protected function collectGarbage()
 {
     $table = new PhabricatorUserLog();
     $conn_w = $table->establishConnection('w');
     queryfx($conn_w, 'DELETE FROM %T WHERE dateCreated < %d LIMIT 100', $table->getTableName(), $this->getGarbageEpoch());
     return $conn_w->getAffectedRows() == 100;
 }
 protected function loadPage()
 {
     $table = new PhabricatorUserLog();
     $conn_r = $table->establishConnection('r');
     $data = queryfx_all($conn_r, 'SELECT * FROM %T %Q %Q %Q', $table->getTableName(), $this->buildWhereClause($conn_r), $this->buildOrderClause($conn_r), $this->buildLimitClause($conn_r));
     return $table->loadAllFromArray($data);
 }
 public function collectGarbage()
 {
     $ttl = phutil_units('180 days in seconds');
     $table = new PhabricatorUserLog();
     $conn_w = $table->establishConnection('w');
     queryfx($conn_w, 'DELETE FROM %T WHERE dateCreated < %d LIMIT 100', $table->getTableName(), time() - $ttl);
     return $conn_w->getAffectedRows() == 100;
 }
 public static function newLog(PhabricatorUser $actor = null, PhabricatorUser $user = null, $action)
 {
     $log = new PhabricatorUserLog();
     if ($actor) {
         $log->setActorPHID($actor->getPHID());
     }
     if ($user) {
         $log->setUserPHID($user->getPHID());
     }
     if ($action) {
         $log->setAction($action);
     }
     return $log;
 }
 public function handleRequest(AphrontRequest $request)
 {
     $request = $this->getRequest();
     $user = $request->getUser();
     if ($request->isFormPost()) {
         $log = PhabricatorUserLog::initializeNewLog($user, $user->getPHID(), PhabricatorUserLog::ACTION_LOGOUT);
         $log->save();
         // Destroy the user's session in the database so logout works even if
         // their cookies have some issues. We'll detect cookie issues when they
         // try to login again and tell them to clear any junk.
         $phsid = $request->getCookie(PhabricatorCookies::COOKIE_SESSION);
         if (strlen($phsid)) {
             $session = id(new PhabricatorAuthSessionQuery())->setViewer($user)->withSessionKeys(array($phsid))->executeOne();
             if ($session) {
                 $session->delete();
             }
         }
         $request->clearCookie(PhabricatorCookies::COOKIE_SESSION);
         return id(new AphrontRedirectResponse())->setURI('/auth/loggedout/');
     }
     if ($user->getPHID()) {
         $dialog = id(new AphrontDialogView())->setUser($user)->setTitle(pht('Log out of Phabricator?'))->appendChild(pht('Are you sure you want to log out?'))->addSubmitButton(pht('Logout'))->addCancelButton('/');
         return id(new AphrontDialogResponse())->setDialog($dialog);
     }
     return id(new AphrontRedirectResponse())->setURI('/');
 }
 public function processRequest()
 {
     $request = $this->getRequest();
     $user = $request->getUser();
     if ($request->isFormPost()) {
         $log = PhabricatorUserLog::newLog($user, $user, PhabricatorUserLog::ACTION_LOGOUT);
         $log->save();
         $request->clearCookie('phsid');
         return id(new AphrontRedirectResponse())->setURI('/login/');
     }
     return id(new AphrontRedirectResponse())->setURI('/');
 }
 public function buildSearchForm(AphrontFormView $form, PhabricatorSavedQuery $saved)
 {
     $actor_phids = $saved->getParameter('actorPHIDs', array());
     $user_phids = $saved->getParameter('userPHIDs', array());
     $actions = $saved->getParameter('actions', array());
     $remote_prefix = $saved->getParameter('ip');
     $sessions = $saved->getParameter('sessions', array());
     $actions = array_fuse($actions);
     $action_control = id(new AphrontFormCheckboxControl())->setLabel(pht('Actions'));
     $action_types = PhabricatorUserLog::getActionTypeMap();
     foreach ($action_types as $type => $label) {
         $action_control->addCheckbox('actions[]', $type, $label, isset($actions[$label]));
     }
     $form->appendControl(id(new AphrontFormTokenizerControl())->setDatasource(new PhabricatorPeopleDatasource())->setName('actors')->setLabel(pht('Actors'))->setValue($actor_phids))->appendControl(id(new AphrontFormTokenizerControl())->setDatasource(new PhabricatorPeopleDatasource())->setName('users')->setLabel(pht('Users'))->setValue($user_phids))->appendChild($action_control)->appendChild(id(new AphrontFormTextControl())->setLabel(pht('Filter IP'))->setName('ip')->setValue($remote_prefix))->appendChild(id(new AphrontFormTextControl())->setLabel(pht('Sessions'))->setName('sessions')->setValue(implode(', ', $sessions)));
 }
 public function processRequest()
 {
     $request = $this->getRequest();
     $user = $request->getUser();
     if ($request->isFormPost()) {
         $log = PhabricatorUserLog::newLog($user, $user, PhabricatorUserLog::ACTION_LOGOUT);
         $log->save();
         // Destroy the user's session in the database so logout works even if
         // their cookies have some issues. We'll detect cookie issues when they
         // try to login again and tell them to clear any junk.
         $phsid = $request->getCookie('phsid');
         if ($phsid) {
             $user->destroySession($phsid);
         }
         $request->clearCookie('phsid');
         return id(new AphrontRedirectResponse())->setURI('/login/');
     }
     return id(new AphrontRedirectResponse())->setURI('/');
 }
 protected function execute(ConduitAPIRequest $request)
 {
     $this->validateHost($request->getValue('host'));
     $failed_attempts = PhabricatorUserLog::loadRecentEventsFromThisIP(PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE_FAILURE, 60 * 5);
     if (count($failed_attempts) > 5) {
         $this->logFailure();
         throw new ConduitException('ERR-RATE-LIMIT');
     }
     $token = $request->getValue('token');
     $info = id(new PhabricatorConduitCertificateToken())->loadOneWhere('token = %s', trim($token));
     if (!$info || $info->getDateCreated() < time() - 60 * 15) {
         $this->logFailure();
         throw new ConduitException('ERR-BAD-TOKEN');
     } else {
         $log = id(new PhabricatorUserLog())->setActorPHID($info->getUserPHID())->setUserPHID($info->getUserPHID())->setAction(PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE)->save();
     }
     $user = id(new PhabricatorUser())->loadOneWhere('phid = %s', $info->getUserPHID());
     if (!$user) {
         throw new Exception("Certificate token points to an invalid user!");
     }
     return array('username' => $user->getUserName(), 'certificate' => $user->getConduitCertificate());
 }
 public static function initializeNewLog(PhabricatorUser $actor = null, $object_phid = null, $action = null)
 {
     $log = new PhabricatorUserLog();
     if ($actor) {
         $log->setActorPHID($actor->getPHID());
         if ($actor->hasSession()) {
             $session = $actor->getSession();
             // NOTE: This is a hash of the real session value, so it's safe to
             // store it directly in the logs.
