/** * Main method to handle login attempts. If the user passes authentication with their * chosen provider then it displays a form for them to choose their username and email. * The email address they choose is *not* verified. * * If they are already logged in then it links the new provider to their account * * @throws Exception if a provider isn't supplied, or it has non-alpha characters */ private function _doLogin() { if (!isset($_GET['provider'])) { throw new Exception("You haven't supplied a provider"); } if (!ctype_alpha($_GET['provider'])) { throw new Exception("Invalid characters in provider string"); } $identity = new RemoteUserIdentity($_GET['provider'], $this->module->getHybridauth()); if ($identity->authenticate()) { // They have authenticated AND we have a user record associated with that provider if (Yii::app()->user->isGuest) { $this->_loginUser($identity); } else { //they shouldn't get here because they are already logged in AND have a record for // that provider. Just bounce them on $this->redirect(Yii::app()->user->returnUrl); } } else { if ($identity->errorCode == RemoteUserIdentity::ERROR_USERNAME_INVALID) { // They have authenticated to their provider but we don't have a matching HaLogin entry if (Yii::app()->user->isGuest) { // They aren't logged in => display a form to choose their username & email // (we might not get it from the provider) if ($this->module->withYiiUser == true) { Yii::import('application.modules.user.models.*'); } else { Yii::import('application.models.*'); } $user = new User(); if (isset($_POST['User'])) { //Save the form $user->attributes = $_POST['User']; if ($user->validate() && $user->save()) { if ($this->module->withYiiUser == true) { $profile = new Profile(); $profile->first_name = 'firstname'; $profile->last_name = 'lastname'; $profile->user_id = $user->id; $profile->save(); } $identity->id = $user->id; $identity->username = $user->username; $this->_linkProvider($identity); $this->_loginUser($identity); } // } else { do nothing } => the form will get redisplayed } else { //Display the form with some entries prefilled if we have the info. if (isset($identity->userData->email)) { $user->email = $identity->userData->email; $email = explode('@', $user->email); $user->username = $email[0]; } } $this->render('createUser', array('user' => $user)); } else { // They are already logged in, link their user account with new provider $identity->id = Yii::app()->user->id; $this->_linkProvider($identity); $this->redirect(Yii::app()->session['hybridauth-ref']); unset(Yii::app()->session['hybridauth-ref']); } } } }
/** * Main method to handle login attempts. If the user passes authentication with their * chosen provider then it displays a form for them to choose their username and email. * The email address they choose is *not* verified. * * If they are already logged in then it links the new provider to their account * * @throws Exception if a provider isn't supplied, or it has non-alpha characters */ private function _doLogin() { if (!isset($_GET['provider'])) { throw new Exception("You haven't supplied a provider"); } if (!ctype_alpha($_GET['provider'])) { throw new Exception("Invalid characters in provider string"); } //$this->module->getHybridauth() $identity = new RemoteUserIdentity($_GET['provider'], $this->module->getHybridauth()); //$identity = new RemoteUserIdentity($_GET['provider'],Yii::app()->getModule('hybridauth')->getHybridAuth()); /*print_r($identity); exit;*/ if ($identity->authenticate()) { $this->importContacts($identity->loginProvider, $identity->userContacts); //echo "hiii--authenticated"; //exit; /* This piece of code is for checking friend is invited or not if exists then add as friend*/ /*if($identity->loginProvider == "facebook") { $chckfrnd = InviteFriend::model()->findAllByAttributes(array('invitee_social_network_id'=>$identity->loginProviderIdentifier,'status'=>0)); if(isset($chckfrnd)) { foreach($chckfrnd as $eachfrnd) { $eachfrnd->status = 1; /*print_r($eachfrnd->status); exit; $eachfrnd->save(false); } } }*/ // Check whether the page is from invite friends if it is then render invitefriends page nd to fetch contacts /*if (isset(Yii::app()->session['invitefriends']) && Yii::app()->session['invitefriends']['inviteallfriends']=='network-page') { //echo "invite"; if($identity->loginProvider == "facebook") { $this->redirect(array("/network/invitefbfriends")); } else { $this->importContacts($identity->loginProvider,$identity->userContacts); } //$this->redirect($this->createUrl('/network/getContacts', array('known_contacts'=>$knownusers,'unknown_contacts'=>$notknownusers))); //$this->render('importcontacts',array('known_contacts'=>$knownusers)); }*/ // They have authenticated AND we have a user record associated with that provider // User is existed in db and registered in yahoo and logged in.... if (isset(Yii::app()->session['login'])) { /*echo "hii---loggeeduser"; exit;*/ $this->_loginUser($identity); } else { //User is existed in db and registered with yahoo and not logged in then do something... //echo "not loggedin--".Yii::app()->user->returnUrl; //exit; //they shouldn't get here because they are already logged in AND have a record for // that provider. Just bounce them on $login = array(); if (isset(Yii::app()->session['login'])) { unset(Yii::app()->session['login']); } $login["id"] = $identity->userid; $login["username"] = $identity->username; $login["email"] = $identity->email; $login["socialnetworkid"] = $identity->loginProviderIdentifier; $login["superuser"] = $identity->Issuperuser; $shopusercookie = new CHttpCookie('shop_uname', $identity->email); $shopusercookie->expire = time() + 2 * 604800; $shoppasscookie = new CHttpCookie('shop_upwd', base64_encode($identity->password)); $shoppasscookie->expire = time() + 2 * 604800; Yii::app()->request->cookies['shop_uname'] = $shopusercookie; Yii::app()->request->cookies['shop_upwd'] = $shoppasscookie; if ($identity->userData == 1) { $login["userType"] = "parent"; Yii::app()->session['login'] = $login; $this->redirect(array('/')); } if ($identity->userData == 3) { $login["userType"] = "organization"; Yii::app()->session['login'] = $login; $this->redirect(array('/')); } } } else { if ($identity->errorCode == RemoteUserIdentity::ERROR_USERNAME_INVALID) { //Same as above added on 24-01-2013 /*if($identity->loginProvider == "facebook") { $chckfrnd = InviteFriend::model()->findAllByAttributes(array('invitee_social_network_id'=>$identity->loginProviderIdentifier,'status'=>0)); if(isset($chckfrnd)) { foreach($chckfrnd as $eachfrnd) { $eachfrnd->status = 1; /*print_r($eachfrnd->status); exit; $eachfrnd->save(false); } } }*/ /*if (isset(Yii::app()->session['invitefriends']) && Yii::app()->session['invitefriends']['inviteallfriends']=='network-page') { //echo "hiiii--- else"; //condition added on 19-01-13 for not to fetch or import contacts from facebook $identity->userid = Yii::app()->session['login']['id']; $this->_linkProvider($identity); if($identity->loginProvider == "facebook") { $this->redirect(array("/network/invitefbfriends")); } else { $this->importContacts($identity->loginProvider,$identity->userContacts); } }*/ // They have authenticated to their provider but we don't have a matching HaLogin entry if (!isset(Yii::app()->session['login'])) { // They aren't logged in => display a form to choose their username & email // (we might not get it from the provider) if ($this->module->withYiiUser == true) { Yii::import('application.modules.user.models.*'); } else { Yii::import('application.models.