public function loginEvent($runData) { $pl = $runData->getParameterList(); $uname = $pl->getParameterValue("name"); $upass = $pl->getParameterValue("password"); $userId = $pl->getParameterValue("welcome"); $keepLogged = $pl->getParameterValue("keepLogged"); $bindIP = $pl->getParameterValue("bindIP"); // decrypt! woooohhooooo!!!!!!!! $seed = $runData->sessionGet("login_seed"); if ($seed == null) { throw new ProcessException(_("You have been inactive quite long while trying to log in and your session data have expired. Please try to click 'log in' once again."), "no_seed"); } $uname = CryptUtils::rsaDecrypt($uname); $upass = CryptUtils::rsaDecrypt($upass); // remove seed if (preg_match('/^' . $seed . '/', $uname) == 0 || preg_match('/^' . $seed . '/', $upass) == 0) { EventLogger::instance()->logFailedLogin($uname); throw new ProcessException(_("The user and password do not match."), "login_invalid"); } $uname = preg_replace('/^' . $seed . '/', '', $uname); $upass = preg_replace('/^' . $seed . '/', '', $upass); if ($userId && is_numeric($userId) && $userId > 0) { $user = DB_OzoneUserPeer::instance()->selectByPrimaryKey($userId); if ($user && $user->getPassword() !== md5($upass)) { $user = null; } } else { $user = SecurityManager::authenticateUser($uname, $upass); } if ($user == null) { EventLogger::instance()->logFailedLogin($uname); throw new ProcessException(_("The login and password do not match."), "login_invalid"); } $runData->resetSession(); $session = $runData->getSession(); $session->setUserId($user->getUserId()); // set other parameters $session->setStarted(new ODate()); $session->setLastAccessed(new ODate()); $user->setLastLogin(new ODate()); $user->save(); if ($keepLogged) { $session->setInfinite(true); } if ($bindIP) { $session->setCheckIp(true); } setcookie("welcome", $user->getUserId(), time() + 10000000, "/", GlobalProperties::$SESSION_COOKIE_DOMAIN); // log event EventLogger::instance()->logLogin(); }
public function loginEvent($runData) { $pl = $runData->getParameterList(); $uname = $pl->getParameterValue("name"); $upass = $pl->getParameterValue("password"); $userId = $pl->getParameterValue("welcome"); $keepLogged = $pl->getParameterValue("keepLogged"); $bindIP = $pl->getParameterValue("bindIP"); // decrypt! woooohhooooo!!!!!!!! if ($userId && is_numeric($userId) && $userId > 0) { $user = DB_OzoneUserPeer::instance()->selectByPrimaryKey($userId); if ($user && $user->getPassword() !== md5($upass)) { $user = null; } } else { // allow logging with nick name too if (!strpos('@', $uname)) { $c = new Criteria(); $c->add('lower(nick_name)', strtolower($uname)); $user_by_nick = DB_OzoneUserPeer::instance()->selectOne($c); if ($user_by_nick) { $uname = $user_by_nick->getName(); } } $user = SecurityManager::authenticateUser($uname, $upass); } if ($user == null) { EventLogger::instance()->logFailedLogin($uname); throw new ProcessException(_("The login and password do not match."), "login_invalid"); } $originalUrl = $runData->sessionGet('loginOriginalUrl'); $runData->resetSession(); $session = $runData->getSession(); $session->setUserId($user->getUserId()); // set other parameters $session->setStarted(new ODate()); $session->setLastAccessed(new ODate()); $user->setLastLogin(new ODate()); $user->save(); if ($keepLogged) { $session->setInfinite(true); } if ($bindIP) { $session->setCheckIp(true); } /* If the request is over https:, we should also use loginauth.php script to set non-ssl ip address. */ if ($_SERVER['HTTPS']) { $sessionHash = md5($session->getSessionId() . LoginAuthController::$secretSeed); $parms = array('sessionHash' => $sessionHash); if ($originalUrl) { $parms['origUrl'] = $originalUrl; } $originalUrl = 'http://' . GlobalProperties::$URL_HOST . '/loginauth.php?' . http_build_query($parms); } if ($originalUrl) { $runData->ajaxResponseAdd('originalUrl', $originalUrl); } setcookie("welcome", $user->getUserId(), time() + 10000000, "/", GlobalProperties::$SESSION_COOKIE_DOMAIN); setcookie(GlobalProperties::$SESSION_COOKIE_NAME_IE, $runData->getSessionId(), null, "/"); // log event EventLogger::instance()->logLogin(); }