/**
* Logs a user in for impersonation.
*
* This method doesn’t have any sort of credential verification, and just requires the ID of the user to
* impersonate, so use it at your own peril.
*
* The new user session will only last as long as the browser session remains active; no identity cookie will be
* created.
*
* @param int $userId The user’s ID.
*
* @throws Exception
* @return bool Whether the user is now being impersonated.
*/
public function impersonate($userId)
{
$userModel = craft()->users->getUserById($userId);
if (!$userModel) {
throw new Exception(Craft::t('Could not find a user with Id of {userId}.', array('{userId}' => $userId)));
}
$this->_identity = new UserIdentity($userModel->username, null);
$this->_identity->logUserIn($userModel);
$id = $this->_identity->getId();
$states = $this->_identity->getPersistentStates();
// Run any before login logic.
if ($this->beforeLogin($id, $states, false)) {
// Fire an 'onBeforeLogin' event
$this->onBeforeLogin(new Event($this, array('username' => $userModel->username)));
$this->changeIdentity($id, $this->_identity->getName(), $states);
// Fire an 'onLogin' event
$this->onLogin(new Event($this, array('username' => $userModel->username)));
$this->_sessionRestoredFromCookie = false;
$this->_userRow = null;
$this->_userModel = null;
$this->setReturnUrl(null);
// Run any after login logic.
$this->afterLogin(false);
return !$this->getIsGuest();
}
Craft::log($userModel->username . ' tried to log in unsuccessfully.', LogLevel::Warning);
return false;
}
public function becomeUser($username)
{
Yii::import('application.modules_core.user.components.*');
$newIdentity = new UserIdentity($username, '');
$newIdentity->fakeAuthenticate();
Yii::app()->user->setId($newIdentity->getId());
Yii::app()->user->setName($newIdentity->getName());
Yii::app()->user->reload();
}
/**
* Logs a user in for solely by their user ID.
*
* This method doesn’t have any sort of credential verification, so use it at your own peril.
*
* @param int $userId The user ID of the person to log in.
* @param bool $rememberMe Whether the user should be remembered.
* @param bool $setUsernameCookie Whether to set the username cookie or not.
*
* @return bool
* @throws Exception
*/
public function loginByUserId($userId, $rememberMe = false, $setUsernameCookie = false)
{
$userModel = craft()->users->getUserById($userId);
if (!$userModel) {
throw new Exception(Craft::t('Could not find a user with Id of {userId}.', array('{userId}' => $userId)));
}
// Require a userAgent string and an IP address to help prevent direct socket connections from trying to login.
if (!craft()->request->userAgent || !$_SERVER['REMOTE_ADDR']) {
Craft::log('Someone tried to login with userId: ' . $userId . ', without presenting an IP address or userAgent string.', LogLevel::Warning);
$this->logout(true);
$this->requireLogin();
}
$this->_identity = new UserIdentity($userModel->username, null);
$this->_identity->logUserIn($userModel);
if ($setUsernameCookie) {
$this->processUsernameCookie($userModel->username);
}
// Get how long this session is supposed to last.
$this->authTimeout = craft()->config->getUserSessionDuration($rememberMe);
$id = $this->_identity->getId();
$states = $this->_identity->getPersistentStates();
// Fire an 'onBeforeLogin' event
$event = new Event($this, array('username' => $userModel->username));
$this->onBeforeLogin($event);
// Is the event is giving us the go-ahead?
if ($event->performAction) {
// Run any before login logic.
if ($this->beforeLogin($id, $states, false)) {
$this->changeIdentity($id, $this->_identity->getName(), $states);
$user = craft()->users->getUserById($id);
if ($user) {
if ($this->authTimeout) {
if ($this->allowAutoLogin) {
// Save the necessary info to the identity cookie.
