/**
* Logins on host CMS using any allowed authentication methods
*
* @param string $username The username
* @param string|boolean $password Well, The password OR strictly boolean false for login without password
* @param boolean $rememberMe If login should be remembered in a cookie to be sent back to user's browser
* @param boolean $message If an alert message should be prepared on successful login
* @param string $return IN & OUT: IN: return URL NOT SEFED for normal login completition (unless an event says different), OUT: redirection url (no htmlspecialchars) NOT SEFED
* @param array $messagesToUser OUT: messages to display to user (html)
* @param array $alertMessages OUT: messages to alert to user (text)
* @param int $loginType 0: username, 1: email, 2: username or email, 3: username, email or CMS authentication
* @param string $secretKey secretKey used for two step authentication
* @return string Error message if error
*/
public function login($username, $password, $rememberMe, $message, &$return, &$messagesToUser, &$alertMessages, $loginType = 0, $secretKey = null)
{
global $_CB_framework, $ueConfig, $_PLUGINS;
$returnURL = null;
$loggedIn = false;
if (!$username || !$password && $password !== false) {
$resultError = CBTxt::T('LOGIN_INCOMPLETE', 'Please complete the username and password fields.');
} else {
$_PLUGINS->loadPluginGroup('user');
$_PLUGINS->trigger('onBeforeLogin', array(&$username, &$password, &$secretKey));
$resultError = null;
$showSysMessage = true;
$stopLogin = false;
$firstLogin = false;
$row = new UserTable();
if ($_PLUGINS->is_errors()) {
$resultError = $_PLUGINS->getErrorMSG();
} else {
$foundUser = false;
// Try login by CB authentication trigger:
$_PLUGINS->trigger('onLoginAuthentication', array(&$username, &$password, &$row, $loginType, &$foundUser, &$stopLogin, &$resultError, &$messagesToUser, &$alertMessages, &$return, &$secretKey));
if (!$foundUser) {
if ($loginType != 2) {
// login by username:
$foundUser = $row->loadByUsername($username) && ($password === false || $row->verifyPassword($password));
}
if (!$foundUser && $loginType >= 1) {
// login by email:
$foundUser = $row->loadByEmail($username) && ($password === false || $row->verifyPassword($password));
if ($foundUser) {
$username = $row->username;
}
}
if (!$foundUser && $loginType > 2) {
// If no result, try login by CMS authentication:
if ($_CB_framework->login($username, $password, $rememberMe, null, $secretKey)) {
$foundUser = $row->load((int) $_CB_framework->myId());
// core user might not have username set, so we use id (bug #3303 fix)
$this->cbSplitSingleName($row);
$row->confirmed = 1;
$row->approved = 1;
$row->store();
// synchronizes with comprofiler table
$loggedIn = true;
}
}
}
if ($foundUser) {
$returnPluginsOverrides = null;
$pluginResults = $_PLUGINS->trigger('onDuringLogin', array(&$row, 1, &$returnPluginsOverrides));
if ($returnPluginsOverrides) {
$return = $returnPluginsOverrides;
}
if (is_array($pluginResults) && count($pluginResults)) {
foreach ($pluginResults as $res) {
if (is_array($res)) {
if (isset($res['messagesToUser'])) {
$messagesToUser[] = $res['messagesToUser'];
}
if (isset($res['alertMessage'])) {
$alertMessages[] = $res['alertMessage'];
}
if (isset($res['showSysMessage'])) {
$showSysMessage = $showSysMessage && $res['showSysMessage'];
}
if (isset($res['stopLogin'])) {
$stopLogin = $stopLogin || $res['stopLogin'];
}
}
}
}
if ($_PLUGINS->is_errors()) {
$resultError = $_PLUGINS->getErrorMSG();
} elseif ($stopLogin) {
// login stopped: don't even check for errors...