             $log->setSession($session->getSessionKey());
         }
     }
     $log->setUserPHID((string) $object_phid);
     $log->setAction($action);
     $log->remoteAddr = (string) idx($_SERVER, 'REMOTE_ADDR', '');
     return $log;
 }
 public function processRequest()
 {
     $request = $this->getRequest();
     $user = $request->getUser();
     if ($request->isFormPost()) {
         $log = PhabricatorUserLog::newLog($user, $user, PhabricatorUserLog::ACTION_LOGOUT);
         $log->save();
         // Destroy the user's session in the database so logout works even if
         // their cookies have some issues. We'll detect cookie issues when they
         // try to login again and tell them to clear any junk.
         $phsid = $request->getCookie('phsid');
         if ($phsid) {
             $user->destroySession($phsid);
         }
         $request->clearCookie('phsid');
         return id(new AphrontRedirectResponse())->setURI('/login/');
     }
     if ($user->getPHID()) {
         $dialog = id(new AphrontDialogView())->setUser($user)->setTitle('Log out of Phabricator?')->appendChild('<p>Are you sure you want to log out?</p>')->addSubmitButton('Log Out')->addCancelButton('/');
         return id(new AphrontDialogResponse())->setDialog($dialog);
     }
     return id(new AphrontRedirectResponse())->setURI('/');
 }
 public function render()
 {
     $logs = $this->logs;
     $handles = $this->handles;
     $viewer = $this->getUser();
     $action_map = PhabricatorUserLog::getActionTypeMap();
     $base_uri = $this->searchBaseURI;
     $rows = array();
     foreach ($logs as $log) {
         $ip = $log->getRemoteAddr();
         $session = substr($log->getSession(), 0, 6);
         if ($base_uri) {
             $ip = phutil_tag('a', array('href' => $base_uri . '?ip=' . $log->getRemoteAddr() . '#R'), $ip);
             $session = phutil_tag('a', array('href' => $base_uri . '?sessions=' . $log->getSession() . '#R'), $session);
         }
         $action = $log->getAction();
         $action_name = idx($action_map, $action, $action);
         $rows[] = array(phabricator_date($log->getDateCreated(), $viewer), phabricator_time($log->getDateCreated(), $viewer), $action_name, $log->getActorPHID() ? $handles[$log->getActorPHID()]->getName() : null, $handles[$log->getUserPHID()]->getName(), $ip, $session);
     }
     $table = new AphrontTableView($rows);
     $table->setHeaders(array(pht('Date'), pht('Time'), pht('Action'), pht('Actor'), pht('User'), pht('IP'), pht('Session')));
     $table->setColumnClasses(array('', 'right', 'wide', '', '', '', 'n'));
     return $table;
 }
 private function processDelete(AphrontRequest $request)
 {
     $viewer = $request->getUser();
     $user = $this->getUser();
     $token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession($viewer, $request, $this->getPanelURI());
     $factor = id(new PhabricatorAuthFactorConfig())->loadOneWhere('id = %d AND userPHID = %s', $request->getInt('delete'), $user->getPHID());
     if (!$factor) {
         return new Aphront404Response();
     }
     if ($request->isFormPost()) {
         $factor->delete();
         $log = PhabricatorUserLog::initializeNewLog($viewer, $user->getPHID(), PhabricatorUserLog::ACTION_MULTI_REMOVE);
         $log->save();
         $user->updateMultiFactorEnrollment();
         return id(new AphrontRedirectResponse())->setURI($this->getPanelURI());
     }
     $dialog = id(new AphrontDialogView())->setUser($viewer)->addHiddenInput('delete', $factor->getID())->setTitle(pht('Delete Authentication Factor'))->appendParagraph(pht('Really remove the authentication factor %s from your account?', phutil_tag('strong', array(), $factor->getFactorName())))->addSubmitButton(pht('Remove Factor'))->addCancelButton($this->getPanelURI());
     return id(new AphrontDialogResponse())->setDialog($dialog);
 }
 /**
  * @task email
  */
 public function changePrimaryEmail(PhabricatorUser $user, PhabricatorUserEmail $email)
 {
     $actor = $this->requireActor();
     if (!$user->getID()) {
         throw new Exception("User has not been created yet!");
     }
     if (!$email->getID()) {
         throw new Exception("Email has not been created yet!");
     }
     $user->openTransaction();
     $user->beginWriteLocking();
     $user->reload();
     $email->reload();
     if ($email->getUserPHID() != $user->getPHID()) {
         throw new Exception("User does not own email!");
     }
     if ($email->getIsPrimary()) {
         throw new Exception("Email is already primary!");
     }
     if (!$email->getIsVerified()) {
         throw new Exception("Email is not verified!");
     }
     $old_primary = $user->loadPrimaryEmail();
     if ($old_primary) {
         $old_primary->setIsPrimary(0);
         $old_primary->save();
     }
     $email->setIsPrimary(1);
     $email->save();
     $log = PhabricatorUserLog::newLog($actor, $user, PhabricatorUserLog::ACTION_EMAIL_PRIMARY);
     $log->setOldValue($old_primary ? $old_primary->getAddress() : null);
     $log->setNewValue($email->getAddress());
     $log->save();
     $user->endWriteLocking();
     $user->saveTransaction();
     if ($old_primary) {
         $old_primary->sendOldPrimaryEmail($user, $email);
     }
     $email->sendNewPrimaryEmail($user);
     return $this;
 }
 /**
  * Upgrade a session to have all legalpad documents signed.
  *
  * @param PhabricatorUser User whose session should upgrade.
