function OnPostback() { # new list for validation $this->o_error_list = new XhtmlElement('ul'); $this->o_error_list->AddAttribute('class', 'validationSummary'); # check we've got email if (isset($_POST['email']) and !trim($_POST['email']) or !isset($_POST['email'])) { $this->o_error_list->AddControl(new XhtmlElement('li', 'Please enter your email address')); } # check for request to resend activation email if (isset($_POST['resend']) and !$this->o_error_list->CountControls()) { # Get the person's name and id. Only checking email at this point creates the possibility that someone could # fake this request for another user, but the worst they can do is send a new activation request to that other # user; they can't gain any information themselves or disable anyone's account. Don't try to check password because # browser security means we can't be sure it'll be repopulated and reposted. $authentication = $this->GetAuthenticationManager(); $authentication->ReadByEmail($_POST['email']); $account = $authentication->GetFirst(); if (is_object($account)) { # send a new email $s_hash = $authentication->SaveRequest($account->GetId()); $email_success = $authentication->SendActivationEmail($account, $s_hash); # redirect to activation message $s_email_status = $email_success ? '' : '&email=no'; $this->Redirect($this->GetSettings()->GetUrl('AccountActivate') . '?action=request&name=' . urlencode($account->GetName()) . '&address=' . urlencode($account->GetEmail()) . $s_email_status); } } # check we've got password if (isset($_POST['password']) and !trim($_POST['password']) or !isset($_POST['password'])) { $this->o_error_list->AddControl(new XhtmlElement('li', 'Please enter your password')); } # no message so form OK if (!$this->o_error_list->CountControls()) { # try to sign in $sign_in_result = $this->GetAuthenticationManager()->SignIn($_POST['email'], $_POST['password'], isset($_POST['remember_me'])); switch ($sign_in_result) { case SignInResult::Success(): if (isset($_POST['page'])) { header('Location: ' . str_replace('&', '&', str_replace('&', '&', $_POST['page']))); } else { header('location: ' . $this->GetSettings()->GetClientRoot()); } exit; case SignInResult::AccountDisabled(): $this->o_error_list->AddControl(new XhtmlElement('li', 'Sorry, your account has been disabled due to misuse.')); break; case SignInResult::NotActivated(): $not_activated = new XhtmlElement('li', 'You need to activate your account. Check your email inbox.'); $not_activated->AddControl('<input type="submit" name="resend" value="Send a new email" class="inlineButton" />'); $this->o_error_list->AddControl($not_activated); break; case SignInResult::NotFound(): $this->o_error_list->AddControl(new XhtmlElement('li', 'You tried to sign in with an incorrect email address and/or password. Please sign in again.')); break; } } }
/** * Attempt to sign in to the website using the supplied username and password * * @param string $username * @param string $password * @param bool $enable_auto_sign_in * @param bool $password_already_hashed * @return SignInResult */ public function SignIn($username, $password, $enable_auto_sign_in = false, $password_already_hashed = false) { $user_id = $this->ValidateUser($username, $password, $password_already_hashed); if (!$user_id) { return SignInResult::NotFound(); } $user = $this->ReadDataForValidUser($user_id); $sign_in_result = $this->SignInValidUser($user, $enable_auto_sign_in); return $sign_in_result; }