/**
* @param stdClass $params
* @return int
*/
public function login(stdClass $params)
{
//-------------------------------------------
// Check that the username do not pass
// the maximum limit of the field.
//
// NOTE:
// If this condition is met, the user did not
// use the logon form. Possible hack.
//-------------------------------------------
if (strlen($params->authUser) >= 26) {
return array('success' => false, 'type' => 'error', 'message' => 'Possible hack, please use the Logon Screen.');
}
//-------------------------------------------
// Check that the username do not pass
// the maximum limit of the field.
//
// NOTE:
// If this condition is met, the user did not
// use the logon form. Possible hack.
//-------------------------------------------
if (strlen($params->authPass) >= 11) {
return array('success' => false, 'type' => 'error', 'message' => 'Possible hack, please use the Logon Screen.');
}
//-------------------------------------------
// Simple check username
//-------------------------------------------
if (!$params->authUser) {
return array('success' => false, 'type' => 'error', 'message' => 'The username field can not be in blank. Try again.');
}
//-------------------------------------------
// Simple check password
//-------------------------------------------
if (!$params->authPass) {
return array('success' => false, 'type' => 'error', 'message' => 'The password field can not be in blank. Try again.');
}
//-------------------------------------------
// Find the AES key in the selected site
// And include the rest of the remaining
// variables to connect to the database.
//-------------------------------------------
define('_GaiaEXEC', 1);
chdir($_SESSION['root']);
include_once 'registry.php';
include_once 'classes/AES.php';
include_once 'classes/dbHelper.php';
$fileConf = 'sites/' . $params->site . '/conf.php';
if (file_exists($fileConf)) {
/** @noinspection PhpIncludeInspection */
include_once $fileConf;
$db = new dbHelper();
$err = $db->getError();
if (!is_array($err)) {
return array('success' => false, 'type' => 'error', 'message' => 'For some reason, I can\'t connect to the database.');
}
// Do not stop here!, continue with the rest of the code.
} else {
return array('success' => false, 'type' => 'error', 'message' => 'No configuration file found for site <span style="font-weight:bold">' . $params->site . '</span>.<br>Please double check URL or contact support desk.');
}
//-------------------------------------------
// remove empty space from username and password
//-------------------------------------------
$params->authUser = str_replace(' ', '', $params->authUser);
$params->authPass = str_replace(' ', '', $params->authPass);
//-------------------------------------------
// Convert the password to AES and validate
//-------------------------------------------
$aes = new AES($_SESSION['site']['AESkey']);
//-------------------------------------------
// Username & password match
//-------------------------------------------
$db->setSQL("SELECT id, username, title, fname, mname, lname, email, password\n FROM users\n \t\t WHERE username = '******'\n \t\t AND authorized = '1'\n \t\t LIMIT 1");
$user = $db->fetchRecord();
if ($params->authPass != $aes->decrypt($user['password'])) {
return array('success' => false, 'type' => 'error', 'message' => 'The username or password you provided is invalid.');
} else {
//-------------------------------------------
// Change some User related variables and go
//-------------------------------------------
$_SESSION['user']['name'] = $user['title'] . " " . $user['lname'] . ", " . $user['fname'] . " " . $user['mname'];
$_SESSION['user']['id'] = $user['id'];
$_SESSION['user']['email'] = $user['email'];
$_SESSION['user']['site'] = $params->site;
$_SESSION['user']['auth'] = true;
//-------------------------------------------
// Also fetch the current version of the
// Application & Database
//-------------------------------------------
$sql = "SELECT * FROM version LIMIT 1";
$db->setSQL($sql);
$version = $db->fetchRecord();
$_SESSION['ver']['codeName'] = $version['v_tag'];
$_SESSION['ver']['major'] = $version['v_major'];
$_SESSION['ver']['rev'] = $version['v_patch'];
$_SESSION['ver']['minor'] = $version['v_minor'];
$_SESSION['ver']['database'] = $version['v_database'];
$_SESSION['site']['localization'] = $params->lang;
$_SESSION['site']['checkInMode'] = $params->checkInMode;
$_SESSION['timeout'] = time();
$session = new Sessions();
$token = Crypt::encrypt('{"uid":' . $user['id'] . ',"sid":' . $session->loginSession() . ',"site":"' . $params->site . '"}');
$_SESSION['inactive']['timeout'] = time();
return array('success' => true, 'token' => $token, 'user' => array('id' => $_SESSION['user']['id'], 'name' => $_SESSION['user']['name'], 'email' => $_SESSION['user']['email']));
}
}