$sessionToken = craft()->security->generateRandomString(32);
$hashedToken = craft()->security->hashData(base64_encode(serialize($sessionToken)));
$uid = $this->storeSessionToken($user, $hashedToken);
$data = array($this->getName(), $sessionToken, $uid, $rememberMe ? 1 : 0, craft()->request->getUserAgent(), $this->saveIdentityStates());
$this->_identityCookie = $this->saveCookie('', $data, $this->authTimeout);
} else {
throw new Exception(Craft::t('{class}.allowAutoLogin must be set true in order to use cookie-based authentication.', array('{class}' => get_class($this))));
}
}
craft()->users->updateUserLoginInfo($user);
} else {
throw new Exception(Craft::t('Could not find a user with Id of {userId}.', array('{userId}' => $this->getId())));
}
$this->_sessionRestoredFromCookie = false;
$this->_userRow = null;
$this->_sessionRestoredFromCookie = false;
$this->_userRow = null;
$this->_userModel = null;
// Run any after login logic.
$this->afterLogin(false);
$success = !$this->getIsGuest();
} else {
$success = false;
}
} else {
$success = false;
}
if ($success) {
// Fire an 'onLogin' event
$this->onLogin(new Event($this, array('username' => $userModel->username)));
return true;
} else {
Craft::log($userModel->username . ' tried to log in unsuccessfully.', LogLevel::Warning);
return false;
}
}
/**
* Logs a user in.
*
* @param \IUserIdentity $username
* @param int $password
* @param bool $rememberMe
* @throws Exception
* @return bool
*/
public function login($username, $password, $rememberMe = false)
{
// Validate the username/password first.
$usernameModel = new UsernameModel();
$passwordModel = new PasswordModel();
$usernameModel->username = $username;
$passwordModel->password = $password;
// Require a userAgent string and an IP address to help prevent direct socket connections from trying to login.
if (!craft()->request->userAgent || !craft()->request->getIpAddress()) {
Craft::log('Someone tried to login with loginName: ' . $username . ', without presenting an IP address or userAgent string.', LogLevel::Warning);
$this->logout();
$this->requireLogin();
}
// Validate the model.
if ($usernameModel->validate() && $passwordModel->validate()) {
// Authenticate the credentials.
$this->_identity = new UserIdentity($username, $password);
$this->_identity->authenticate();
// Was the login successful?
if ($this->_identity->errorCode == UserIdentity::ERROR_NONE) {
// See if the 'rememberUsernameDuration' config item is set. If so, save the name to a cookie.
$rememberUsernameDuration = craft()->config->get('rememberUsernameDuration');
if ($rememberUsernameDuration) {
$interval = new DateInterval($rememberUsernameDuration);
$expire = new DateTime();
$expire->add($interval);
// Save the username cookie.
$this->saveCookie('username', $username, $expire->getTimestamp());
}
// Get how long this session is supposed to last.
$seconds = $this->_getSessionDuration($rememberMe);
$this->authTimeout = $seconds;
$id = $this->_identity->getId();
$states = $this->_identity->getPersistentStates();
// Run any before login logic.
if ($this->beforeLogin($id, $states, false)) {
$this->changeIdentity($id, $this->_identity->getName(), $states);
if ($seconds > 0) {
if ($this->allowAutoLogin) {
$user = craft()->users->getUserById($id);
if ($user) {
// Save the necessary info to the identity cookie.
$sessionToken = StringHelper::UUID();
$hashedToken = craft()->security->hashString($sessionToken);
$uid = craft()->users->handleSuccessfulLogin($user, $hashedToken['hash']);
$userAgent = craft()->request->userAgent;
$data = array($this->getName(), $sessionToken, $uid, $seconds, $userAgent, $this->saveIdentityStates());
$this->saveCookie('', $data, $seconds);
} else {
throw new Exception(Craft::t('Could not find a user with Id of {userId}.', array('{userId}' => $this->getId())));
}
} else {
throw new Exception(Craft::t('{class}.allowAutoLogin must be set true in order to use cookie-based authentication.', array('{class}' => get_class($this))));
}
}
$this->_sessionRestoredFromCookie = false;
$this->_userRow = null;
// Run any after login logic.
$this->afterLogin(false);
}
return !$this->getIsGuest();
}
}
Craft::log($username . ' tried to log in unsuccessfully.', LogLevel::Warning);
return false;
}