*'); } $user = new User(); if (isset(Yii::app()->session['userinfo'])) { $existeduser = User::model()->findByAttributes(array('email' => Yii::app()->session['userinfo']['email'])); $model = User::model()->findByAttributes(array('email' => Yii::app()->session['userinfo']['email'], 'status' => 1)); if ($existeduser['email'] != '' && isset($model)) { $this->importContacts($identity->loginProvider, $identity->userContacts); $identity->userid = $model->userid; $this->_linkProvider($identity); $login = array(); if (isset(Yii::app()->session['login'])) { unset(Yii::app()->session['login']); } $login["id"] = $model->userid; $login["username"] = $model->fname . ' ' . $model->lname; $login["email"] = $model->email; $login["socialnetworkid"] = $model->socialnetworkid; $login["superuser"] = $model->superuser; $shopusercookie = new CHttpCookie('shop_uname', $identity->email); $shopusercookie->expire = time() + 2 * 604800; $shoppasscookie = new CHttpCookie('shop_upwd', base64_encode($identity->password)); $shoppasscookie->expire = time() + 2 * 604800; Yii::app()->request->cookies['shop_uname'] = $shopusercookie; Yii::app()->request->cookies['shop_upwd'] = $shoppasscookie; if ($model->usertypeid == 1) { $login["userType"] == "parent"; Yii::app()->session['login'] = $login; $this->redirect(array('/site/index')); } elseif ($model->usertypeid == 3) { $login["userType"] == "organization"; Yii::app()->session['login'] = $login; $this->redirect(array('/organizationActivities/view')); } } else { //$this->redirect(array('/site/fbreg','url'=>'fbreg')); $this->redirect(array('/site/index', 'url' => 'newfbreg')); } } else { $this->redirect(Yii::app()->user->returnUrl); } } else { // They are already logged in, link their user account with new provider $identity->userid = Yii::app()->session['login']['id']; $this->_linkProvider($identity); //$this->redirect(Yii::app()->session['hybridauth-ref']); $this->redirect(Yii::app()->user->returnUrl); unset(Yii::app()->session['hybridauth-ref']); } } } }
/** * Main method to handle login attempts. If the user passes authentication with their * chosen provider then it displays a form for them to choose their username and email. * The email address they choose is *not* verified. * * If they are already logged in then it links the new provider to their account * * @throws Exception if a provider isn't supplied, or it has non-alpha characters */ private function _doLogin() { if (!isset($_GET['provider'])) { throw new Exception("You haven't supplied a provider"); } if (!ctype_alpha($_GET['provider'])) { throw new Exception("Invalid characters in provider string"); } $identity = new RemoteUserIdentity($_GET['provider'], $this->module->getHybridauth()); /*print_r($identity); exit;*/ if ($identity->authenticate()) { //echo "hiii--authenticated"; //exit; // They have authenticated AND we have a user record associated with that provider // User is existed in db and registered in yahoo and logged in.... if (isset(Yii::app()->session['login'])) { /*echo "hii---loggeeduser"; exit;*/ $this->_loginUser($identity); } else { //User is existed in db and registered with yahoo and not logged in then do something... //echo "not loggedin--".Yii::app()->user->returnUrl; //print_r($identity); //exit; $login = array(); if (isset(Yii::app()->session['login'])) { unset(Yii::app()->session['login']); } $login["id"] = $identity->userid; $login["username"] = $identity->username; $login["socialnetworkid"] = $identity->loginProviderIdentifier; if ($identity->userData == 1) { $login["userType"] = "parent"; Yii::app()->session['login'] = $login; $this->redirect(array('/educationalPlan/educationalPlans')); } if ($identity->userData == 3) { $login["userType"] = "organization"; Yii::app()->session['login'] = $login; $this->redirect(array('/organizationActivities/view')); } //they shouldn't get here because they are already logged in AND have a record for // that provider. Just bounce them on //$this->redirect(Yii::app()->user->returnUrl); } } else { if ($identity->errorCode == RemoteUserIdentity::ERROR_USERNAME_INVALID) { // They have authenticated to their provider but we don't have a matching HaLogin entry if (!isset(Yii::app()->session['login'])) { // They aren't logged in => display a form to choose their username & email // (we might not get it from the provider) if ($this->module->withYiiUser == true) { Yii::import('application.modules.user.models.*'); } else { Yii::import('application.models.