public function __construct()
 {
     parent::__construct();
     $oUserModel = new UserCoreModel();
     $oSecurityModel = new SecurityModel();
     $sEmail = $this->httpRequest->post('mail');
     $sPassword = $this->httpRequest->post('password');
     /** Check if the connection is not locked **/
     $bIsLoginAttempt = (bool) DbConfig::getSetting('isUserLoginAttempt');
     $iMaxAttempts = (int) DbConfig::getSetting('maxUserLoginAttempts');
     $iTimeDelay = (int) DbConfig::getSetting('loginUserAttemptTime');
     if ($bIsLoginAttempt && !$oSecurityModel->checkLoginAttempt($iMaxAttempts, $iTimeDelay, $sEmail, $this->view)) {
         \PFBC\Form::setError('form_login_user', Form::loginAttemptsExceededMsg($iTimeDelay));
         return;
         // Stop execution of the method.
     }
     // Check Login
     $sLogin = $oUserModel->login($sEmail, $sPassword);
     if ($sLogin === 'email_does_not_exist' || $sLogin === 'password_does_not_exist') {
         sleep(1);
         // Security against brute-force attack to avoid drowning the server and the database
         if ($sLogin === 'email_does_not_exist') {
             $this->session->set('captcha_enabled', 1);
             // Enable Captcha
             \PFBC\Form::setError('form_login_user', t('Oops! "%0%" is not associated with any %site_name% account.', escape(substr($sEmail, 0, PH7_MAX_EMAIL_LENGTH))));
             $oSecurityModel->addLoginLog($sEmail, 'Guest', 'No Password', 'Failed! Incorrect Username');
         } elseif ($sLogin === 'password_does_not_exist') {
             $oSecurityModel->addLoginLog($sEmail, 'Guest', $sPassword, 'Failed! Incorrect Password');
             if ($bIsLoginAttempt) {
                 $oSecurityModel->addLoginAttempt();
             }
             $this->session->set('captcha_enabled', 1);
             // Enable Captcha
             $sWrongPwdTxt = t('Oops! This password you entered is incorrect.') . '<br />';
             $sWrongPwdTxt .= t('Please try again (make sure your caps lock is off).') . '<br />';
             $sWrongPwdTxt .= t('Forgot your password? <a href="%0%">Request a new one</a>.', Uri::get('lost-password', 'main', 'forgot', 'user'));
             \PFBC\Form::setError('form_login_user', $sWrongPwdTxt);
         }
     } else {
         $oSecurityModel->clearLoginAttempts();
         $this->session->remove('captcha_enabled');
         $iId = $oUserModel->getId($sEmail);
         $oUserData = $oUserModel->readProfile($iId);
         if ($this->httpRequest->postExists('remember')) {
             // We hash again the password
             (new Framework\Cookie\Cookie())->set(array('member_remember' => Security::hashCookie($oUserData->password), 'member_id' => $oUserData->profileId));
         }
         $oUser = new UserCore();
         if (true !== ($mStatus = $oUser->checkAccountStatus($oUserData))) {
             \PFBC\Form::setError('form_login_user', $mStatus);
         } else {
             $oUser->setAuth($oUserData, $oUserModel, $this->session);
             Header::redirect(Uri::get('user', 'account', 'index'), t('You are successfully logged!'));
         }
     }
 }
Esempio n. 2
0
 /**
  * Set an user authentication.
  *
  * @param integer $iId
  * @param object \PH7\UserCoreModel $oUserModel
  * @return void
  */
 public function setLogin($iId, UserCoreModel $oUserModel)
 {
     $oUserData = $oUserModel->readProfile($iId);
     $oUser = new UserCore();
     if (true === ($sErrMsg = $oUser->checkAccountStatus($oUserData))) {
         $oUser->setAuth($oUserData, $oUserModel, new Framework\Session\Session());
     }
     unset($oUser, $oUserModel);
     true !== $sErrMsg ? $this->oDesign->setFlashMsg($sErrMsg) : t('Hi %0%, welcome to %site_name%', '<em>' . $oUserData->firstName . '</em>');
 }