/**
* Authorizes the user with his username and password. Initializes
* the user session if the user data are valid.
*
* @access protected
* @param \Zepi\Web\UserInterface\Form\Form $loginForm
* @param \Zepi\Turbo\Framework $framework
* @param \Zepi\Turbo\Request\WebRequest $request
* @param \Zepi\Turbo\Response\Response $response
* @return string|boolean
*/
protected function authorizeUser(Form $loginForm, Framework $framework, WebRequest $request, Response $response)
{
$user = $this->validateUserData($framework, $loginForm->getField('user-data', 'username')->getValue(), $loginForm->getField('user-data', 'password')->getValue());
if ($user === false) {
return $this->translate('There is no user with this username or password.', '\\Zepi\\Web\\AccessControl');
}
// If the user is disabled we cannot create a session
if (!$user->hasAccess('\\Global\\*') && $user->hasAccess('\\Global\\Disabled')) {
return $this->translate('Your user is disabled. Please contact the administrator.', '\\Zepi\\Web\\AccessControl');
}
// Initializes the user session
$this->sessionManager->initializeUserSession($request, $response, $user);
// Redirect to the target or to the start page
$target = '/';
$origin = $loginForm->getField('user-data', 'origin')->getValue();
if ($origin !== '') {
$target = base64_decode($origin);
}
$response->redirectTo($target);
return true;
}
