/**
* Method executed before each action
*
* @access public
*/
public function beforeAction($controller, $action)
{
// Start the session
$this->session->open(BASE_URL_DIRECTORY, SESSION_SAVE_PATH);
// HTTP secure headers
$this->response->csp();
$this->response->nosniff();
$this->response->xss();
$this->response->hsts();
$this->response->xframe();
// Load translations
$language = $this->config->get('language', 'en_US');
if ($language !== 'en_US') {
\Translator\load($language);
}
// Set timezone
date_default_timezone_set($this->config->get('timezone', 'UTC'));
// Authentication
if (!$this->acl->isLogged() && !$this->acl->isPublicAction($controller, $action)) {
// Try the remember me authentication first
if (!$this->rememberMe->authenticate()) {
// Redirect to the login form if not authenticated
$this->response->redirect('?controller=user&action=login');
} else {
$this->lastLogin->create(\Model\LastLogin::AUTH_REMEMBER_ME, $this->acl->getUserId(), $this->user->getIpAddress(), $this->user->getUserAgent());
}
} else {
if ($this->rememberMe->hasCookie()) {
$this->rememberMe->refresh();
}
}
// Check if the user is allowed to see this page
if (!$this->acl->isPageAccessAllowed($controller, $action)) {
$this->response->redirect('?controller=user&action=forbidden');
}
// Attach events for automatic actions
$this->action->attachEvents();
}
/**
* Validate user login
*
* @access public
* @param array $values Form values
* @return array $valid, $errors [0] = Success or not, [1] = List of errors
*/
public function validateLogin(array $values)
{
$v = new Validator($values, array(new Validators\Required('username', t('The username is required')), new Validators\MaxLength('username', t('The maximum length is %d characters', 50), 50), new Validators\Required('password', t('The password is required'))));
$result = $v->execute();
$errors = $v->getErrors();
if ($result) {
list($authenticated, $method) = $this->authenticate($values['username'], $values['password']);
if ($authenticated === true) {
// Create the user session
$user = $this->getByUsername($values['username']);
$this->updateSession($user);
// Update login history
$lastLogin = new LastLogin($this->db, $this->event);
$lastLogin->create($method, $user['id'], $this->getIpAddress(), $this->getUserAgent());
// Setup the remember me feature
if (!empty($values['remember_me'])) {
$rememberMe = new RememberMe($this->db, $this->event);
$credentials = $rememberMe->create($user['id'], $this->getIpAddress(), $this->getUserAgent());
$rememberMe->writeCookie($credentials['token'], $credentials['sequence'], $credentials['expiration']);
}
} else {
$result = false;
$errors['login'] = t('Bad username or password');
}
}
return array($result, $errors);
}