  * @param array LegalpadDocument objects
  * @return void
  * @task partial
  */
 public function signLegalpadDocuments(PhabricatorUser $viewer, array $docs)
 {
     if (!$viewer->hasSession()) {
         throw new Exception(pht('Signing session legalpad documents of user with no session!'));
     }
     $session = $viewer->getSession();
     if ($session->getSignedLegalpadDocuments()) {
         throw new Exception(pht('Session has already signed required legalpad documents!'));
     }
     $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
     $session->setSignedLegalpadDocuments(1);
     queryfx($session->establishConnection('w'), 'UPDATE %T SET signedLegalpadDocuments = %d WHERE id = %d', $session->getTableName(), 1, $session->getID());
     if (!empty($docs)) {
         $log = PhabricatorUserLog::initializeNewLog($viewer, $viewer->getPHID(), PhabricatorUserLog::ACTION_LOGIN_LEGALPAD);
         $log->save();
     }
     unset($unguarded);
 }
 public function processRequest()
 {
     $request = $this->getRequest();
     $user = $request->getUser();
     $filter_activity = $request->getStr('activity');
     $filter_ip = $request->getStr('ip');
     $filter_session = $request->getStr('session');
     $filter_user = $request->getArr('user', array());
     $filter_actor = $request->getArr('actor', array());
     $user_value = array();
     $actor_value = array();
     $phids = array_merge($filter_user, $filter_actor);
     if ($phids) {
         $handles = $this->loadViewerHandles($phids);
         if ($filter_user) {
             $filter_user = reset($filter_user);
             $user_value = array($filter_user => $handles[$filter_user]->getFullName());
         }
         if ($filter_actor) {
             $filter_actor = reset($filter_actor);
             $actor_value = array($filter_actor => $handles[$filter_actor]->getFullName());
         }
     }
     $form = new AphrontFormView();
     $form->setUser($user)->appendChild(id(new AphrontFormTokenizerControl())->setLabel('Filter Actor')->setName('actor')->setLimit(1)->setValue($actor_value)->setDatasource('/typeahead/common/accounts/'))->appendChild(id(new AphrontFormTokenizerControl())->setLabel('Filter User')->setName('user')->setLimit(1)->setValue($user_value)->setDatasource('/typeahead/common/accounts/'))->appendChild(id(new AphrontFormSelectControl())->setLabel('Show Activity')->setName('activity')->setValue($filter_activity)->setOptions(array('' => 'All Activity', 'admin' => 'Admin Activity')))->appendChild(id(new AphrontFormTextControl())->setLabel('Filter IP')->setName('ip')->setValue($filter_ip)->setCaption('Enter an IP (or IP prefix) to show only activity by that remote ' . 'address.'))->appendChild(id(new AphrontFormTextControl())->setLabel('Filter Session')->setName('session')->setValue($filter_session))->appendChild(id(new AphrontFormSubmitControl())->setValue('Filter Logs'));
     $log_table = new PhabricatorUserLog();
     $conn_r = $log_table->establishConnection('r');
     $where_clause = array();
     $where_clause[] = '1 = 1';
     if ($filter_user) {
         $where_clause[] = qsprintf($conn_r, 'userPHID = %s', $filter_user);
     }
     if ($filter_actor) {
         $where_clause[] = qsprintf($conn_r, 'actorPHID = %s', $filter_actor);
     }
     if ($filter_activity == 'admin') {
         $where_clause[] = qsprintf($conn_r, 'action NOT IN (%Ls)', array(PhabricatorUserLog::ACTION_LOGIN, PhabricatorUserLog::ACTION_LOGOUT, PhabricatorUserLog::ACTION_LOGIN_FAILURE));
     }
     if ($filter_ip) {
         $where_clause[] = qsprintf($conn_r, 'remoteAddr LIKE %>', $filter_ip);
     }
     if ($filter_session) {
         $where_clause[] = qsprintf($conn_r, 'session = %s', $filter_session);
     }
     $where_clause = '(' . implode(') AND (', $where_clause) . ')';
     $pager = new AphrontPagerView();
     $pager->setURI($request->getRequestURI(), 'page');
     $pager->setOffset($request->getInt('page'));
     $pager->setPageSize(500);
     $logs = $log_table->loadAllWhere('(%Q) ORDER BY dateCreated DESC LIMIT %d, %d', $where_clause, $pager->getOffset(), $pager->getPageSize() + 1);
     $logs = $pager->sliceResults($logs);
     $phids = array();
     foreach ($logs as $log) {
         $phids[$log->getActorPHID()] = true;
         $phids[$log->getUserPHID()] = true;
     }
     $phids = array_keys($phids);
     $handles = $this->loadViewerHandles($phids);
     $rows = array();
     foreach ($logs as $log) {
         $rows[] = array(phabricator_date($log->getDateCreated(), $user), phabricator_time($log->getDateCreated(), $user), $log->getAction(), $log->getActorPHID() ? phutil_escape_html($handles[$log->getActorPHID()]->getName()) : null, phutil_escape_html($handles[$log->getUserPHID()]->getName()), json_encode($log->getOldValue(), true), json_encode($log->getNewValue(), true), phutil_render_tag('a', array('href' => $request->getRequestURI()->alter('ip', $log->getRemoteAddr())), phutil_escape_html($log->getRemoteAddr())), phutil_render_tag('a', array('href' => $request->getRequestURI()->alter('session', $log->getSession())), phutil_escape_html($log->getSession())));
     }
     $table = new AphrontTableView($rows);
     $table->setHeaders(array('Date', 'Time', 'Action', 'Actor', 'User', 'Old', 'New', 'IP', 'Session'));
     $table->setColumnClasses(array('', 'right', '', '', '', 'wrap', 'wrap', '', 'wide'));
     $panel = new AphrontPanelView();
     $panel->setHeader('Activity Logs');
     $panel->appendChild($table);
     $panel->appendChild($pager);
     $filter = new AphrontListFilterView();
     $filter->appendChild($form);
     $nav = $this->buildSideNavView();
     $nav->selectFilter('logs');
     $nav->appendChild(array($filter, $panel));
     return $this->buildApplicationPage($nav, array('title' => 'Activity Logs'));
 }
 /**
  * Upgrade a partial session to a full session.
  *
  * @param PhabricatorAuthSession Session to upgrade.
