/**
* Account sign in form processing.
*
* @return Redirect
*/
public function login(Request $request)
{
$validator = $this->validator(Input::all());
if ($validator->fails()) {
return redirect()->back()->withInput()->withErrors($validator);
}
// Should we even check for LDAP users?
if (Setting::getSettings()->ldap_enabled == '1') {
LOG::debug("LDAP is enabled.");
// Check if the user exists in the database
$user = User::where('username', '=', Input::get('username'))->whereNull('deleted_at')->first();
LOG::debug("Local auth lookup complete");
try {
Ldap::findAndBindUserLdap($request->input('username'), $request->input('password'));
LOG::debug("Binding user to LDAP.");
} catch (\Exception $e) {
LOG::debug("User " . Input::get('username') . ' did not authenticate successfully against LDAP.');
//$ldap_error = $e->getMessage();
// return redirect()->back()->withInput()->with('error',$e->getMessage());
}
// The user does not exist in the database. Try to get them from LDAP.
// If user does not exist and authenticates sucessfully with LDAP we
// will create it on the fly and sign in with default permissions
if (!$user) {
LOG::debug("Local user " . Input::get('username') . " does not exist");
try {
if ($userattr = Ldap::findAndBindUserLdap($request->input('username'), $request->input('password'))) {
LOG::debug("Creating local user " . Input::get('username'));
if ($newuser = Ldap::createUserFromLdap($userattr)) {
LOG::debug("Local user created..");
} else {
LOG::debug("Could not create local user.");
}
} else {
LOG::debug("User did not authenticate correctly against LDAP. No local user was created.");
}
} catch (\Exception $e) {
return redirect()->back()->withInput()->with('error', $e->getMessage());
}
// If the user exists and they were imported from LDAP already
} else {
LOG::debug("Local user " . Input::get('username') . " exists in database. Authenticating existing user against LDAP.");
if ($ldap_user = Ldap::findAndBindUserLdap($request->input('username'), $request->input('password'))) {
$ldap_attr = Ldap::parseAndMapLdapAttributes($ldap_user);
LOG::debug("Valid LDAP login. Updating the local data.");
$user->password = bcrypt($request->input('password'));
$user->email = $ldap_attr['email'];
$user->first_name = $ldap_attr['firstname'];
$user->last_name = $ldap_attr['lastname'];
$user->save();
} else {
LOG::debug("User " . Input::get('username') . " did not authenticate correctly against LDAP. Local user was not updated.");
}
// End LDAP auth
}
// End if(!user)
// NO LDAP enabled - just try to login the user normally
}
LOG::debug("Authenticating user against database.");
// Try to log the user in
if (!Auth::attempt(Input::only('username', 'password'), Input::get('remember-me', 0))) {
LOG::debug("Local authentication failed.");
// throw new Cartalyst\Sentry\Users\UserNotFoundException();
return redirect()->back()->withInput()->with('error', trans('auth/message.account_not_found'));
}
// Get the page we were before
$redirect = \Session::get('loginRedirect', 'home');
// Unset the page we were before from the session
\Session::forget('loginRedirect');
// Redirect to the users page
return redirect()->to($redirect)->with('success', trans('auth/message.signin.success'));
// Ooops.. something went wrong
return redirect()->back()->withInput()->withErrors($this->messageBag);
}
/**
* Create user from LDAP attributes
*
* @author [A. Gianotto] [<*****@*****.**>]
* @since [v3.0]
* @param $ldapatttibutes
* @return array|bool
*/
static function createUserFromLdap($ldapatttibutes)
{
$item = Ldap::parseAndMapLdapAttributes($ldapatttibutes);
// Create user from LDAP data
if (!empty($item["username"])) {
$user = new User();
$user->first_name = $item["firstname"];
$user->last_name = $item["lastname"];
$user->username = $item["username"];
$user->email = $item["email"];
if (Setting::getSettings()->ldap_pw_sync == '1') {
$user->password = bcrypt(Input::get("password"));
} else {
$pass = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 25);
$user->password = bcrypt($pass);
}
$user->activated = 1;
$user->ldap_import = 1;
$user->notes = 'Imported on first login from LDAP';
if ($user->save()) {
return true;
} else {
LOG::debug('Could not create user.' . $user->getErrors());
exit;
}
}
return false;
}
/**
* Create user from LDAP attributes
*
* @author [A. Gianotto] [<*****@*****.**>]
* @since [v3.0]
* @param $ldapatttibutes
* @return array|bool
*/
static function createUserFromLdap($ldapatttibutes)
{
$item = Ldap::parseAndMapLdapAttributes($ldapatttibutes);
// Create user from LDAP data
if (!empty($item["username"])) {
$user = new User();
$user->first_name = $item["firstname"];
$user->last_name = $item["lastname"];
$user->username = $item["username"];
$user->email = $item["email"];
$user->password = bcrypt(Input::get("password"));
$user->activated = 1;
$user->ldap_import = 1;
$user->notes = 'Imported on first login from LDAP';
if ($user->save()) {
return true;
} else {
LOG::debug('Could not create user.' . $user->getErrors());
exit;
}
}
return false;
}
/**
* Account sign in form processing.
