator\NotEqual($this->email, 'That email is not allowed.'));
}
// Check password matches
if (!empty($this->password1)) {
$this->getElement('password2')->setRequired(true)->addValidator(new Validator\Equal($this->password1, 'The passwords do not match.'));
}
}
return $this;
}
/**
* Install initial user method
*
* @return void
*/
public function user()
{
// If the system is installed
if (DB_INTERFACE != '' && DB_NAME != '' && !isset($this->sess->config)) {
Response::redirect(BASE_PATH . APP_URI);
// Else, if the initial install screen or config isn't complete
} else {
if (DB_INTERFACE == '' && DB_NAME == '') {
if (isset($this->sess->config)) {
Response::redirect(BASE_PATH . (isset($this->sess->app_uri) ? $this->sess->app_uri : APP_URI) . '/install/config?lang=' . $_GET['lang']);
} else {
Response::redirect(BASE_PATH . (isset($this->sess->app_uri) ? $this->sess->app_uri : APP_URI) . '/install?lang=' . $_GET['lang']);
}
// Else, install the first system user
} else {
$user = new Model\User(array('title' => $this->i18n->__('User Setup')));
$form = new Form\User($this->request->getBasePath() . $this->request->getRequestUri() . '?lang=' . $this->i18n->getLanguage() . '_' . $this->i18n->getLocale(), 'post', 2001, true);
if ($this->request->isPost()) {
$form->setFieldValues($this->request->getPost(), array('strip_tags' => null, 'htmlentities' => array(ENT_QUOTES, 'UTF-8')));
if ($form->isValid()) {
$user->save($form, $this->project->module('Phire'));
$newUser = Table\Users::findById($user->id);
if (isset($newUser->id)) {
$newUser->site_ids = serialize(array(0));
$newUser->created = date('Y-m-d H:i:s');
$newUser->update();
}
$ext = new Model\Extension(array('acl' => $this->project->getService('acl')));
$ext->getModules($this->project);
if (count($ext->new) > 0) {
$ext->installModules();
}
$user->set('form', ' <p style="text-align: center; margin: 50px 0 0 0; line-height: 1.8em; font-size: 1.2em;">' . $this->i18n->__('Thank you. The system has been successfully installed.') . '<br />' . $this->i18n->__('You can now log in %1here%2 or view the home page %3here%4.', array('<a href="' . BASE_PATH . APP_URI . '/login">', '</a>', '<a href="' . BASE_PATH . '/" target="_blank">', '</a>')) . '</p>' . PHP_EOL);
Model\Install::send($form);
unset($this->sess->config);
unset($this->sess->app_uri);
$this->view = View::factory($this->viewPath . '/user.phtml', $user->getData());
$this->view->set('i18n', $this->i18n);
$this->send();
} else {
$user->set('form', $form);
$this->view = View::factory($this->viewPath . '/user.phtml', $user->getData());
$this->view->set('i18n', $this->i18n);
$this->send();
}
} else {
$user->set('form', $form);
$this->view = View::factory($this->viewPath . '/user.phtml', $user->getData());
$this->view->set('i18n', $this->i18n);
$this->send();
}
}
}
}
/**
* Send password reminder to user
*
* @param string $email
* @param \Pop\Config $config
* @return void
*/
public function sendReminder($email, $config)
{
$encOptions = $config->encryptionOptions->asArray();
$user = Table\Users::findBy(array('email' => $email));
if (isset($user->id)) {
$type = Table\UserTypes::findById($user->type_id);
if ($type->password_encryption == Auth\Auth::ENCRYPT_NONE) {
$newPassword = $this->password;
$newEncPassword = $newPassword;
$msg = $this->i18n->__('Your username and password is:');
} else {
$newPassword = (string) String::random(8, String::ALPHANUM);
$newEncPassword = self::encryptPassword($newPassword, $type->password_encryption, $encOptions);
$msg = $this->i18n->__('Your password has been reset for security reasons. Your username and new password is:');
}
// Save new password
$user->password = $newEncPassword;
$user->save();
// Get base path and domain
$basePath = strtolower($type->type) != 'user' ? BASE_PATH . '/' . strtolower($type->type) : BASE_PATH . APP_URI;
$domain = str_replace('www.', '', $_SERVER['HTTP_HOST']);
// Set recipient
$rcpt = array('name' => $user->username, 'email' => $user->email, 'username' => $user->username, 'password' => $newPassword, 'login' => 'http://' . $_SERVER['HTTP_HOST'] . $basePath . '/login', 'domain' => $domain, 'message' => $msg);
if (file_exists($_SERVER['DOCUMENT_ROOT'] . BASE_PATH . CONTENT_PATH . '/extensions/themes/phire/mail/forgot.txt')) {