  * @return void
  * @task partial
  */
 public function upgradePartialSession(PhabricatorUser $viewer)
 {
     if (!$viewer->hasSession()) {
         throw new Exception(pht('Upgrading partial session of user with no session!'));
     }
     $session = $viewer->getSession();
     if (!$session->getIsPartial()) {
         throw new Exception(pht('Session is not partial!'));
     }
     $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
     $session->setIsPartial(0);
     queryfx($session->establishConnection('w'), 'UPDATE %T SET isPartial = %d WHERE id = %d', $session->getTableName(), 0, $session->getID());
     $log = PhabricatorUserLog::initializeNewLog($viewer, $viewer->getPHID(), PhabricatorUserLog::ACTION_LOGIN_FULL);
     $log->save();
     unset($unguarded);
 }
 /**
  * Issue a new session key to this user. Phabricator supports different
  * types of sessions (like "web" and "conduit") and each session type may
  * have multiple concurrent sessions (this allows a user to be logged in on
  * multiple browsers at the same time, for instance).
  *
  * Note that this method is transport-agnostic and does not set cookies or
  * issue other types of tokens, it ONLY generates a new session key.
  *
  * You can configure the maximum number of concurrent sessions for various
  * session types in the Phabricator configuration.
  *
  * @param   string  Session type, like "web".
  * @return  string  Newly generated session key.
  */
 public function establishSession($session_type)
 {
     $conn_w = $this->establishConnection('w');
     if (strpos($session_type, '-') !== false) {
         throw new Exception("Session type must not contain hyphen ('-')!");
     }
     // We allow multiple sessions of the same type, so when a caller requests
     // a new session of type "web", we give them the first available session in
     // "web-1", "web-2", ..., "web-N", up to some configurable limit. If none
     // of these sessions is available, we overwrite the oldest session and
     // reissue a new one in its place.
     $session_limit = 1;
     switch ($session_type) {
         case 'web':
             $session_limit = PhabricatorEnv::getEnvConfig('auth.sessions.web');
             break;
         case 'conduit':
             $session_limit = PhabricatorEnv::getEnvConfig('auth.sessions.conduit');
             break;
         default:
             throw new Exception("Unknown session type '{$session_type}'!");
     }
     $session_limit = (int) $session_limit;
     if ($session_limit <= 0) {
         throw new Exception("Session limit for '{$session_type}' must be at least 1!");
     }
     // Load all the currently active sessions.
     $sessions = queryfx_all($conn_w, 'SELECT type, sessionStart FROM %T WHERE userPHID = %s AND type LIKE %>', PhabricatorUser::SESSION_TABLE, $this->getPHID(), $session_type . '-');
     // Choose which 'type' we'll actually establish, i.e. what number we're
     // going to append to the basic session type. To do this, just check all
     // the numbers sequentially until we find an available session.
     $establish_type = null;
     $sessions = ipull($sessions, null, 'type');
     for ($ii = 1; $ii <= $session_limit; $ii++) {
         if (empty($sessions[$session_type . '-' . $ii])) {
             $establish_type = $session_type . '-' . $ii;
             break;
         }
     }
     // If we didn't find an available session, choose the oldest session and
     // overwrite it.
     if (!$establish_type) {
         $sessions = isort($sessions, 'sessionStart');
         $oldest = reset($sessions);
         $establish_type = $oldest['type'];
     }
     // Consume entropy to generate a new session key, forestalling the eventual
     // heat death of the universe.
     $entropy = Filesystem::readRandomBytes(20);
     $session_key = sha1($entropy);
     // UNGUARDED WRITES: Logging-in users don't have CSRF stuff yet.
     $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
     queryfx($conn_w, 'INSERT INTO %T ' . '(userPHID, type, sessionKey, sessionStart)' . ' VALUES ' . '(%s, %s, %s, UNIX_TIMESTAMP()) ' . 'ON DUPLICATE KEY UPDATE ' . 'sessionKey = VALUES(sessionKey), ' . 'sessionStart = VALUES(sessionStart)', self::SESSION_TABLE, $this->getPHID(), $establish_type, $session_key);
     $log = PhabricatorUserLog::newLog($this, $this, PhabricatorUserLog::ACTION_LOGIN);
     $log->setDetails(array('session_type' => $session_type, 'session_issued' => $establish_type));
     $log->setSession($session_key);
     $log->save();
     return $session_key;
 }
 /**
  * Reassign an unverified email address.
  */
 public function reassignEmail(PhabricatorUser $user, PhabricatorUserEmail $email)
 {
     $actor = $this->requireActor();
     if (!$user->getID()) {
         throw new Exception(pht('User has not been created yet!'));
     }
     if (!$email->getID()) {
         throw new Exception(pht('Email has not been created yet!'));
     }
     $user->openTransaction();
     $user->beginWriteLocking();
     $user->reload();
     $email->reload();
     $old_user = $email->getUserPHID();
     if ($old_user != $user->getPHID()) {
         if ($email->getIsVerified()) {
             throw new Exception(pht('Verified email addresses can not be reassigned.'));
         }
         if ($email->getIsPrimary()) {
             throw new Exception(pht('Primary email addresses can not be reassigned.'));
         }
         $email->setUserPHID($user->getPHID());
         $email->save();
         $log = PhabricatorUserLog::initializeNewLog($actor, $user->getPHID(), PhabricatorUserLog::ACTION_EMAIL_REASSIGN);
         $log->setNewValue($email->getAddress());
         $log->save();
     }
     $user->endWriteLocking();
     $user->saveTransaction();
 }
 private function processRoleRequest(PhabricatorUser $user)
 {
     $request = $this->getRequest();
     $admin = $request->getUser();
     $is_self = $user->getID() == $admin->getID();
     $errors = array();
     if ($request->isFormPost()) {
         $log_template = PhabricatorUserLog::newLog($admin, $user, null);
         $logs = array();
         if ($is_self) {
             $errors[] = "You can not edit your own role.";
         } else {
             $new_admin = (bool) $request->getBool('is_admin');
             $old_admin = (bool) $user->getIsAdmin();
             if ($new_admin != $old_admin) {
                 id(new PhabricatorUserEditor())->setActor($admin)->makeAdminUser($user, $new_admin);
             }
             $new_disabled = (bool) $request->getBool('is_disabled');
             $old_disabled = (bool) $user->getIsDisabled();
             if ($new_disabled != $old_disabled) {
                 id(new PhabricatorUserEditor())->setActor($admin)->disableUser($user, $new_disabled);
             }
         }
         if (!$errors) {
             return id(new AphrontRedirectResponse())->setURI($request->getRequestURI()->alter('saved', 'true'));
         }
     }
     $error_view = null;
     if ($errors) {
         $error_view = id(new AphrontErrorView())->setTitle('Form Errors')->setErrors($errors);
     }
     $form = id(new AphrontFormView())->setUser($admin)->setAction($request->getRequestURI()->alter('saved', null));
     if ($is_self) {
         $form->appendChild('<p class="aphront-form-instructions">NOTE: You can not edit your own ' . 'role.</p>');
     }
     $form->appendChild($this->getRoleInstructions())->appendChild(id(new AphrontFormCheckboxControl())->addCheckbox('is_admin', 1, 'Administrator', $user->getIsAdmin())->setDisabled($is_self))->appendChild(id(new AphrontFormCheckboxControl())->addCheckbox('is_disabled', 1, 'Disabled', $user->getIsDisabled())->setDisabled($is_self))->appendChild(id(new AphrontFormCheckboxControl())->addCheckbox('is_agent', 1, 'System Agent (Bot/Script User)', $user->getIsSystemAgent())->setDisabled(true));
     if (!$is_self) {
         $form->appendChild(id(new AphrontFormSubmitControl())->setValue('Edit Role'));
     }
     $panel = new AphrontPanelView();
     $panel->setHeader('Edit Role');
     $panel->setWidth(AphrontPanelView::WIDTH_FORM);
     $panel->appendChild($form);
     return array($error_view, $panel);
 }
 /**
  * Issue a new session key to this user. Phabricator supports different
  * types of sessions (like "web" and "conduit") and each session type may
  * have multiple concurrent sessions (this allows a user to be logged in on
  * multiple browsers at the same time, for instance).
