/**
* Logs a user in for impersonation.
*
* This method doesn’t have any sort of credential verification, and just requires the ID of the user to
* impersonate, so use it at your own peril.
*
* The new user session will only last as long as the browser session remains active; no identity cookie will be
* created.
*
* @param int $userId The user’s ID.
*
* @throws Exception
* @return bool Whether the user is now being impersonated.
*/
public function impersonate($userId)
{
$userModel = craft()->users->getUserById($userId);
if (!$userModel) {
throw new Exception(Craft::t('Could not find a user with Id of {userId}.', array('{userId}' => $userId)));
}
$this->_identity = new UserIdentity($userModel->username, null);
$this->_identity->logUserIn($userModel);
$id = $this->_identity->getId();
$states = $this->_identity->getPersistentStates();
// Run any before login logic.
if ($this->beforeLogin($id, $states, false)) {
// Fire an 'onBeforeLogin' event
$this->onBeforeLogin(new Event($this, array('username' => $userModel->username)));
$this->changeIdentity($id, $this->_identity->getName(), $states);
// Fire an 'onLogin' event
$this->onLogin(new Event($this, array('username' => $userModel->username)));
$this->_sessionRestoredFromCookie = false;
$this->_userRow = null;
$this->_userModel = null;
$this->setReturnUrl(null);
// Run any after login logic.
$this->afterLogin(false);
return !$this->getIsGuest();
}
Craft::log($userModel->username . ' tried to log in unsuccessfully.', LogLevel::Warning);
return false;
}
/**
* Logs a user in for solely by their user ID.
*
* This method doesn’t have any sort of credential verification, so use it at your own peril.
*
* @param int $userId The user ID of the person to log in.
* @param bool $rememberMe Whether the user should be remembered.
* @param bool $setUsernameCookie Whether to set the username cookie or not.
*
* @return bool
* @throws Exception
*/
public function loginByUserId($userId, $rememberMe = false, $setUsernameCookie = false)
{
$userModel = craft()->users->getUserById($userId);
if (!$userModel) {
throw new Exception(Craft::t('Could not find a user with Id of {userId}.', array('{userId}' => $userId)));
}
// Require a userAgent string and an IP address to help prevent direct socket connections from trying to login.
if (!craft()->request->userAgent || !$_SERVER['REMOTE_ADDR']) {
Craft::log('Someone tried to login with userId: ' . $userId . ', without presenting an IP address or userAgent string.', LogLevel::Warning);
$this->logout(true);
$this->requireLogin();
}
$this->_identity = new UserIdentity($userModel->username, null);
$this->_identity->logUserIn($userModel);
if ($setUsernameCookie) {
$this->processUsernameCookie($userModel->username);
}
// Get how long this session is supposed to last.
$this->authTimeout = craft()->config->getUserSessionDuration($rememberMe);
$id = $this->_identity->getId();
$states = $this->_identity->getPersistentStates();
// Fire an 'onBeforeLogin' event
$event = new Event($this, array('username' => $userModel->username));
$this->onBeforeLogin($event);
// Is the event is giving us the go-ahead?
if ($event->performAction) {
// Run any before login logic.
if ($this->beforeLogin($id, $states, false)) {
$this->changeIdentity($id, $this->_identity->getName(), $states);
$user = craft()->users->getUserById($id);
if ($user) {
if ($this->authTimeout) {
if ($this->allowAutoLogin) {
// Save the necessary info to the identity cookie.
$sessionToken = craft()->security->generateRandomString(32);
$hashedToken = craft()->security->hashData(base64_encode(serialize($sessionToken)));
$uid = $this->storeSessionToken($user, $hashedToken);
$data = array($this->getName(), $sessionToken, $uid, $rememberMe ? 1 : 0, craft()->request->getUserAgent(), $this->saveIdentityStates());
$this->_identityCookie = $this->saveCookie('', $data, $this->authTimeout);
} else {
throw new Exception(Craft::t('{class}.allowAutoLogin must be set true in order to use cookie-based authentication.', array('{class}' => get_class($this))));
}
}
craft()->users->updateUserLoginInfo($user);
} else {
throw new Exception(Craft::t('Could not find a user with Id of {userId}.', array('{userId}' => $this->getId())));
}
$this->_sessionRestoredFromCookie = false;
$this->_userRow = null;
$this->_sessionRestoredFromCookie = false;
$this->_userRow = null;
$this->_userModel = null;
// Run any after login logic.
$this->afterLogin(false);
$success = !$this->getIsGuest();
} else {
$success = false;
}
} else {
$success = false;
}
if ($success) {
// Fire an 'onLogin' event
$this->onLogin(new Event($this, array('username' => $userModel->username)));
return true;
} else {
Craft::log($userModel->username . ' tried to log in unsuccessfully.', LogLevel::Warning);
return false;
}
}