$mailTmpl = file_get_contents($_SERVER['DOCUMENT_ROOT'] . BASE_PATH . CONTENT_PATH . '/extensions/themes/phire/mail/forgot.txt');
} else {
$mailTmpl = file_get_contents(__DIR__ . '/../../../view/phire/mail/forgot.txt');
}
$mailTmpl = str_replace(array('Dear', 'Here is your password for', 'You can login at:', 'Thank You'), array($this->i18n->__('Dear'), $this->i18n->__('Here is your password for'), $this->i18n->__('You can login at:'), $this->i18n->__('Thank You')), $mailTmpl);
// Send reminder
$mail = new Mail($domain . ' - ' . $this->i18n->__('Password Reset'), $rcpt);
$mail->from(Table\Config::findById('reply_email')->value);
$mail->setText($mailTmpl);
$mail->send();
}
}
/**
* Set the field values
*
* @param array $values
* @param array $filters
* @param \Pop\Config $config
* @return \Pop\Form\Form
*/
public function setFieldValues(array $values = null, $filters = null, $config = null)
{
parent::setFieldValues($values, $filters);
if ($this->id != 0) {
if (null !== $this->getElement('email2')) {
$this->getElement('email2')->setRequired(false);
}
if (null !== $this->getElement('password1') && null === $this->reset_pwd) {
$this->getElement('password1')->setRequired(false);
$this->getElement('password2')->setRequired(false);
}
}
// Add validators for checking dupe usernames
// and matching the emails and passwords
if ($_POST && isset($_POST['id'])) {
if (isset($this->fields['username'])) {
$username = $this->username;
$usernameField = 'username';
} else {
$username = $this->email1;
$usernameField = 'email1';
}
$user = Table\Users::findBy(array('username' => $username));
if (isset($user->id) && $this->id != $user->id) {
$this->getElement($usernameField)->addValidator(new Validator\NotEqual($username, $this->i18n->__('That user already exists.')));
}
$email = Table\Users::findBy(array('email' => $this->email1));
if (isset($email->id) && $this->id != $email->id) {
$this->getElement('email1')->addValidator(new Validator\NotEqual($this->email1, $this->i18n->__('That email already exists.')));
}
if (null !== $this->getElement('email2')) {
$this->getElement('email2')->addValidator(new Validator\Equal($this->email1, $this->i18n->__('The emails do not match.')));
}
// If the password fields are set, check them for a match
if (isset($this->password2)) {
$this->getElement('password2')->addValidator(new Validator\Equal($this->password1, $this->i18n->__('The passwords do not match.')));
}
if ($this->reset_pwd) {
$user = Table\Users::findById($this->id);
if (isset($user->id)) {
$curPassword = $user->password;
$type = Table\UserTypes::findById($user->type_id);
if (isset($type->id)) {
$encOptions = $config->encryptionOptions->asArray();
$auth = new \Pop\Auth\Adapter\Table('Phire\\Table\\Users');
$result = $auth->authenticate($this->username, $this->password2, $type->password_encryption, $encOptions);
if ($result != \Pop\Auth\Auth::PASSWORD_INCORRECT) {
$this->getElement('password2')->addValidator(new Validator\Equal($curPassword, $this->i18n->__('The new password cannot be the same.')));
}
}
}
}
}
$this->checkFiles();
return $this;
}
/**
* User logins method
*
* @return void
*/
public function logins()
{
if (null === $this->request->getPath(1)) {
Response::redirect($this->request->getBasePath());
} else {
if ($this->request->isPost()) {
$user = Table\Users::findById($this->request->getPath(1));
if (isset($user->id)) {
$user->logins = null;
$user->update();
}
$typeId = null !== $this->request->getQuery('type_id') ? '/index/' . $this->request->getQuery('type_id') : null;
Response::redirect($this->request->getBasePath() . $typeId);
} else {
$this->prepareView('logins.phtml', array('assets' => $this->project->getAssets(), 'acl' => $this->project->getService('acl'), 'phireNav' => $this->project->getService('phireNav')));
$user = new Model\User();
$user->getLoginsById($this->request->getPath(1));
$this->view->set('title', $this->view->i18n->__('Users') . ' ' . $this->view->separator . ' ' . $user->type_name . ' ' . $this->view->separator . ' ' . $this->view->i18n->__('Logins') . ' ' . $this->view->separator . ' ' . $user->username)->set('typeId', $user->type_id)->set('table', $user->table);
$this->send();
}
}
}
/**
* Remove sites
*
* @param array $post
* @return void
*/
public function remove(array $post)
{
if (isset($post['remove_sites'])) {
foreach ($post['remove_sites'] as $id) {