  *
  * Note that this method is transport-agnostic and does not set cookies or
  * issue other types of tokens, it ONLY generates a new session key.
  *
  * You can configure the maximum number of concurrent sessions for various
  * session types in the Phabricator configuration.
  *
  * @param   string  Session type, like "web".
  * @return  string  Newly generated session key.
  */
 public function establishSession($session_type)
 {
     $conn_w = $this->establishConnection('w');
     if (strpos($session_type, '-') !== false) {
         throw new Exception("Session type must not contain hyphen ('-')!");
     }
     // We allow multiple sessions of the same type, so when a caller requests
     // a new session of type "web", we give them the first available session in
     // "web-1", "web-2", ..., "web-N", up to some configurable limit. If none
     // of these sessions is available, we overwrite the oldest session and
     // reissue a new one in its place.
     $session_limit = 1;
     switch ($session_type) {
         case 'web':
             $session_limit = PhabricatorEnv::getEnvConfig('auth.sessions.web');
             break;
         case 'conduit':
             $session_limit = PhabricatorEnv::getEnvConfig('auth.sessions.conduit');
             break;
         default:
             throw new Exception("Unknown session type '{$session_type}'!");
     }
     $session_limit = (int) $session_limit;
     if ($session_limit <= 0) {
         throw new Exception("Session limit for '{$session_type}' must be at least 1!");
     }
     // NOTE: Session establishment is sensitive to race conditions, as when
     // piping `arc` to `arc`:
     //
     //   arc export ... | arc paste ...
     //
     // To avoid this, we overwrite an old session only if it hasn't been
     // re-established since we read it.
     // Consume entropy to generate a new session key, forestalling the eventual
     // heat death of the universe.
     $session_key = Filesystem::readRandomCharacters(40);
     // Load all the currently active sessions.
     $sessions = queryfx_all($conn_w, 'SELECT type, sessionKey, sessionStart FROM %T
     WHERE userPHID = %s AND type LIKE %>', PhabricatorUser::SESSION_TABLE, $this->getPHID(), $session_type . '-');
     $sessions = ipull($sessions, null, 'type');
     $sessions = isort($sessions, 'sessionStart');
     $existing_sessions = array_keys($sessions);
     $retries = 0;
     while (true) {
         // Choose which 'type' we'll actually establish, i.e. what number we're
         // going to append to the basic session type. To do this, just check all
         // the numbers sequentially until we find an available session.
         $establish_type = null;
         for ($ii = 1; $ii <= $session_limit; $ii++) {
             $try_type = $session_type . '-' . $ii;
             if (!in_array($try_type, $existing_sessions)) {
                 $establish_type = $try_type;
                 $expect_key = $session_key;
                 $existing_sessions[] = $try_type;
                 // Ensure the row exists so we can issue an update below. We don't
                 // care if we race here or not.
                 queryfx($conn_w, 'INSERT IGNORE INTO %T (userPHID, type, sessionKey, sessionStart)
           VALUES (%s, %s, %s, 0)', self::SESSION_TABLE, $this->getPHID(), $establish_type, $session_key);
                 break;
             }
         }
         // If we didn't find an available session, choose the oldest session and
         // overwrite it.
         if (!$establish_type) {
             $oldest = reset($sessions);
             $establish_type = $oldest['type'];
             $expect_key = $oldest['sessionKey'];
         }
         // UNGUARDED WRITES: Logging-in users don't have CSRF stuff yet.
         $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
         // This is so that we'll only overwrite the session if it hasn't been
         // refreshed since we read it. If it has, the session key will be
         // different and we know we're racing other processes. Whichever one
         // won gets the session, we go back and try again.
         queryfx($conn_w, 'UPDATE %T SET sessionKey = %s, sessionStart = UNIX_TIMESTAMP()
         WHERE userPHID = %s AND type = %s AND sessionKey = %s', self::SESSION_TABLE, $session_key, $this->getPHID(), $establish_type, $expect_key);
         unset($unguarded);
         if ($conn_w->getAffectedRows()) {
             // The update worked, so the session is valid.
             break;
         } else {
             // We know this just got grabbed, so don't try it again.