*'); } $user = new User(); if (isset(Yii::app()->session['userinfo'])) { $this->redirect(array('/site/fbreg', 'url' => 'fbreg')); } //print_r(Yii::app()->session['userinfo']); //print_r("hiiii"); //exit; /* if (isset($_POST['User'])) { //Save the form $user->attributes = $_POST['User']; if ($user->validate() && $user->save()) { if ($this->module->withYiiUser == true) { $profile = new Profile(); $profile->first_name='firstname'; $profile->last_name='lastname'; $profile->user_id=$user->id; $profile->save(); } $identity->id = $user->id; $identity->username = $user->username; $this->_linkProvider($identity); $this->_loginUser($identity); } // } else { do nothing } => the form will get redisplayed } else { //Display the form with some entries prefilled if we have the info. if (isset($identity->userData->email)) { $user->email = $identity->userData->email; $email = explode('@', $user->email); $user->username = $email[0]; } }*/ } else { // They are already logged in, link their user account with new provider $identity->userid = Yii::app()->session['login']['id']; $this->_linkProvider($identity); //$this->redirect(Yii::app()->session['hybridauth-ref']); $this->redirect(Yii::app()->user->returnUrl); unset(Yii::app()->session['hybridauth-ref']); } } } }
/** * Main mehod to handle login attempts. If the user passes authentication with their * chosen provider then it displays a form for them to choose their username and email. * The email address they choose is *not* verified. * * @throws Exception if a provider isn't supplied, or it has non-alpha characters */ private function hybridAuth($provider = NULL) { if ($provider == NULL) { throw new CException(Yii::t('Hybridauth.main', "You haven't supplied a provider")); } if (!function_exists('password_hash')) { require_once YiiBase::getPathOfAlias('ext.bcrypt.bcrypt') . '.php'; } $identity = new RemoteUserIdentity(); if ($identity->authenticate($provider)) { // If we found a user and authenticated them, bind this data to the user if it does not already exist $user = UserMetadata::model()->findByAttributes(array('key' => $provider . 'Provider', 'value' => $identity->userData['id'])); if ($user === NULL) { $user = new UserMetadata(); $user->user_id = Users::model()->findByAttributes(array('email' => $identity->userData['email']))->id; $user->key = $provider . 'Provider'; $user->value = $identity->userData['id']; $user->save(); } $user = Users::model()->findByPk($user->user_id); // Log the user in with just their email address $model = new LoginForm(true); // CiiMS 1.7 provided authentication schemes against md5 hashes. If we have any users in the system who still have md5 hashes // as their password, allow authentication, but immediatly upgrade their password to something more secure. $model->attributes = array('username' => isset($user->email) ? $user->email : $identity->userData['email'], 'password' => md5('PUBUSER')); // validate user input and redirect to the previous page if valid if ($model->validate() && $model->login()) { // Upgradee the user's password to bcrypt so they don't stick out in database dumps if ($user->password == md5('PUBUSER')) { $user->password = password_hash($identity->userData['email'], PASSWORD_BCRYPT, array('cost' => 13)); $user->save(); } $this->redirect(Yii::app()->user->returnUrl); } // If the prevvious authentication failed, then the user has been upgraded, and we should attempt to use the bcrypt hash isntead of the md5 one $model->attributes = array('username' => isset($user->email) ? $user->email : $identity->userData['email'], 'password' => password_hash($identity->userData['email'], PASSWORD_BCRYPT, array('cost' => 13))); // validate user input and redirect to the previous page if valid if ($model->validate() && $model->login()) { $this->redirect(Yii::app()->user->returnUrl); } throw new CException(Yii::t('Hybridauth.main', 'Unable to bind to local user')); } else { if ($identity->errorCode == RemoteUserIdentity::ERROR_USERNAME_INVALID) { // If the user authenticatd against the remote network, but we didn't find them locally // Create a local account, and bind this information to it. $user = new Users(); $user->attributes = array('email' => $identity->userData['email'], 'password' => password_hash($identity->userData['email'], PASSWORD_BCRYPT, array('cost' => 13)), 'firstName' => Cii::get($identity->userData, 'firstName', 'UNKNOWN'), 'lastName' => Cii::get($identity->userData, 'lastName', 'UNKNOWN'), 'displayName' => $provider == 'twitter' ? $identity->userData['firstName'] : $identity->userData['displayName'], 'user_role' => 1, 'status' => 1); $user->save(); $meta = new UserMetadata(); $meta->user_id = $user->id; $meta->key = $provider . 