$site = Table\Sites::findById($id);
if (isset($site->id)) {
$users = Table\Users::findAll();
foreach ($users->rows as $user) {
$siteIds = unserialize($user->site_ids);
if (in_array($site->id, $siteIds)) {
$key = array_search($site->id, $siteIds);
unset($siteIds[$key]);
$u = Table\Users::findById($user->id);
if (isset($u->id)) {
$u->site_ids = serialize($siteIds);
$u->update();
}
}
}
$site->delete();
}
}
}
}
/**
* Get content
*
* @param array $data
* @return array
*/
protected function setContent(array $data)
{
$type = new ContentType();
$type->getById($data['type_id']);
$data['content_type'] = $type->content_type;
$data['content_type_force_ssl'] = $type->force_ssl;
$data['strict_publishing'] = $type->strict_publishing;
if (!empty($data['publish'])) {
$publish = explode(' ', $data['publish']);
$data['publish_date'] = $publish[0];
$data['publish_time'] = $publish[1];
if (isset($this->date_format)) {
$data['publish_date'] = date($this->date_format, strtotime($data['publish_date']));
}
if (isset($this->time_format)) {
$data['publish_time'] = date($this->time_format, strtotime($data['publish_time']));
}
}
if (!empty($data['expire'])) {
$expire = explode(' ', $data['expire']);
$data['expire_date'] = $expire[0];
$data['expire_time'] = $expire[1];
if (isset($this->date_format)) {
$data['expire_date'] = date($this->date_format, strtotime($data['expire_date']));
}
if (isset($this->time_format)) {
$data['expire_time'] = date($this->time_format, strtotime($data['expire_time']));
}
}
if (!empty($content->created_by)) {
$createdBy = \Phire\Table\Users::findById($content->created_by);
if (isset($createdBy->id)) {
$data['created_by_username'] = $createdBy->username;
}
}
if (!empty($content->updated_by)) {
$updatedBy = \Phire\Table\Users::findById($content->updated_by);
if (isset($updatedBy->id)) {
$data['updated_by_username'] = $updatedBy->username;
}
}
$data['content_parent_id'] = $data['parent_id'];
$data['content_status'] = $data['status'];
$data['content_template'] = $data['template'];
$data['breadcrumb'] = $this->getBreadcrumb($data['id'], null !== $this->separator ? $this->separator : '>');
$data['breadcrumb_text'] = strip_tags($data['breadcrumb'], 'span');
if (!is_array($data['roles']) && is_string($data['roles'])) {
$data['roles'] = unserialize($data['roles']);
}
$this->data = array_merge($this->data, $data);
return $this->data;
}
/**
* Send user password reminder notification
*
* @param Table\Users $user
* @return void
*/
protected function sendReminder(Table\Users $user)
{
$host = Table\Config::findById('domain')->value;
$domain = str_replace('www.', '', $host);
$newPassword = Random::create(8, Random::ALPHANUM | Random::LOWERCASE);
$user->password = (new Bcrypt())->create($newPassword);
$user->save();
// Set the recipient
$rcpt = ['name' => $user->username, 'email' => $user->email, 'domain' => $domain, 'username' => $user->username, 'password' => $newPassword];
// Check for an override template
$mailTemplate = file_exists(CONTENT_ABS_PATH . '/phire/view/phire/mail/forgot.txt') ? CONTENT_ABS_PATH . '/phire/view/phire/mail/forgot.txt' : __DIR__ . '/../../view/phire/mail/forgot.txt';
// Send email verification
$mail = new Mail($domain . ' - Forgot Password', $rcpt);
$mail->from('noreply@' . $domain);
$mail->setText(file_get_contents($mailTemplate));
$mail->send();
}
/**
* Login and track session
*
* @param AbstractController $controller
* @param Application $application
* @return void
*/
public static function login(AbstractController $controller, Application $application)
{
$sess = $application->getService('session');
$userUri = APP_URI;
$key = 'user';
if (isset($sess->member) && $application->isRegistered('phire-members')) {
$key = 'member';
$memberAdmin = new \Phire\Members\Model\MembersAdmin();
$memberAdmin->getByRoleId($sess->member->role_id);
if (isset($memberAdmin->uri)) {
$userUri = $memberAdmin->uri;
}
}
$path = BASE_PATH . $userUri;
if ($path == '') {
$path = '/';
}
$cookie = Cookie::getInstance(['path' => $path]);
$cookie->delete('phire_session_timeout');
$cookie->delete('phire_session_path');
// If login, validate and start new session
if ($controller->request()->isPost() && substr($controller->request()->getRequestUri(), -6) == '/login') {
// If the user successfully logged in
if (isset($sess[$key])) {