             unset($sessions[$establish_type]);
         }
         if (++$retries > $session_limit) {
             throw new Exception("Failed to establish a session!");
         }
     }
     $log = PhabricatorUserLog::newLog($this, $this, PhabricatorUserLog::ACTION_LOGIN);
     $log->setDetails(array('session_type' => $session_type, 'session_issued' => $establish_type));
     $log->setSession($session_key);
     $log->save();
     return $session_key;
 }
 public function processLoginRequest(PhabricatorAuthLoginController $controller)
 {
     $request = $controller->getRequest();
     $viewer = $request->getUser();
     $require_captcha = false;
     $captcha_valid = false;
     if (AphrontFormRecaptchaControl::isRecaptchaEnabled()) {
         $failed_attempts = PhabricatorUserLog::loadRecentEventsFromThisIP(PhabricatorUserLog::ACTION_LOGIN_FAILURE, 60 * 15);
         if (count($failed_attempts) > 5) {
             $require_captcha = true;
             $captcha_valid = AphrontFormRecaptchaControl::processCaptcha($request);
         }
     }
     $response = null;
     $account = null;
     $log_user = null;
     if ($request->isFormPost()) {
         if (!$require_captcha || $captcha_valid) {
             $username_or_email = $request->getStr('username');
             if (strlen($username_or_email)) {
                 $user = id(new PhabricatorUser())->loadOneWhere('username = %s', $username_or_email);
                 if (!$user) {
                     $user = PhabricatorUser::loadOneWithEmailAddress($username_or_email);
                 }
                 if ($user) {
                     $envelope = new PhutilOpaqueEnvelope($request->getStr('password'));
                     if ($user->comparePassword($envelope)) {
                         $account = $this->loadOrCreateAccount($user->getPHID());
                         $log_user = $user;
                         // If the user's password is stored using a less-than-optimal
                         // hash, upgrade them to the strongest available hash.
                         $hash_envelope = new PhutilOpaqueEnvelope($user->getPasswordHash());
                         if (PhabricatorPasswordHasher::canUpgradeHash($hash_envelope)) {
                             $user->setPassword($envelope);
                             $unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
                             $user->save();
                             unset($unguarded);
                         }
                     }
                 }
             }
         }
     }
     if (!$account) {
         if ($request->isFormPost()) {
             $log = PhabricatorUserLog::initializeNewLog(null, $log_user ? $log_user->getPHID() : null, PhabricatorUserLog::ACTION_LOGIN_FAILURE);
             $log->save();
         }
         $request->clearCookie(PhabricatorCookies::COOKIE_USERNAME);
         $response = $controller->buildProviderPageResponse($this, $this->renderPasswordLoginForm($request, $require_captcha, $captcha_valid));
     }
     return array($account, $response);
 }
 private function processRoleRequest(PhabricatorUser $user)
 {
     $request = $this->getRequest();
     $admin = $request->getUser();
     $is_self = $user->getID() == $admin->getID();
     $errors = array();
     if ($request->isFormPost()) {
         $log_template = PhabricatorUserLog::newLog($admin, $user, null);
         $logs = array();
         if ($is_self) {
             $errors[] = "You can not edit your own role.";
         } else {
             $new_admin = (bool) $request->getBool('is_admin');
             $old_admin = (bool) $user->getIsAdmin();
             if ($new_admin != $old_admin) {
                 $log = clone $log_template;
                 $log->setAction(PhabricatorUserLog::ACTION_ADMIN);
                 $log->setOldValue($old_admin);
                 $log->setNewValue($new_admin);
                 $user->setIsAdmin($new_admin);
                 $logs[] = $log;
             }
             $new_disabled = (bool) $request->getBool('is_disabled');
             $old_disabled = (bool) $user->getIsDisabled();
             if ($new_disabled != $old_disabled) {
                 $log = clone $log_template;
                 $log->setAction(PhabricatorUserLog::ACTION_DISABLE);
                 $log->setOldValue($old_disabled);
                 $log->setNewValue($new_disabled);
                 $user->setIsDisabled($new_disabled);
                 $logs[] = $log;
             }
         }
         if (!$errors) {
             $user->save();
             foreach ($logs as $log) {
                 $log->save();
             }
             return id(new AphrontRedirectResponse())->setURI($request->getRequestURI()->alter('saved', 'true'));
         }
     }
     $error_view = null;
     if ($errors) {
         $error_view = id(new AphrontErrorView())->setTitle('Form Errors')->setErrors($errors);
     }
     $form = id(new AphrontFormView())->setUser($admin)->setAction($request->getRequestURI()->alter('saved', null));
     if ($is_self) {
         $form->appendChild('<p class="aphront-form-instructions">NOTE: You can not edit your own ' . 'role.</p>');
     }
     $form->appendChild($this->getRoleInstructions())->appendChild(id(new AphrontFormCheckboxControl())->addCheckbox('is_admin', 1, 'Admin: wields absolute power.', $user->getIsAdmin())->setDisabled($is_self))->appendChild(id(new AphrontFormCheckboxControl())->addCheckbox('is_disabled', 1, 'Disabled: can not login.', $user->getIsDisabled())->setDisabled($is_self));
     if (!$is_self) {
         $form->appendChild(id(new AphrontFormSubmitControl())->setValue('Edit Role'));
     }
     $panel = new AphrontPanelView();
     $panel->setHeader('Edit Role');
     $panel->setWidth(AphrontPanelView::WIDTH_FORM);
     $panel->appendChild($form);
     return array($error_view, $panel);
 }
 public function processRequest()
 {
     $request = $this->getRequest();
     if ($request->getUser()->getPHID()) {
         // Kick the user out if they're already logged in.
         return id(new AphrontRedirectResponse())->setURI('/');
     }
     if ($request->isConduit()) {
         // A common source of errors in Conduit client configuration is getting
         // the request path wrong. The client will end up here, so make some
         // effort to give them a comprehensible error message.
         $request_path = $this->getRequest()->getPath();
         $conduit_path = '/api/<method>';
         $example_path = '/api/conduit.ping';
         $message = "ERROR: You are making a Conduit API request to '{$request_path}', " . "but the correct HTTP request path to use in order to access a " . "Conduit method is '{$conduit_path}' (for example, " . "'{$example_path}'). Check your configuration.";
         return id(new AphrontPlainTextResponse())->setContent($message);
     }
     $error_view = null;
     if ($request->getCookie('phusr') && $request->getCookie('phsid')) {
         // The session cookie is invalid, so clear it.
