public function actionLogin() { $this->_assertPostOnly(); $data = $this->_input->filter(array('login' => XenForo_Input::STRING, 'password' => XenForo_Input::STRING, 'redirect' => XenForo_Input::STRING, 'cookie_check' => XenForo_Input::UINT)); $redirect = $data['redirect'] ? $data['redirect'] : XenForo_Link::buildAdminLink('index'); $loginModel = $this->_getLoginModel(); if ($data['cookie_check'] && count($_COOKIE) == 0) { // login came from a page, so we should at least have a session cookie. // if we don't, assume that cookies are disabled return $this->responseError(new XenForo_Phrase('cookies_required_to_log_in_to_site')); } $needCaptcha = $loginModel->requireLoginCaptcha($data['login']); if ($needCaptcha) { // just block logins here instead of using the captcha return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts')); } $userModel = $this->_getUserModel(); $userId = $userModel->validateAuthentication($data['login'], $data['password'], $error); if (!$userId) { $loginModel->logLoginAttempt($data['login']); if ($loginModel->requireLoginCaptcha($data['login'])) { return $this->responseError(new XenForo_Phrase('your_account_has_temporarily_been_locked_due_to_failed_login_attempts')); } if ($this->_input->filterSingle('upgrade', XenForo_Input::UINT)) { return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect); } else { // note - JSON view will return responseError($text) return $this->responseView('XenForo_ViewAdmin_Login_Error', 'login_form', array('text' => $error, 'defaultLogin' => $data['login'], 'redirect' => $redirect), array('containerTemplate' => 'LOGIN_PAGE')); } } $loginModel->clearLoginAttempts($data['login']); XenForo_Model_Ip::log($userId, 'user', $userId, 'login_admin'); XenForo_Application::get('session')->changeUserId($userId); XenForo_Visitor::setup($userId); // if guest on front-end, login there too $publicSession = new XenForo_Session(); $publicSession->start(); if (!$publicSession->get('user_id')) { $publicSession->changeUserId($userId); $publicSession->save(); } $visitor = XenForo_Visitor::getInstance(); // now check that the user will be able to get into the ACP (is_admin) if (!$visitor->is_admin) { return $this->responseError(new XenForo_Phrase('your_account_does_not_have_admin_privileges')); } if ($this->_input->filterSingle('repost', XenForo_Input::UINT)) { return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect, '', array('repost' => 1, 'postVars' => $this->_input->filterSingle('postVars', XenForo_Input::JSON_ARRAY))); } else { return $this->responseRedirect(XenForo_ControllerResponse_Redirect::SUCCESS, $redirect); } }
/** * This simply gets public session, from cookies if necessary. * * @param Zend_Controller_Request_Http $request * * @return XenForo_Session */ public static function getPublicSession(Zend_Controller_Request_Http $request) { $session = new XenForo_Session(); $session->start(); if (!$session->sessionExists()) { $cookiePrefix = XenForo_Application::get('config')->cookie->prefix; $userCookie = $request->getCookie($cookiePrefix . 'user'); if ($userCookie) { if ($userId = XenForo_Model::create('XenForo_Model_User')->loginUserByRememberCookie($userCookie)) { $session->changeUserId($userId); } else { XenForo_Helper_Cookie::deleteCookie('user', true); } } if (!empty($_SERVER['HTTP_USER_AGENT'])) { $session->set('userAgent', $_SERVER['HTTP_USER_AGENT']); $session->set('isRobot', self::isRobot($_SERVER['HTTP_USER_AGENT'])); } if (!empty($_SERVER['HTTP_REFERER'])) { $session->set('referer', $_SERVER['HTTP_REFERER']); $session->set('fromSearch', self::isSearchReferer($_SERVER['HTTP_REFERER'])); } } return $session; }