$config = Table\UserSessionConfig::findById($sess[$key]->role_id);
$data = Table\UserSessionData::findById($sess[$key]->id);
if (isset($config->role_id)) {
if (!self::validate($config, $sess[$key], $data)) {
if (isset($data->user_id)) {
$data->failed_attempts++;
$data->save();
} else {
$data = new Table\UserSessionData(['user_id' => $sess[$key]->id, 'logins' => null, 'failed_attempts' => 1]);
$data->save();
}
if (isset($config->role_id) && (int) $config->log_type > 0 && null !== $config->log_emails) {
self::log($config, $sess[$key], false);
}
$sess->kill();
Response::redirect(BASE_PATH . $userUri . '/login?failed=' . $data->failed_attempts);
exit;
} else {
if (isset($data->user_id)) {
$limit = (int) $application->module('phire-sessions')['login_limit'];
$logins = unserialize($data->logins);
if ($limit > 0 && count($logins) >= $limit) {
reset($logins);
unset($logins[key($logins)]);
}
$logins[time()] = ['ua' => $_SERVER['HTTP_USER_AGENT'], 'ip' => $_SERVER['REMOTE_ADDR']];
$data->total_logins++;
$data->failed_attempts = 0;
$data->logins = serialize($logins);
$data->save();
} else {
$data = new Table\UserSessionData(['user_id' => $sess[$key]->id, 'logins' => serialize([time() => ['ua' => $_SERVER['HTTP_USER_AGENT'], 'ip' => $_SERVER['REMOTE_ADDR']]]), 'total_logins' => 1, 'failed_attempts' => 0]);
$data->save();
}
}
$expire = (int) $config->session_expiration > 0 ? (int) $config->session_expiration : null;
$timeout = (int) $config->timeout_warning;
} else {
$expire = null;
$timeout = false;
}
$lastLogin = null;
$lastIp = null;
// Check for the last login
$data = Table\UserSessionData::findById($sess[$key]->id);
if (isset($data->user_id)) {
$logins = null !== $data->logins ? unserialize($data->logins) : [];
if (count($logins) > 1) {
$keys = array_keys($logins);
$timestamp = isset($keys[count($keys) - 2]) ? $keys[count($keys) - 2] : null;
if (null !== $timestamp && isset($logins[$timestamp])) {
$lastLogin = $timestamp;
$lastIp = $logins[$timestamp]['ip'];
}
}
}
// Clear old sessions
$clear = (int) $application->module('phire-sessions')['clear_sessions'];
if ($clear > 0) {
$clear = time() - $clear;
$sql = Table\UserSessions::sql();
$sql->delete()->where(['start <= :start']);
Table\UserSessions::execute((string) $sql, ['start' => $clear]);
}
$session = new Table\UserSessions(['user_id' => $sess[$key]->id, 'ip' => $_SERVER['REMOTE_ADDR'], 'ua' => $_SERVER['HTTP_USER_AGENT'], 'start' => time()]);
$session->save();
$sess[$key]->session = new \ArrayObject(['id' => $session->id, 'start' => $session->start, 'last' => $session->start, 'expire' => $expire, 'timeout' => $timeout, 'last_login' => $lastLogin, 'last_ip' => $lastIp], \ArrayObject::ARRAY_AS_PROPS);
if (isset($config->role_id) && (int) $config->log_type > 0 && null !== $config->log_emails) {
self::log($config, $sess[$key], true);
}
// Else, if the user login failed
} else {
if (null !== $controller->view()->form && $controller->view()->form !== false && null !== $controller->view()->form->username) {
$user = \Phire\Table\Users::findBy(['username' => $controller->view()->form->username]);
$config = Table\UserSessionConfig::findById($user->role_id);
if (isset($user->id)) {
$data = Table\UserSessionData::findById($user->id);
if (isset($data->user_id)) {
$data->failed_attempts++;
$data->save();
} else {
$data = new Table\UserSessionData(['user_id' => $user->id, 'logins' => null, 'failed_attempts' => 1]);
$data->save();
}
if (isset($config->role_id) && (int) $config->log_type > 0 && null !== $config->log_emails) {
self::log($config, $user, false);
}
}
}
}
// Check existing session
} else {
if (isset($sess[$key]) && isset($sess[$key]->session)) {
if (!isset(Table\UserSessions::findById((int) $sess[$key]->session->id)->id) || null !== $sess[$key]->session->expire && time() - $sess[$key]->session->last >= $sess[$key]->session->expire) {
$session = Table\UserSessions::findById((int) $sess[$key]->session->id);
if (isset($session->id)) {
$session->delete();
}
$sess->kill();
Response::redirect(BASE_PATH . $userUri . '/login?expired=1');
exit;
} else {
if ($sess[$key]->session->timeout && null !== $sess[$key]->session->expire) {
$cookie->set('phire_session_timeout', $sess[$key]->session->expire - 30);
$cookie->set('phire_session_path', BASE_PATH . $userUri);
}
$sess[$key]->session->last = time();
}
}
}
}
