/** * Do login (AJAX call) * * @param TBGRequest $request */ public function runDoLogin(TBGRequest $request) { $i18n = TBGContext::getI18n(); $options = $request->getParameters(); $forward_url = TBGContext::getRouting()->generate('home'); if ($request->hasParameter('persona') && $request['persona'] == 'true') { $url = 'https://verifier.login.persona.org/verify'; $assert = filter_input(INPUT_POST, 'assertion', FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH); //Use the $_POST superglobal array for PHP < 5.2 and write your own filter $params = 'assertion=' . urlencode($assert) . '&audience=' . urlencode(TBGContext::getURLhost() . ':80'); $ch = curl_init(); $options = array(CURLOPT_URL => $url, CURLOPT_RETURNTRANSFER => TRUE, CURLOPT_POST => 2, CURLOPT_POSTFIELDS => $params); curl_setopt_array($ch, $options); $result = curl_exec($ch); curl_close($ch); $details = json_decode($result); $user = null; if ($details->status == 'okay') { $user = TBGUser::getByEmail($details->email); if ($user instanceof TBGUser) { TBGContext::getResponse()->setCookie('tbg3_password', $user->getPassword()); TBGContext::getResponse()->setCookie('tbg3_username', $user->getUsername()); TBGContext::getResponse()->setCookie('tbg3_persona_session', true); return $this->renderJSON(array('status' => 'login ok', 'redirect' => in_array($request['referrer_route'], array('home', 'login')))); } } if (!$user instanceof TBGUser) { $this->getResponse()->setHttpStatus(401); $this->renderJSON(array('message' => $this->getI18n()->__('Invalid login'))); } return; } if (TBGSettings::isOpenIDavailable()) { $openid = new LightOpenID(TBGContext::getRouting()->generate('login_page', array(), false)); } if (TBGSettings::isOpenIDavailable() && !$openid->mode && $request->isPost() && $request->hasParameter('openid_identifier')) { $openid->identity = $request->getRawParameter('openid_identifier'); $openid->required = array('contact/email'); $openid->optional = array('namePerson/first', 'namePerson/friendly'); return $this->forward($openid->authUrl()); } elseif (TBGSettings::isOpenIDavailable() && $openid->mode == 'cancel') { $this->error = TBGContext::getI18n()->__("OpenID authentication cancelled"); } elseif (TBGSettings::isOpenIDavailable() && $openid->mode) { try { if ($openid->validate()) { if ($this->getUser()->isAuthenticated() && !$this->getUser()->isGuest()) { if (TBGOpenIdAccountsTable::getTable()->getUserIDfromIdentity($openid->identity)) { TBGContext::setMessage('openid_used', true); throw new Exception('OpenID already in use'); } $user = $this->getUser(); } else { $user = TBGUser::getByOpenID($openid->identity); } if ($user instanceof TBGUser) { $attributes = $openid->getAttributes(); $email = array_key_exists('contact/email', $attributes) ? $attributes['contact/email'] : null; if (!$user->getEmail()) { if (array_key_exists('contact/email', $attributes)) { $user->setEmail($attributes['contact/email']); } if (array_key_exists('namePerson/first', $attributes)) { $user->setRealname($attributes['namePerson/first']); } if (array_key_exists('namePerson/friendly', $attributes)) { $user->setBuddyname($attributes['namePerson/friendly']); } if (!$user->getNickname() || $user->isOpenIdLocked()) { $user->setBuddyname($user->getEmail()); } if (!$user->getRealname()) { $user->setRealname($user->getBuddyname()); } $user->save(); } if (!$user->hasOpenIDIdentity($openid->identity)) { TBGOpenIdAccountsTable::getTable()->addIdentity($openid->identity, $email, $user->getID()); } TBGContext::getResponse()->setCookie('tbg3_password', $user->getPassword()); TBGContext::getResponse()->setCookie('tbg3_username', $user->getUsername()); if ($this->checkScopeMembership($user)) { return true; } return $this->forward(TBGContext::getRouting()->generate(TBGSettings::get('returnfromlogin'))); } else { $this->error = TBGContext::getI18n()->__("Didn't recognize this OpenID. Please log in using your username and password, associate it with your user account in your account settings and try again."); } } else { $this->error = TBGContext::getI18n()->__("Could not validate against the OpenID provider"); } } catch (Exception $e) { $this->error = TBGContext::getI18n()->__("Could not validate against the OpenID provider: %message", array('%message' => htmlentities($e->getMessage(), ENT_COMPAT, TBGContext::getI18n()->getCharset()))); } } elseif ($request->getMethod() == TBGRequest::POST) { try { if ($request->hasParameter('tbg3_username') && $request->hasParameter('tbg3_password') && $request['tbg3_username'] != '' && $request['tbg3_password'] != '') { $user = TBGUser::loginCheck($request, $this); TBGContext::setUser($user); if ($this->checkScopeMembership($user)) { return true; } if ($request->hasParameter('return_to')) { $forward_url = $request['return_to']; } else { if (TBGSettings::get('returnfromlogin') == 'referer') { $forward_url = $request->getParameter('tbg3_referer', TBGContext::getRouting()->generate('dashboard')); } else { $forward_url = TBGContext::getRouting()->generate(TBGSettings::get('returnfromlogin')); } } $forward_url = htmlentities($forward_url, ENT_COMPAT, TBGContext::getI18n()->getCharset()); } else { throw new Exception('Please