public function __construct()
{
parent::__construct();
$sIp = Ip::get();
$oAdminModel = new AdminModel();
$oSecurityModel = new SecurityModel();
$sEmail = $this->httpRequest->post('mail');
$sUsername = $this->httpRequest->post('username');
$sPassword = $this->httpRequest->post('password');
/*** Security IP Login ***/
$sIpLogin = DbConfig::getSetting('ipLogin');
/*** Check if the connection is not locked ***/
$bIsLoginAttempt = (bool) DbConfig::getSetting('isAdminLoginAttempt');
$iMaxAttempts = (int) DbConfig::getSetting('maxAdminLoginAttempts');
$iTimeDelay = (int) DbConfig::getSetting('loginAdminAttemptTime');
if ($bIsLoginAttempt && !$oSecurityModel->checkLoginAttempt($iMaxAttempts, $iTimeDelay, $sEmail, $this->view, 'Admins')) {
\PFBC\Form::setError('form_admin_login', Form::loginAttemptsExceededMsg($iTimeDelay));
return;
// Stop execution of the method.
}
/*** Check Login ***/
$bIsLogged = $oAdminModel->adminLogin($sEmail, $sUsername, $sPassword);
$bIsIpBanned = !empty($sIpLogin) && $sIpLogin !== $sIp;
if (!$bIsLogged || $bIsIpBanned) {
sleep(2);
// Security against brute-force attack to avoid drowning the server and the database
if (!$bIsLogged) {
$oSecurityModel->addLoginLog($sEmail, $sUsername, $sPassword, 'Failed! Incorrect Email, Username or Password', 'Admins');
if ($bIsLoginAttempt) {
$oSecurityModel->addLoginAttempt('Admins');
}
$this->session->set('captcha_admin_enabled', 1);
// Enable Captcha
\PFBC\Form::setError('form_admin_login', t('"Email", "Username" or "Password" is Incorrect'));
} elseif ($bIsIpBanned) {
$this->session->set('captcha_admin_enabled', 1);
// Enable Captcha
\PFBC\Form::setError('form_admin_login', t('Incorrect Login!'));
$oSecurityModel->addLoginLog($sEmail, $sUsername, $sPassword, 'Failed! Bad Ip adress', 'Admins');
}
} else {
$oSecurityModel->clearLoginAttempts('Admins');
$this->session->remove('captcha_admin_enabled');
// Is disconnected if the user is logged on as "user" or "affiliate".
if (UserCore::auth() || AffiliateCore::auth()) {
$this->session->destroy();
}
$iId = $oAdminModel->getId($sEmail, null, 'Admins');
$oAdminData = $oAdminModel->readProfile($iId, 'Admins');
// Regenerate the session ID to prevent the session fixation
$this->session->regenerateId();
$aSessionData = array('admin_id' => $oAdminData->profileId, 'admin_email' => $oAdminData->email, 'admin_username' => $oAdminData->username, 'admin_first_name' => $oAdminData->firstName, 'admin_ip' => $sIp, 'admin_http_user_agent' => $this->browser->getUserAgent(), 'admin_token' => Various::genRnd($oAdminData->email));
$this->session->set($aSessionData);
$oSecurityModel->addLoginLog($sEmail, $sUsername, '*****', 'Logged in!', 'Admins');
$oAdminModel->setLastActivity($oAdminData->profileId, 'Admins');
HeaderUrl::redirect(Uri::get(PH7_ADMIN_MOD, 'main', 'index'), t('You signup is successfully!'));
}
}
public function __construct()
{
parent::__construct();
$oValidate = new Validate();
$oAdminModel = new AdminModel();
// Prohibit other administrators to edit the Root Administrator (ID 1)
$iProfileId = $this->httpRequest->getExists('profile_id') && $this->httpRequest->get('profile_id', 'int') !== 1 ? $this->httpRequest->get('profile_id', 'int') : $this->session->get('admin_id');
$oAdmin = $oAdminModel->readProfile($iProfileId, 'Admins');
if (!$this->str->equals($this->httpRequest->post('username'), $oAdmin->username)) {
$iMinUsernameLength = DbConfig::getSetting('minUsernameLength');
$iMaxUsernameLength = DbConfig::getSetting('maxUsernameLength');
if (!$oValidate->username($this->httpRequest->post('username'), $iMinUsernameLength, $iMaxUsernameLength)) {
\PFBC\Form::setError('form_admin_edit_account', t('Your username has to contain from %0% to %1% characters, your username is not available or your username already used by other admin.', $iMinUsernameLength, $iMaxUsernameLength));
$this->bIsErr = true;
} else {
$oAdminModel->updateProfile('username', $this->httpRequest->post('username'), $iProfileId, 'Admins');
$this->session->set('admin_username', $this->httpRequest->post('username'));
(new Framework\Cache\Cache())->start(UserCoreModel::CACHE_GROUP, 'username' . $iProfileId . 'Admins', null)->clear();
}
}
if (!$this->str->equals($this->httpRequest->post('mail'), $oAdmin->email)) {
if ((new ExistsCoreModel())->email($this->httpRequest->post('mail'))) {
\PFBC\Form::setError('form_admin_edit_account', t('Invalid email address or this email is already used by another admin.'));
$this->bIsErr = true;
} else {
$oAdminModel->updateProfile('email', $this->httpRequest->post('mail'), $iProfileId, 'Admins');
$this->session->set('admin_email', $this->httpRequest->post('mail'));
}
}
if (!$this->str->equals($this->httpRequest->post('first_name'), $oAdmin->firstName)) {
$oAdminModel->updateProfile('firstName', $this->httpRequest->post('first_name'), $iProfileId, 'Admins');
$this->session->set('admin_first_name', $this->httpRequest->post('first_name'));
(new Framework\Cache\Cache())->start(UserCoreModel::CACHE_GROUP, 'firstName' . $iProfileId . 'Admins', null)->clear();
}
if (!$this->str->equals($this->httpRequest->post('last_name'), $oAdmin->lastName)) {
$oAdminModel->updateProfile('lastName', $this->httpRequest->post('last_name'), $iProfileId, 'Admins');
}
if (!$this->str->equals($this->httpRequest->post('sex'), $oAdmin->sex)) {
$oAdminModel->updateProfile('sex', $this->httpRequest->post('sex'), $iProfileId, 'Admins');
(new Framework\Cache\Cache())->start(UserCoreModel::CACHE_GROUP, 'sex' . $iProfileId . 'Admins', null)->clear();
}
if (!$this->str->equals($this->httpRequest->post('time_zone'), $oAdmin->timeZone)) {
$oAdminModel->updateProfile('timeZone', $this->httpRequest->post('time_zone'), $iProfileId, 'Admins');
}
$oAdminModel->setLastEdit($iProfileId, 'Admins');
unset($oValidate, $oAdminModel, $oAdmin);
(new Admin())->clearReadProfileCache($iProfileId, 'Admins');
if (!$this->bIsErr) {
\PFBC\Form::setSuccess('form_admin_edit_account', t('Your profile has been saved successfully!'));
}
}