*
* @return Redirect
*/
public function postSignin()
{
// Declare the rules for the form validation
$rules = array('username' => 'required', 'password' => 'required');
// Create a new validator instance from our validation rules
$validator = Validator::make(Input::all(), $rules);
// If validation fails, we'll exit the operation now.
if ($validator->fails()) {
// Ooops.. something went wrong
return Redirect::back()->withInput()->withErrors($validator);
}
try {
/**
* =================================================================
* Hack in LDAP authentication
*/
// Try to get the user from the database.
$user = (array) DB::table('users')->where('username', Input::get('username'))->first();
if ($user && strpos($user["notes"], 'LDAP') !== false) {
LOG::debug("Authenticating user against LDAP.");
if ($this->ldap(Input::get('username'), Input::get('password'))) {
LOG::debug("valid login");
$pass = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 10);
$user = Sentry::findUserByLogin(Input::get('username'));
$user->password = $pass;
$user->save();
$credentials = array('username' => Input::get('username'), 'password' => $pass);
Sentry::authenticate($credentials, Input::get('remember-me', 0));
} else {
throw new Cartalyst\Sentry\Users\UserNotFoundException();
}
} else {
LOG::debug("Authenticating user against database.");
// Try to log the user in
Sentry::authenticate(Input::only('username', 'password'), Input::get('remember-me', 0));
}
// Get the page we were before
$redirect = Session::get('loginRedirect', 'account');
// Unset the page we were before from the session
Session::forget('loginRedirect');
// Redirect to the users page
return Redirect::to($redirect)->with('success', Lang::get('auth/message.signin.success'));
} catch (Cartalyst\Sentry\Users\UserNotFoundException $e) {
$this->messageBag->add('username', Lang::get('auth/message.account_not_found'));
} catch (Cartalyst\Sentry\Users\UserNotActivatedException $e) {
$this->messageBag->add('username', Lang::get('auth/message.account_not_activated'));
} catch (Cartalyst\Sentry\Throttling\UserSuspendedException $e) {
$this->messageBag->add('username', Lang::get('auth/message.account_suspended'));
} catch (Cartalyst\Sentry\Throttling\UserBannedException $e) {
$this->messageBag->add('username', Lang::get('auth/message.account_banned'));
}
// Ooops.. something went wrong
return Redirect::back()->withInput()->withErrors($this->messageBag);
}
/**
* @brief 返回经过缩放后的图片数据
*
* reference: http://php.net/manual/zh/function.imagejpeg.php
*/
public static function scaleImageFileToBlob($param)
{
$source_pic = $param['path'];
$max_width = $param['width'];
$max_height = $param['height'];
list($width, $height, $image_type) = getimagesize($source_pic);
switch ($image_type) {
case 1:
$src = imagecreatefromgif($source_pic);
break;
case 2:
$src = imagecreatefromjpeg($source_pic);
break;
case 3:
$src = imagecreatefrompng($source_pic);
break;
default:
return '';
break;
}
$x_ratio = $max_width / $width;
$y_ratio = $max_height / $height;
if ($width <= $max_width && $height <= $max_height) {
$tn_width = $width;
$tn_height = $height;
} else {
if ($x_ratio * $height < $max_height) {
$tn_height = ceil($x_ratio * $height);
$tn_width = $max_width;
} else {
$tn_width = ceil($y_ratio * $width);
$tn_height = $max_height;
}
}
LOG::debug('tn_width=' . $tn_width);
LOG::debug('tn_height=' . $tn_width);
$tmp = imagecreatetruecolor($tn_width, $tn_height);
/* Check if this image is PNG or GIF, then set if Transparent*/
if ($image_type == 1 or $image_type == 3) {
imagealphablending($tmp, false);
imagesavealpha($tmp, true);
$transparent = imagecolorallocatealpha($tmp, 255, 255, 255, 127);
imagefilledrectangle($tmp, 0, 0, $tn_width, $tn_height, $transparent);
}
imagecopyresampled($tmp, $src, 0, 0, 0, 0, $tn_width, $tn_height, $width, $height);
/*
* imageXXX() only has two options, save as a file, or send to the browser.
* It does not provide you the oppurtunity to manipulate the final GIF/JPG/PNG file stream
* So I start the output buffering, use imageXXX() to output the data stream to the browser,
* get the contents of the stream, and use clean to silently discard the buffered contents.