'Provider'; $meta->value = $identity->userData['id']; $meta->save(); // Log the user in with just their email address $model = new LoginForm(true); $model->attributes = array('username' => $identity->userData['email'], 'password' => password_hash($identity->userData['email'], PASSWORD_BCRYPT, array('cost' => 13))); // validate user input and redirect to the previous page if valid if ($model->validate() && $model->login()) { $this->redirect(Yii::app()->user->returnUrl); } throw new CException(Yii::t('Hybridauth.main', 'Unable to bind new user locally')); } else { // Panic? throw new CException(Yii::t('Hybridauth.main', 'We were able to authenticate you against the remote network, but could not sign you in locally.')); } } }
/** * Main method to handle login attempts. If the user passes authentication with their * chosen provider then it displays a form for them to choose their username and email. * The email address they choose is *not* verified. * * If they are already logged in then it links the new provider to their account * * @throws Exception if a provider isn't supplied, or it has non-alpha characters */ private function _doLogin() { if (!isset($_GET['provider'])) { throw new Exception("You haven't supplied a provider"); } if (!ctype_alpha($_GET['provider'])) { throw new Exception("Invalid characters in provider string"); } $identity = new RemoteUserIdentity($_GET['provider'], $this->module->getHybridauth()); if ($identity->authenticate()) { // They have authenticated AND we have a user record associated with that provider if (Yii::app()->user->isGuest) { $this->_loginUser($identity); } else { //they shouldn't get here because they are already logged in AND have a record for // that provider. Just bounce them on $this->redirect(Yii::app()->user->returnUrl); } } else { if ($identity->errorCode == RemoteUserIdentity::ERROR_USERNAME_INVALID) { // They have authenticated to their provider but we don't have a matching HaLogin entry if (Yii::app()->user->isGuest) { // They aren't logged in => display a form to choose their username & email // (we might not get it from the provider) if ($this->module->withYiiUser == true) { Yii::import('application.modules.user.models.*'); } else { Yii::import('application.models.*'); } $adapter = $identity->getAdapter(); $profile = $adapter->getUserProfile(); $user = new User(); if (isset($profile->email)) { $user->Email = $profile->email; } if (isset($profile->firstName)) { $user->First_name = $profile->firstName; } if (isset($profile->lastName)) { $user->Last_name = $profile->lastName; } if (isset($profile->phone)) { $user->Phone_number = $profile->phone; } $user->save(false); if (isset($profile->photoURL)) { $photoURL = $profile->photoURL; if (!strstr($photoURL, '?')) { $photoURL .= '?width=400&height=400'; } else { $photoURL .= '&width=400&height=400'; } $content = Content::model()->AddContentFromURL($photoURL, 'User Image Link', ContentType::ImageURL); $userToContent = new UserToContent(); $userToContent->Content_ID = $content->Content_ID; $userToContent->User_ID = $user->User_ID; $userToContent->save(); } $identity->id = $user->User_ID; $this->_linkProvider($identity); $this->_loginUser($identity); } else { // They are already logged in, link their user account with new provider $identity->id = Yii::app()->user->id; $this->_linkProvider($identity); $this->redirect(Yii::app()->session['hybridauth-ref']); unset(Yii::app()->session['hybridauth-ref']); } } } }