/** * This method should handle any login logic and report back to the subject * * @param array $user Holds the user data * @param array $options Array holding options (remember, autoregister, group) * * @return boolean True on success * * @since 1.5 */ public function onUserLogin($user, $options = array()) { $instance = $this->_getUser($user, $options); // If _getUser returned an error, then pass it back. if ($instance instanceof Exception) { return false; } // If the user is blocked, redirect with an error if ($instance->block == 1) { $this->app->enqueueMessage(JText::_('JERROR_NOLOGIN_BLOCKED'), 'warning'); return false; } // Authorise the user based on the group information if (!isset($options['group'])) { $options['group'] = 'USERS'; } // Check the user can login. $result = $instance->authorise($options['action']); if (!$result) { $this->app->enqueueMessage(JText::_('JERROR_LOGIN_DENIED'), 'warning'); return false; } // Mark the user as logged in $instance->guest = 0; $session = JFactory::getSession(); // Grab the current session ID $oldSessionId = $session->getId(); // Fork the session $session->fork(); $session->set('user', $instance); // Ensure the new session's metadata is written to the database $this->app->checkSession(); // Purge the old session $query = $this->db->getQuery(true)->delete('#__session')->where($this->db->quoteName('session_id') . ' = ' . $this->db->quote($oldSessionId)); try { $this->db->setQuery($query)->execute(); } catch (RuntimeException $e) { // The old session is already invalidated, don't let this block logging in } // Hit the user last visit field $instance->setLastVisit(); // Add "user state" cookie used for reverse caching proxies like Varnish, Nginx etc. $conf = JFactory::getConfig(); $cookie_domain = $conf->get('cookie_domain', ''); $cookie_path = $conf->get('cookie_path', '/'); if ($this->app->isSite()) { $this->app->input->cookie->set("joomla_user_state", "logged_in", 0, $cookie_path, $cookie_domain, 0); } return true; }
/** * This method should handle any login logic and report back to the subject * * @param array $user Holds the user data * @param array $options Array holding options (remember, autoregister, group) * * @return boolean True on success * * @since 1.5 */ public function onUserLogin($user, $options = array()) { $instance = $this->_getUser($user, $options); // If _getUser returned an error, then pass it back. if ($instance instanceof Exception) { return false; } // If the user is blocked, redirect with an error if ($instance->get('block') == 1) { $this->app->enqueueMessage(JText::_('JERROR_NOLOGIN_BLOCKED'), 'warning'); return false; } // Authorise the user based on the group information if (!isset($options['group'])) { $options['group'] = 'USERS'; } // Check the user can login. $result = $instance->authorise($options['action']); if (!$result) { $this->app->enqueueMessage(JText::_('JERROR_LOGIN_DENIED'), 'warning'); return false; } // Mark the user as logged in $instance->set('guest', 0); // Register the needed session variables $session = JFactory::getSession(); $session->set('user', $instance); // Check to see the the session already exists. $this->app->checkSession(); // Update the user related fields for the Joomla sessions table. $query = $this->db->getQuery(true)->update($this->db->quoteName('#__session'))->set($this->db->quoteName('guest') . ' = ' . $this->db->quote($instance->guest))->set($this->db->quoteName('username') . ' = ' . $this->db->quote($instance->username))->set($this->db->quoteName('userid') . ' = ' . (int) $instance->id)->where($this->db->quoteName('session_id') . ' = ' . $this->db->quote($session->getId())); try { $this->db->setQuery($query)->execute(); } catch (RuntimeException $e) { return false; } // Hit the user last visit field $instance->setLastVisit(); // Add "user state" cookie used for reverse caching proxies like Varnish, Nginx etc. $conf = JFactory::getConfig(); $cookie_domain = $conf->get('cookie_domain', ''); $cookie_path = $conf->get('cookie_path', '/'); if ($this->app->isSite()) { $this->app->input->cookie->set("joomla_user_state", "logged_in", 0, $cookie_path, $cookie_domain, 0); } return true; }
