/** * Method executed before each action * * @access public */ public function beforeAction($controller, $action) { // Start the session $this->session->open(BASE_URL_DIRECTORY, SESSION_SAVE_PATH); // HTTP secure headers $this->response->csp(); $this->response->nosniff(); $this->response->xss(); $this->response->hsts(); $this->response->xframe(); // Load translations $language = $this->config->get('language', 'en_US'); if ($language !== 'en_US') { \Translator\load($language); } // Set timezone date_default_timezone_set($this->config->get('timezone', 'UTC')); // Authentication if (!$this->acl->isLogged() && !$this->acl->isPublicAction($controller, $action)) { // Try the remember me authentication first if (!$this->rememberMe->authenticate()) { // Redirect to the login form if not authenticated $this->response->redirect('?controller=user&action=login'); } else { $this->lastLogin->create(\Model\LastLogin::AUTH_REMEMBER_ME, $this->acl->getUserId(), $this->user->getIpAddress(), $this->user->getUserAgent()); } } else { if ($this->rememberMe->hasCookie()) { $this->rememberMe->refresh(); } } // Check if the user is allowed to see this page if (!$this->acl->isPageAccessAllowed($controller, $action)) { $this->response->redirect('?controller=user&action=forbidden'); } // Attach events for automatic actions $this->action->attachEvents(); }
/** * Validate user login * * @access public * @param array $values Form values * @return array $valid, $errors [0] = Success or not, [1] = List of errors */ public function validateLogin(array $values) { $v = new Validator($values, array(new Validators\Required('username', t('The username is required')), new Validators\MaxLength('username', t('The maximum length is %d characters', 50), 50), new Validators\Required('password', t('The password is required')))); $result = $v->execute(); $errors = $v->getErrors(); if ($result) { list($authenticated, $method) = $this->authenticate($values['username'], $values['password']); if ($authenticated === true) { // Create the user session $user = $this->getByUsername($values['username']); $this->updateSession($user); // Update login history $lastLogin = new LastLogin($this->db, $this->event); $lastLogin->create($method, $user['id'], $this->getIpAddress(), $this->getUserAgent()); // Setup the remember me feature if (!empty($values['remember_me'])) { $rememberMe = new RememberMe($this->db, $this->event); $credentials = $rememberMe->create($user['id'], $this->getIpAddress(), $this->getUserAgent()); $rememberMe->writeCookie($credentials['token'], $credentials['sequence'], $credentials['expiration']); } } else { $result = false; $errors['login'] = t('Bad username or password'); } } return array($result, $errors); }