         $request->clearCookie('phusr');
         $request->clearCookie('phsid');
         $error_view = new AphrontErrorView();
         $error_view->setTitle('Invalid Session');
         $error_view->setErrors(array("Your login session is invalid. Try logging in again. If that " . "doesn't work, clear your browser cookies."));
     }
     $next_uri = $this->getRequest()->getPath();
     if ($next_uri == '/login/') {
         $next_uri = '/';
     }
     if (!$request->isFormPost()) {
         $request->setCookie('next_uri', $next_uri);
     }
     $password_auth = PhabricatorEnv::getEnvConfig('auth.password-auth-enabled');
     $forms = array();
     $errors = array();
     if ($password_auth) {
         $require_captcha = false;
         $e_captcha = true;
         $username_or_email = $request->getCookie('phusr');
         if ($request->isFormPost()) {
             if (AphrontFormRecaptchaControl::isRecaptchaEnabled()) {
                 $failed_attempts = PhabricatorUserLog::loadRecentEventsFromThisIP(PhabricatorUserLog::ACTION_LOGIN_FAILURE, 60 * 15);
                 if (count($failed_attempts) > 5) {
                     $require_captcha = true;
                     if (!AphrontFormRecaptchaControl::processCaptcha($request)) {
                         if (AphrontFormRecaptchaControl::hasCaptchaResponse($request)) {
                             $e_captcha = 'Invalid';
                             $errors[] = 'CAPTCHA was not entered correctly.';
                         } else {
                             $e_captcha = 'Required';
                             $errors[] = 'Too many login failures recently. You must ' . 'submit a CAPTCHA with your login request.';
                         }
                     }
                 }
             }
             $username_or_email = $request->getStr('username_or_email');
             $user = id(new PhabricatorUser())->loadOneWhere('username = %s', $username_or_email);
             if (!$user) {
                 $user = id(new PhabricatorUser())->loadOneWhere('email = %s', $username_or_email);
             }
             if (!$errors) {
                 // Perform username/password tests only if we didn't get rate limited
                 // by the CAPTCHA.
                 if (!$user || !$user->comparePassword($request->getStr('password'))) {
                     $errors[] = 'Bad username/password.';
                 }
             }
             if (!$errors) {
                 $session_key = $user->establishSession('web');
                 $request->setCookie('phusr', $user->getUsername());
                 $request->setCookie('phsid', $session_key);
                 $uri = new PhutilURI('/login/validate/');
                 $uri->setQueryParams(array('phusr' => $user->getUsername()));
                 return id(new AphrontRedirectResponse())->setURI((string) $uri);
             } else {
                 $log = PhabricatorUserLog::newLog(null, $user, PhabricatorUserLog::ACTION_LOGIN_FAILURE);
                 $log->save();
                 $request->clearCookie('phusr');
                 $request->clearCookie('phsid');
             }
         }
         if ($errors) {
             $error_view = new AphrontErrorView();
             $error_view->setTitle('Login Failed');
             $error_view->setErrors($errors);
         }
         $form = new AphrontFormView();
         $form->setUser($request->getUser())->setAction('/login/')->appendChild(id(new AphrontFormTextControl())->setLabel('Username/Email')->setName('username_or_email')->setValue($username_or_email))->appendChild(id(new AphrontFormPasswordControl())->setLabel('Password')->setName('password')->setCaption('<a href="/login/email/">' . 'Forgot your password? / Email Login</a>'));
         if ($require_captcha) {
             $form->appendChild(id(new AphrontFormRecaptchaControl())->setError($e_captcha));
         }
         $form->appendChild(id(new AphrontFormSubmitControl())->setValue('Login'));
         //    $panel->setCreateButton('Register New Account', '/login/register/');
         $forms['Phabricator Login'] = $form;
     }
     $providers = PhabricatorOAuthProvider::getAllProviders();
     foreach ($providers as $provider) {
         $enabled = $provider->isProviderEnabled();
         if (!$enabled) {
             continue;
         }
         $auth_uri = $provider->getAuthURI();
         $redirect_uri = $provider->getRedirectURI();
         $client_id = $provider->getClientID();
         $provider_name = $provider->getProviderName();
         $minimum_scope = $provider->getMinimumScope();
         $extra_auth = $provider->getExtraAuthParameters();
         // TODO: In theory we should use 'state' to prevent CSRF, but the total
         // effect of the CSRF attack is that an attacker can cause a user to login
         // to Phabricator if they're already logged into some OAuth provider. This
         // does not seem like the most severe threat in the world, and generating
         // CSRF for logged-out users is vaugely tricky.
         if ($provider->isProviderRegistrationEnabled()) {
             $title = "Login or Register with {$provider_name}";
             $body = 'Login or register for Phabricator using your ' . phutil_escape_html($provider_name) . ' account.';
             $button = "Login or Register with {$provider_name}";
         } else {
             $title = "Login with {$provider_name}";
             $body = 'Login to your existing Phabricator account using your ' . phutil_escape_html($provider_name) . ' account.<br /><br />' . '<strong>You can not use ' . phutil_escape_html($provider_name) . ' to register a new ' . 'account.</strong>';
             $button = "Login with {$provider_name}";
         }
         $auth_form = new AphrontFormView();
         $auth_form->setAction($auth_uri)->addHiddenInput('client_id', $client_id)->addHiddenInput('redirect_uri', $redirect_uri)->addHiddenInput('scope', $minimum_scope);
         foreach ($extra_auth as $key => $value) {
             $auth_form->addHiddenInput($key, $value);
         }
         $auth_form->setUser($request->getUser())->setMethod('GET')->appendChild('<p class="aphront-form-instructions">' . $body . '</p>')->appendChild(id(new AphrontFormSubmitControl())->setValue("{$button} »"));
         $forms[$title] = $auth_form;
     }
     $panel = new AphrontPanelView();
     $panel->setWidth(AphrontPanelView::WIDTH_FORM);
     foreach ($forms as $name => $form) {
         $panel->appendChild('<h1>' . $name . '</h1>');
         $panel->appendChild($form);
         $panel->appendChild('<br />');
     }
     return $this->buildStandardPageResponse(array($error_view, $panel), array('title' => 'Login'));
 }
 /**
  * Verify a user's email address.
  *
  * This verifies an individual email address. If the address is the user's
  * primary address and their account was not previously verified, their
  * account is marked as email verified.
