} } else { // create new session object and store it in PHP session $gCurrentSession = new Session($gDb, $gSessionId); $_SESSION['gCurrentSession'] = $gCurrentSession; // create system component $gSystemComponent = new Component($gDb); $gSystemComponent->readDataByColumns(array('com_type' => 'SYSTEM', 'com_name_intern' => 'CORE')); $gCurrentSession->addObject('gSystemComponent', $gSystemComponent); // if cookie ADMIDIO_DATA is set then there could be an auto login // the auto login must be done here because after that the corresponding organization must be set if (array_key_exists($gCookiePraefix . '_DATA', $_COOKIE)) { // restore user from auto login session $autoLogin = new AutoLogin($gDb, $gSessionId); $autoLogin->setValidLogin($gCurrentSession, $_COOKIE[$gCookiePraefix . '_DATA']); $userIdAutoLogin = $autoLogin->getValue('atl_usr_id'); // create object of the organization of config file with their preferences if ($autoLogin->getValue('atl_org_id') > 0) { $gCurrentOrganization = new Organization($gDb, $autoLogin->getValue('atl_org_id')); } else { $gCurrentOrganization = new Organization($gDb, $g_organization); } } else { // create object of the organization of config file with their preferences $gCurrentOrganization = new Organization($gDb, $g_organization); } if ($gCurrentOrganization->getValue('org_id') === 0) { // organization not found exit('<div style="color: #cc0000;">Error: The organization of the config.php could not be found in the database!</div>'); } // add the organization to the session
/** * Check if a valid password is set for the user and return true if the correct password * was set. Optional the current session could be updated to a valid login session. * @param string $password The password for the current user. This should not be encoded. * @param bool $setAutoLogin If set to true then this login will be stored in AutoLogin table * and the user doesn't need to login another time with this browser. * To use this functionality @b $updateSessionCookies must be set to true. * @param bool $updateSessionCookies The current session will be updated to a valid login. * If set to false then the login is only valid for the current script. * @return true Return true if the correct password for this user was given to this method. * @throws AdmException SYS_LOGIN_FAILED * SYS_LOGIN_FAILED * SYS_PASSWORD_UNKNOWN */ public function checkLogin($password, $setAutoLogin = false, $updateSessionCookies = true) { global $gPreferences, $gCookiePraefix, $gCurrentSession, $gSessionId; if ($this->getValue('usr_number_invalid') >= 3) { // if within 15 minutes 3 wrong login took place -> block user account for 15 minutes if (time() - strtotime($this->getValue('usr_date_invalid', 'Y-m-d H:i:s')) < 900) { $this->clear(); throw new AdmException('SYS_LOGIN_FAILED'); } } if ($this->checkPassword($password)) { if ($updateSessionCookies) { $gCurrentSession->setValue('ses_usr_id', $this->getValue('usr_id')); $gCurrentSession->save(); } // soll der Besucher automatisch eingeloggt bleiben, dann verfaellt das Cookie erst nach einem Jahr if ($setAutoLogin && $gPreferences['enable_auto_login'] == 1) { $timestamp_expired = time() + 60 * 60 * 24 * 365; $autoLogin = new AutoLogin($this->db, $gSessionId); // falls bereits ein Autologin existiert (Doppelanmeldung an 1 Browser), // dann kein Neues anlegen, da dies zu 'Duplicate Key' fuehrt if ($autoLogin->getValue('atl_usr_id') === '') { $autoLogin->setValue('atl_session_id', $gSessionId); $autoLogin->setValue('atl_usr_id', $this->getValue('usr_id')); $autoLogin->save(); } } else { $timestamp_expired = 0; $this->setValue('usr_last_session_id', null); } if ($updateSessionCookies) { // Cookies fuer die Anmeldung setzen und evtl. Ports entfernen $domain = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':')); setcookie($gCookiePraefix . '_ID', $gSessionId, $timestamp_expired, '/', $domain, 0); // User-Id und Autologin auch noch als Cookie speichern // vorher allerdings noch serialisieren, damit der Inhalt nicht so einfach ausgelesen werden kann setcookie($gCookiePraefix . '_DATA', $setAutoLogin . ';' . $this->getValue('usr_id'), $timestamp_expired, '/', $domain, 0); // count logins and update login dates $this->saveChangesWithoutRights(); $this->updateLoginData(); } return true; } else { // log invalid logins if ($this->getValue('usr_number_invalid') >= 3) { $this->setValue('usr_number_invalid', 1); } else { $this->setValue('usr_number_invalid', $this->getValue('usr_number_invalid') + 1); } $this->setValue('usr_date_invalid', DATETIME_NOW); $this->save(false); // don't update timestamp $this->clear(); if ($this->getValue('usr_number_invalid') >= 3) { throw new AdmException('SYS_LOGIN_FAILED'); } else { throw new AdmException('SYS_PASSWORD_UNKNOWN'); } } }