} elseif ($row->approved == 2) {
$resultError = CBTxt::T('LOGIN_REJECTED', 'Your sign up request was rejected!');
} elseif ($row->confirmed != 1) {
if ($row->cbactivation == '') {
$row->store();
// just in case the activation code was missing
}
$cbNotification = new cbNotification();
$cbNotification->sendFromSystem($row->id, CBTxt::T(stripslashes($ueConfig['reg_pend_appr_sub'])), CBTxt::T(stripslashes($ueConfig['reg_pend_appr_msg'])), true, isset($ueConfig['reg_email_html']) ? (int) $ueConfig['reg_email_html'] : 0);
$resultError = CBTxt::T('LOGIN_NOT_CONFIRMED', 'Your sign up process is not yet complete! Please check again your email for further instructions that have just been resent. If you don\'t find the email, check your spam-box. Make sure that your email account options are not set to immediately delete spam. If that was the case, just try logging in again to receive a new instructions email.');
} elseif ($row->approved == 0) {
$resultError = CBTxt::T('LOGIN_NOT_APPROVED', 'Your account has not yet been approved!');
} elseif ($row->block == 1) {
$resultError = CBTxt::T('LOGIN_BLOCKED', 'Your login is blocked.');
} elseif ($row->lastvisitDate == '0000-00-00 00:00:00') {
$firstLogin = true;
if (isset($ueConfig['reg_first_visit_url']) and $ueConfig['reg_first_visit_url'] != "") {
$return = $ueConfig['reg_first_visit_url'];
} else {
if ($returnPluginsOverrides) {
$return = $returnPluginsOverrides;
// by default return to homepage on first login (or on page overridden by plugin).
}
}
$_PLUGINS->trigger('onBeforeFirstLogin', array(&$row, $username, $password, &$return, $secretKey));
if ($_PLUGINS->is_errors()) {
$resultError = $_PLUGINS->getErrorMSG("<br />");
}
}
} else {
if ($loginType < 2) {
$resultError = CBTxt::T('LOGIN_INCORRECT_USER_NOT_FOUND LOGIN_INCORRECT', 'Incorrect username or password. Please try again.');
} else {
$resultError = CBTxt::T('UE_INCORRECT_EMAIL_OR_PASSWORD', 'Incorrect email or password. Please try again.');
}
}
}
if ($resultError) {
if ($showSysMessage) {
$alertMessages[] = $resultError;
}
} elseif (!$stopLogin) {
if (!$loggedIn) {
$_PLUGINS->trigger('onDoLoginNow', array($username, $password, $rememberMe, &$row, &$loggedIn, &$resultError, &$messagesToUser, &$alertMessages, &$return, $secretKey));
}
if (!$loggedIn) {
$_CB_framework->login($username, $password, $rememberMe, null, $secretKey);
$loggedIn = true;
}
if ($firstLogin) {
$_PLUGINS->trigger('onAfterFirstLogin', array(&$row, $loggedIn));
}
$_PLUGINS->trigger('onAfterLogin', array(&$row, $loggedIn));
if ($loggedIn && $message && $showSysMessage) {
$alertMessages[] = CBTxt::T('LOGIN_SUCCESS', 'You have successfully logged in');
}
if (!$loggedIn) {
$resultError = CBTxt::T('LOGIN_INCORRECT_USER_AUTHENTICATION_FAILED LOGIN_INCORRECT', 'Incorrect username or password. Please try again.');
}
// changing com_comprofiler to comprofiler is a quick-fix for SEF ON on return path...
if ($return && !(strpos($return, 'comprofiler') && (strpos($return, 'login') || strpos($return, 'logout') || strpos($return, 'registers') || strpos(strtolower($return), 'lostpassword')))) {
// checks for the presence of a return url
// and ensures that this url is not the registration or login pages
$returnURL = $return;
} elseif (!$returnURL) {
$returnURL = 'index.php';
}
}
}
if (!$loggedIn) {
$_PLUGINS->trigger('onLoginFailed', array(&$resultError, &$returnURL));
}
$return = $returnURL;
return $resultError;
}