  *
  * @task email
  */
 public function verifyEmail(PhabricatorUser $user, PhabricatorUserEmail $email)
 {
     $actor = $this->requireActor();
     if (!$user->getID()) {
         throw new Exception('User has not been created yet!');
     }
     if (!$email->getID()) {
         throw new Exception('Email has not been created yet!');
     }
     $user->openTransaction();
     $user->beginWriteLocking();
     $user->reload();
     $email->reload();
     if ($email->getUserPHID() != $user->getPHID()) {
         throw new Exception(pht('User does not own email!'));
     }
     if (!$email->getIsVerified()) {
         $email->setIsVerified(1);
         $email->save();
         $log = PhabricatorUserLog::initializeNewLog($actor, $user->getPHID(), PhabricatorUserLog::ACTION_EMAIL_VERIFY);
         $log->setNewValue($email->getAddress());
         $log->save();
     }
     if (!$user->getIsEmailVerified()) {
         // If the user just verified their primary email address, mark their
         // account as email verified.
         $user_primary = $user->loadPrimaryEmail();
         if ($user_primary->getID() == $email->getID()) {
             $user->setIsEmailVerified(1);
             $user->save();
         }
     }
     $user->endWriteLocking();
     $user->saveTransaction();
 }
 private function logFailure(ConduitAPIRequest $request, PhabricatorConduitCertificateToken $info = null)
 {
     $log = PhabricatorUserLog::initializeNewLog($request->getUser(), $info ? $info->getUserPHID() : '-', PhabricatorUserLog::ACTION_CONDUIT_CERTIFICATE_FAILURE)->save();
 }
 public function processRequest()
 {
     $request = $this->getRequest();
     if ($request->getUser()->getPHID()) {
         // Kick the user out if they're already logged in.
         return id(new AphrontRedirectResponse())->setURI('/');
     }
     $next_uri = $this->getRequest()->getPath();
     $request->setCookie('next_uri', $next_uri);
     if ($next_uri == '/login/' && !$request->isFormPost()) {
         // The user went straight to /login/, so presumably they want to go
         // to the dashboard upon logging in. Because, you know, that's logical.
         // And people are logical. Sometimes... Fine, no they're not.
         // We check for POST here because getPath() would get reset to /login/.
         $request->setCookie('next_uri', '/');
     }
     // Always use $request->getCookie('next_uri', '/') after the above.
     $password_auth = PhabricatorEnv::getEnvConfig('auth.password-auth-enabled');
     $forms = array();
     $error_view = null;
     if ($password_auth) {
         $error = false;
         $username_or_email = $request->getCookie('phusr');
         if ($request->isFormPost()) {
             $username_or_email = $request->getStr('username_or_email');
             $user = id(new PhabricatorUser())->loadOneWhere('username = %s', $username_or_email);
             if (!$user) {
                 $user = id(new PhabricatorUser())->loadOneWhere('email = %s', $username_or_email);
             }
             $okay = false;
             if ($user) {
                 if ($user->comparePassword($request->getStr('password'))) {
                     $session_key = $user->establishSession('web');
                     $request->setCookie('phusr', $user->getUsername());
                     $request->setCookie('phsid', $session_key);
                     return id(new AphrontRedirectResponse())->setURI($request->getCookie('next_uri', '/'));
                 } else {
                     $log = PhabricatorUserLog::newLog(null, $user, PhabricatorUserLog::ACTION_LOGIN_FAILURE);
                     $log->save();
                 }
             }
             if (!$okay) {
                 $request->clearCookie('phusr');
                 $request->clearCookie('phsid');
             }
             $error = true;
         }
         if ($error) {
             $error_view = new AphrontErrorView();
             $error_view->setTitle('Bad username/password.');
         }
         $form = new AphrontFormView();
         $form->setUser($request->getUser())->setAction('/login/')->appendChild(id(new AphrontFormTextControl())->setLabel('Username/Email')->setName('username_or_email')->setValue($username_or_email))->appendChild(id(new AphrontFormPasswordControl())->setLabel('Password')->setName('password')->setCaption('<a href="/login/email/">' . 'Forgot your password? / Email Login</a>'))->appendChild(id(new AphrontFormSubmitControl())->setValue('Login'));
         //    $panel->setCreateButton('Register New Account', '/login/register/');
         $forms['Phabricator Login'] = $form;
     }
     $providers = PhabricatorOAuthProvider::getAllProviders();
     foreach ($providers as $provider) {
         $enabled = $provider->isProviderEnabled();
         if (!$enabled) {
             continue;
         }
         $auth_uri = $provider->getAuthURI();
         $redirect_uri = $provider->getRedirectURI();
         $client_id = $provider->getClientID();
         $provider_name = $provider->getProviderName();
         $minimum_scope = $provider->getMinimumScope();
         $extra_auth = $provider->getExtraAuthParameters();
         // TODO: In theory we should use 'state' to prevent CSRF, but the total
         // effect of the CSRF attack is that an attacker can cause a user to login
         // to Phabricator if they're already logged into some OAuth provider. This
         // does not seem like the most severe threat in the world, and generating
         // CSRF for logged-out users is vaugely tricky.
         if ($provider->isProviderRegistrationEnabled()) {
             $title = "Login or Register with {$provider_name}";
             $body = "Login or register for Phabricator using your " . "{$provider_name} account.";
             $button = "Login or Register with {$provider_name}";
         } else {
             $title = "Login with {$provider_name}";
             $body = "Login to your existing Phabricator account using your " . "{$provider_name} account.<br /><br /><strong>You can not use " . "{$provider_name} to register a new account.</strong>";
             $button = "Login with {$provider_name}";
         }
         $auth_form = new AphrontFormView();
         $auth_form->setAction($auth_uri)->addHiddenInput('client_id', $client_id)->addHiddenInput('redirect_uri', $redirect_uri)->addHiddenInput('scope', $minimum_scope);
         foreach ($extra_auth as $key => $value) {
             $auth_form->addHiddenInput($key, $value);
         }
         $auth_form->setUser($request->getUser())->setMethod('GET')->appendChild('<p class="aphront-form-instructions">' . $body . '</p>')->appendChild(id(new AphrontFormSubmitControl())->setValue("{$button} »"));
         $forms[$title] = $auth_form;
     }
     $panel = new AphrontPanelView();
     $panel->setWidth(AphrontPanelView::WIDTH_FORM);
     foreach ($forms as $name => $form) {
         $panel->appendChild('<h1>' . $name . '</h1>');
         $panel->appendChild($form);
         $panel->appendChild('<br />');
     }
     return $this->buildStandardPageResponse(array($error_view, $panel), array('title' => 'Login'));
 }