/** * This method should handle any login logic and report back to the subject * * @param array $user Holds the user data * @param array $options Array holding options (remember, autoregister, group) * * @return boolean True on success * * @since 1.5 */ public function onUserLogin($user, $options = array()) { $instance = $this->_getUser($user, $options); // If _getUser returned an error, then pass it back. if ($instance instanceof Exception) { return false; } // If the user is blocked, redirect with an error if ($instance->get('block') == 1) { $this->app->enqueueMessage(JText::_('JERROR_NOLOGIN_BLOCKED'), 'warning'); return false; } // Authorise the user based on the group information if (!isset($options['group'])) { $options['group'] = 'USERS'; } // Check the user can login. $result = $instance->authorise($options['action']); if (!$result) { $this->app->enqueueMessage(JText::_('JERROR_LOGIN_DENIED'), 'warning'); return false; } // Mark the user as logged in $instance->set('guest', 0); // If the user has an outdated hash, update it. if (substr($user['password'], 0, 4) != '$2y$' && $this->useStrongEncryption && JCrypt::hasStrongPasswordSupport() == true) { if (strlen($user['password']) > 55) { $user['password'] = substr($user['password'], 0, 55); JFactory::getApplication()->enqueueMessage(JText::_('JLIB_USER_ERROR_PASSWORD_TRUNCATED'), 'notice'); } $instance->password = password_hash($user['password'], PASSWORD_BCRYPT); $instance->save(); } // Register the needed session variables $session = JFactory::getSession(); $session->set('user', $instance); // Check to see the the session already exists. $this->app->checkSession(); // Update the user related fields for the Joomla sessions table. $query = $this->db->getQuery(true)->update($this->db->quoteName('#__session'))->set($this->db->quoteName('guest') . ' = ' . $this->db->quote($instance->guest))->set($this->db->quoteName('username') . ' = ' . $this->db->quote($instance->username))->set($this->db->quoteName('userid') . ' = ' . (int) $instance->id)->where($this->db->quoteName('session_id') . ' = ' . $this->db->quote($session->getId())); $this->db->setQuery($query)->execute(); // Hit the user last visit field $instance->setLastVisit(); return true; }
/** * This method should handle any login logic and report back to the subject * * @param array $user Holds the user data * @param array $options Array holding options (remember, autoregister, group) * * @return boolean True on success * * @since 1.5 */ public function onUserLogin($user, $options = array()) { $instance = $this->_getUser($user, $options); // If _getUser returned an error, then pass it back. if ($instance instanceof Exception) { return false; } // If the user is blocked, redirect with an error if ($instance->get('block') == 1) { $this->app->enqueueMessage(JText::_('JERROR_NOLOGIN_BLOCKED'), 'warning'); return false; } // Authorise the user based on the group information if (!isset($options['group'])) { $options['group'] = 'USERS'; } // Check the user can login. $result = $instance->authorise($options['action']); if (!$result) { $this->app->enqueueMessage(JText::_('JERROR_LOGIN_DENIED'), 'warning'); return false; } // Mark the user as logged in $instance->set('guest', 0); // Register the needed session variables $session = JFactory::getSession(); $session->set('user', $instance); // Check to see the the session already exists. $this->app->checkSession(); // Update the user related fields for the Joomla sessions table. $query = $this->db->getQuery(true)->update($this->db->quoteName('#__session'))->set($this->db->quoteName('guest') . ' = ' . $this->db->quote($instance->guest))->set($this->db->quoteName('username') . ' = ' . $this->db->quote($instance->username))->set($this->db->quoteName('userid') . ' = ' . (int) $instance->id)->where($this->db->quoteName('session_id') . ' = ' . $this->db->quote($session->getId())); $this->db->setQuery($query)->execute(); // Hit the user last visit field $instance->setLastVisit(); return true; }