*/
ob_start();
switch ($image_type) {
case 1:
imagegif($tmp);
break;
case 2:
imagejpeg($tmp, NULL, 75);
break;
// best quality
// best quality
case 3:
imagepng($tmp, NULL, 8);
break;
// no compression
// no compression
default:
echo '';
break;
}
$final_image = ob_get_contents();
ob_end_clean();
return $final_image;
}
return Redirect::route('signin');
}
// Check if the user has access to the admin pages
if (!Sentry::getUser()->hasAccess('reports')) {
LOG::debug('Unsufficient permissions');
// Show the insufficient permissions page
return Redirect::route('profile')->with("error", "You do not have permission to view this page.");
}
});
Route::filter('backup-auth', function () {
if (!Sentry::getUser()->isSuperUser()) {
LOG::debug('Not a super admin');
return Redirect::route('home')->with('error', Lang::get('general.insufficient_permissions'));
}
});
/*
|--------------------------------------------------------------------------
| CSRF Protection Filter
|--------------------------------------------------------------------------
|
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/
Route::filter('csrf', function () {
if (Session::token() != Input::get('_token')) {
LOG::debug('No CSRF token');
throw new Illuminate\Session\TokenMismatchException();
}
});
/**
* Account sign in form processing.
*
* @return Redirect
*/
public function postSignin()
{
// Declare the rules for the form validation
$rules = array('username' => 'required', 'password' => 'required');
// Create a new validator instance from our validation rules
$validator = Validator::make(Input::all(), $rules);
// If validation fails, we'll exit the operation now.
if ($validator->fails()) {
// Ooops.. something went wrong
return Redirect::back()->withInput()->withErrors($validator);
}
try {
// Should we even check for LDAP users?
if (Setting::getSettings()->ldap_enabled == '1') {
LOG::debug("LDAP is enabled.");
// Check if the user exists in the database
$user = User::where('username', '=', Input::get('username'))->whereNull('deleted_at')->first();
LOG::debug("Sentry lookup complete");
// The user does not exist in the database. Try to get them from LDAP.
// If user does not exist and authenticates sucessfully with LDAP we
// will create it on the fly and sign in with default permissions
if (!$user) {
LOG::debug("Local user " . Input::get('username') . " does not exist");
if ($userattr = $this->ldap(Input::get('username'), Input::get('password'), true)) {
LOG::debug("Creating local user from authenticated LDAP user.");
$credentials = $this->createUserFromLdap($userattr);
} else {
LOG::debug("User did not authenticate correctly against LDAP. No local user was created.");
}
// If the user exists and they were imported from LDAP already
} else {
LOG::debug("Local user " . Input::get('username') . " exists in database. Authenticating existing user against LDAP.");
if ($this->ldap(Input::get('username'), Input::get('password'))) {
LOG::debug("Valid LDAP login. Updating the local data.");
$sentryuser = Sentry::findUserById($user->id);
//need the Sentry object, not the Eloquent object, to access critical password hashing functions
$sentryuser->password = Input::get('password');
$sentryuser->save();
} else {
LOG::debug("User did not authenticate correctly against LDAP. Local user was not updated.");
}
// End LDAP auth
}
// End if(!user)
// NO LDAP enabled - just try to login the user normally
}
LOG::debug("Authenticating user against database.");
// Try to log the user in
if (!Sentry::authenticate(Input::only('username', 'password'), Input::get('remember-me', 0))) {
LOG::debug("Local authentication failed.");
throw new Cartalyst\Sentry\Users\UserNotFoundException();
}
// Get the page we were before
$redirect = Session::get('loginRedirect', 'account');
// Unset the page we were before from the session
Session::forget('loginRedirect');
// Redirect to the users page
return Redirect::to($redirect)->with('success', Lang::get('auth/message.signin.success'));
} catch (Cartalyst\Sentry\Users\UserNotFoundException $e) {
LOG::debug("Local authentication: User " . Input::get('username') . " not found");
$this->messageBag->add('username', Lang::get('auth/message.account_not_found'));
} catch (Cartalyst\Sentry\Users\WrongPasswordException $e) {
LOG::debug("Local authentication: Password for " . Input::get('username') . " is incorrect.");
$this->messageBag->add('username', Lang::get('auth/message.account_not_found'));
} catch (Cartalyst\Sentry\Users\UserNotActivatedException $e) {
LOG::debug("Local authentication: User not activated");
$this->messageBag->add('username', Lang::get('auth/message.account_not_activated'));
} catch (Cartalyst\Sentry\Throttling\UserSuspendedException $e) {
LOG::debug("Local authentication: Account suspended");
$this->messageBag->add('username', Lang::get('auth/message.account_suspended'));
} catch (Cartalyst\Sentry\Throttling\UserBannedException $e) {
LOG::debug("Local authentication: Account banned.");
$this->messageBag->add('username', Lang::get('auth/message.account_banned'));
}
// Ooops.. something went wrong
return Redirect::back()->withInput()->withErrors($this->messageBag);
}
