/** * Returns the logged in user, or default user if not logged in * * @param string $uname * @param string $upwd * * @return TBGUser */ public static function loginCheck($username = null, $password = null) { try { $row = null; // If no username and password specified, check if we have a session that exists already if ($username === null && $password === null) { if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) { $username = TBGContext::getRequest()->getCookie('tbg3_username'); $password = TBGContext::getRequest()->getCookie('tbg3_password'); $row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, $password); if (!$row) { TBGContext::getResponse()->deleteCookie('tbg3_username'); TBGContext::getResponse()->deleteCookie('tbg3_password'); throw new Exception('No such login'); //TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login')); } } } // If we have authentication details, validate them if (TBGSettings::getAuthenticationBackend() !== null && TBGSettings::getAuthenticationBackend() !== 'tbg' && $username !== null && $password !== null) { TBGLogging::log('Authenticating with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO); try { $mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend()); if ($mod->getType() !== TBGModule::MODULE_AUTH) { TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL); throw new Exception('Invalid module type'); } if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) { $row = $mod->verifyLogin($username, $password); } else { $row = $mod->doLogin($username, $password); } if (!$row) { // Invalid TBGContext::getResponse()->deleteCookie('tbg3_username'); TBGContext::getResponse()->deleteCookie('tbg3_password'); throw new Exception('No such login'); //TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login')); } } catch (Exception $e) { throw $e; } } elseif ($username !== null && $password !== null) { TBGLogging::log('Using internal authentication', 'auth', TBGLogging::LEVEL_INFO); // First test a pre-encrypted password $row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, $password); if (!$row) { // Then test an unencrypted password $row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, self::hashPassword($password)); if (!$row) { // This is a legacy account from a 2.1 upgrade - try md5 $row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, md5($password)); if (!$row) { // Invalid TBGContext::getResponse()->deleteCookie('tbg3_username'); TBGContext::getResponse()->deleteCookie('tbg3_password'); throw new Exception('No such login'); //TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login')); } else { // convert md5 to new password type $user = new TBGUser($row->get(TBGUsersTable::ID), $row); $user->changePassword($password); $user->save(); unset($user); } } } } elseif (TBGContext::isCLI()) { $row = TBGUsersTable::getTable()->getByUsername(TBGContext::getCurrentCLIusername()); } elseif (!TBGSettings::isLoginRequired()) { $row = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID()); } if ($row) { if (!$row->get(TBGScopesTable::ENABLED)) { throw new Exception('This account belongs to a scope that is not active'); } elseif (!$row->get(TBGUsersTable::ACTIVATED)) { throw new Exception('This account has not been activated yet'); } elseif (!$row->get(TBGUsersTable::ENABLED)) { throw new Exception('This account has been suspended'); } $user = TBGContext::factory()->TBGUser($row->get(TBGUsersTable::ID), $row); } elseif (TBGSettings::isLoginRequired()) { throw new Exception('Login required'); } else { throw new Exception('No such login'); } } catch (Exception $e) { throw $e; } return $user; }