/**
* validate current password
*
* @return object $this
*/
protected function validatePassword()
{
$current = $this->getSubmittedValue('current');
try {
$oCheckLogin = new UserAuth($this->Registry);
$User = $oCheckLogin->validateLogin($this->Registry->Viewer->username, $current);
} catch (\Lampcms\LoginException $e) {
$this->setError('current', $this->_('This is not the correct password'));
}
return $this;
}
/**
* Use Credentials from Basic Auth headers
* to instantiate our BasicAuthUser
*
* @throws \Lampcms\HttpResponseCodeException
*/
protected function initBasicAuthUser($username, $pwd)
{
try {
$UserAuth = new UserAuth($this->Registry);
$User = $UserAuth->validateLogin($username, $pwd, '\\Lampcms\\Api\\UserBasicAuth');
/**
* If user logged in that means he got the email
* with password,
* thus we confirmed email address
* and can activate user
*/
$User->activate();
$this->Registry->Viewer = $User;
/**
* Set $this->viewerId
* it will result in increasing
* access rate limit
*
*
*/
$this->viewerId = $User->getUid();
} catch (\Lampcms\LoginException $e) {
e('Login error: ' . $e->getMessage() . ' in file: ' . $e->getFile() . ' on line: ' . $e->getLine());
/**
* Re-throw exception here with
* proper HTTP Code (as HttpResponseCodeException)
*/
throw new \Lampcms\HttpResponseCodeException('Wrong login credentials: ' . $e->getMessage(), 401);
}
}
public function main()
{
/**
* Will not check for the valid 'form token'
* in this form because potential
* hacher has nothing to gain by
* exploiting CSRF of a login form because
* the user using this form is be definition
* 'not yet logged in', so there is really
* nothing to gain by tricking someonw to login
*/
$bRemember = isset($this->Request['chkRemember']) ? (bool) $this->Request['chkRemember'] : false;
d('$bRemember ' . $bRemember . ' $this->Request ' . print_r($this->Request->getArrayCopy(), 1));
try {
$oCheckLogin = new UserAuth($this->Registry);
$User = $oCheckLogin->validateLogin($this->Request['login'], $this->Request['pwd']);
/**
* If user logged in that means he got the email
* with password,
* thus we confirmed email address
* and can activate user
*/
$User->activate();
} catch (\Lampcms\LoginException $e) {
/**
* @todo may add extra setting to !config.ini to send login errors
* to special dedicated email address that will receive all security (hacking attempts)
* related errors.
*/
d('Login error: ' . $e->getMessage() . ' in file: ' . $e->getFile() . ' on line: ' . $e->getLine());
if (Request::isAjax()) {
Responder::sendJSON(array('error' => $e->getMessage()));
}
$_SESSION['login_error'] = $e->getMessage();
d('$_SESSION[login_error] ' . $_SESSION['login_error']);
Responder::redirectToPage();
}
d('User: '******'onUserLogin');
if ($bRemember) {
\Lampcms\Cookie::sendLoginCookie($User->getUid(), $User['rs']);
}
Responder::redirectToPage();
}