enter a username and password'); } } catch (Exception $e) { if ($request->isAjaxCall()) { $this->getResponse()->setHttpStatus(401); TBGLogging::log($e->getMessage(), 'openid', TBGLogging::LEVEL_WARNING_RISK); return $this->renderJSON(array("error" => $i18n->__("Invalid login details"))); } else { $this->forward403($e->getMessage()); } } } else { if ($request->isAjaxCall()) { $this->getResponse()->setHttpStatus(401); return $this->renderJSON(array("error" => $i18n->__('Please enter a username and password'))); } else { $this->forward403($i18n->__('Please enter a username and password')); } } if ($this->checkScopeMembership($user)) { return true; } if ($request->isAjaxCall()) { return $this->renderJSON(array('forward' => $forward_url)); } else { $this->forward($this->getRouting()->generate('account')); } }
/** * Load the user object into the user property * * @return TBGUser */ public static function loadUser($user = null) { try { self::$_user = $user === null ? TBGUser::loginCheck(self::getRequest(), self::getCurrentAction()) : $user; if (self::$_user->isAuthenticated()) { if (self::$_user->isOffline() || self::$_user->isAway()) { self::$_user->setOnline(); } if (!self::getRequest()->hasCookie('tbg3_original_username')) { self::$_user->updateLastSeen(); } if (!TBGContext::getScope()->isDefault() && !self::getRequest()->isAjaxCall() && !in_array(self::getRouting()->getCurrentRouteName(), array('add_scope', 'serve', 'debug', 'logout')) && !self::$_user->isGuest() && !self::$_user->isConfirmedMemberOfScope(TBGContext::getScope())) { self::getResponse()->headerRedirect(self::getRouting()->generate('add_scope')); } self::$_user->save(); if (!self::$_user->getGroup() instanceof TBGGroup) { throw new Exception('This user account belongs to a group that does not exist anymore. <br>Please contact the system administrator.'); } } } catch (TBGElevatedLoginException $e) { throw $e; } catch (Exception $e) { self::$_user = new TBGUser(); throw $e; } return self::$_user; }
/** * Load the user object into the user property * * @return TBGUser */ public static function loadUser($user = null) { try { self::$_user = $user === null ? TBGUser::loginCheck(self::getRequest()->getParameter('tbg3_username'), self::getRequest()->getParameter('tbg3_password')) : $user; if (self::$_user->isAuthenticated()) { if (self::$_user->isOffline() || self::$_user->isAway()) { self::$_user->setOnline(); } self::$_user->updateLastSeen(); self::$_user->setTimezone(TBGSettings::getUserTimezone()); self::$_user->setLanguage(TBGSettings::getUserLanguage()); self::$_user->save(); if (!self::$_user->getGroup() instanceof TBGGroup) { throw new Exception('This user account belongs to a group that does not exist anymore. <br>Please contact the system administrator.'); } } } catch (Exception $e) { throw $e; } return self::$_user; }
/** * Login (AJAX call) * * @param TBGRequest $request */ public function runLogin(TBGRequest $request) { $i18n = TBGContext::getI18n(); $this->login_referer = array_key_exists('HTTP_REFERER', $_SERVER) && isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; $options = $request->getParameters(); $forward_url = TBGContext::getRouting()->generate('home'); try { if ($request->getMethod() == TBGRequest::POST) { if ($request->hasParameter('tbg3_username') && $request->hasParameter('tbg3_password')) { $username = $request->getParameter('tbg3_username'); $password = $request->getParameter('tbg3_password'); $user = TBGUser::loginCheck($username, $password, true); $this->getResponse()->setCookie('tbg3_username', $username); $this->getResponse()->setCookie('tbg3_password', TBGUser::hashPassword($password)); TBGContext::setUser($user); if ($request->hasParameter('return_to')) { $forward_url = $request->getParameter('return_to'); } else { if (TBGSettings::get('returnfromlogin') == 'referer') { if ($request->getParameter('tbg3_referer')) { $forward_url = $request->getParameter('tbg3_referer'); } else { $forward_url = TBGContext::getRouting()->generate('dashboard'); } } else { $forward_url = TBGContext::getRouting()->generate(TBGSettings::get('returnfromlogin')); } } } else { throw new Exception($i18n->__('Please enter a username and password')); } } elseif (TBGSettings::isLoginRequired()) { throw new Exception($i18n->__('You need to log in to access this site')); } elseif (!TBGContext::getUser()->isAuthenticated()) { throw new Exception($i18n->__('Please log in')); } elseif (TBGContext::hasMessage('forward')) { throw new Exception($i18n->__(TBGContext::getMessageAndClear('forward'))); } } catch (Exception $e) { if (TBGContext::getRequest()->isAjaxCall() || TBGContext::getRequest()->getRequestedFormat() == 'json') { return $this->renderJSON(array('failed' => true, "error" => $i18n->__($e->getMessage()), 'referer' => $request->getParameter('tbg3_referer'))); } else { $options['error'] = $e->getMessage(); } } if (TBGContext::getRequest()->isAjaxCall() || TBGContext::getRequest()->getRequestedFormat() == 'json') { return $this->renderJSON(array('forward' => $forward_url)); } elseif ($forward_url !== null && $request->getParameter('continue') != true) { $this->forward($forward_url); } $this->options = $options; }