/**
* Displays the login page
* @param object $formModel
* @param bool $isMobile Whether this was called from mobile site controller
*/
public function login(LoginForm $model, $isMobile = false)
{
$model->attributes = $_POST['LoginForm'];
// get user input data
Session::cleanUpSessions();
$ip = $this->owner->getRealIp();
$userModel = $model->getUser();
$isRealUser = $userModel instanceof User;
$effectiveUsername = $isRealUser ? $userModel->username : $model->username;
$isActiveUser = $isRealUser && $userModel->status == User::STATUS_ACTIVE;
/* increment count on every session with this user/IP, to prevent brute force attacks
using session_id spoofing or whatever */
Yii::app()->db->createCommand('UPDATE x2_sessions SET status=status-1,lastUpdated=:time WHERE user=:name AND
CAST(IP AS CHAR)=:ip AND status BETWEEN -2 AND 0')->bindValues(array(':time' => time(), ':name' => $effectiveUsername, ':ip' => $ip))->execute();
$activeUser = Yii::app()->db->createCommand()->select('username')->from('x2_users')->where('username=:name AND status=1', array(':name' => $model->username))->limit(1)->queryScalar();
// get the correctly capitalized username
if (isset($_SESSION['sessionId'])) {
$sessionId = $_SESSION['sessionId'];
} else {
$sessionId = $_SESSION['sessionId'] = session_id();
}
$session = X2Model::model('Session')->findByPk($sessionId);
/* get the number of failed login attempts from this IP within timeout interval. If the
number of login attempts exceeds maximum, display captcha */
$badAttemptsRefreshTimeout = 900;
$maxFailedLoginAttemptsPerIP = 100;
$maxLoginsBeforeCaptcha = 5;
$this->pruneTimedOutBans($badAttemptsRefreshTimeout);
$failedLoginRecord = FailedLogins::model()->findActiveByIp($ip);
$badAttemptsWithThisIp = $failedLoginRecord ? $failedLoginRecord->attempts : 0;
if ($badAttemptsWithThisIp >= $maxFailedLoginAttemptsPerIP) {
$this->recordFailedLogin($ip);
throw new CHttpException(403, Yii::t('app', 'You are not authorized to use this application'));
}
// if this client has already tried to log in, increment their attempt count
if ($session === null) {
$session = new Session();
$session->id = $sessionId;
$session->user = $model->getSessionUserName();
$session->lastUpdated = time();
$session->status = 0;
$session->IP = $ip;
} else {
$session->lastUpdated = time();
$session->user = $model->getSessionUserName();
}
if ($isActiveUser === false) {
$model->verifyCode = '';
// clear captcha code
$model->validate();
// validate captcha if it's being used
$this->recordFailedLogin($ip);
$session->save();
if ($badAttemptsWithThisIp + 1 >= $maxFailedLoginAttemptsPerIP) {
throw new CHttpException(403, Yii::t('app', 'You are not authorized to use this application'));
} else {
if ($badAttemptsWithThisIp >= $maxLoginsBeforeCaptcha - 1) {
$model->useCaptcha = true;
$model->setScenario('loginWithCaptcha');
$session->status = -2;
}
}
} else {
if ($model->validate() && $model->login()) {
// user successfully logged in
if ($model->rememberMe) {
foreach (array('username', 'rememberMe') as $attr) {
// Expires in 30 days
AuxLib::setCookie(CHtml::resolveName($model, $attr), $model->{$attr}, 2592000);
}
} else {
foreach (array('username', 'rememberMe') as $attr) {
// Remove the cookie if they unchecked the box
AuxLib::clearCookie(CHtml::resolveName($model, $attr));
}
}
// We're not using the isAdmin parameter of the application
// here because isAdmin in this context hasn't been set yet.
$isAdmin = Yii::app()->user->checkAccess('AdminIndex');
if ($isAdmin && !$isMobile) {
$this->owner->attachBehavior('updaterBehavior', new UpdaterBehavior());
$this->owner->checkUpdates();
// check for updates if admin
} else {
Yii::app()->session['versionCheck'] = true;
}
// ...or don't
$session->status = 1;
$session->save();
SessionLog::logSession($model->username, $sessionId, 'login');
$_SESSION['playLoginSound'] = true;
if (YII_UNIT_TESTING && defined('X2_DEBUG_EMAIL') && X2_DEBUG_EMAIL) {
Yii::app()->session['debugEmailWarning'] = 1;
}
// if ( isset($_POST['themeName']) ) {
// $profile = X2Model::model('Profile')->findByPk(Yii::app()->user->id);
// $profile->theme = array_merge(
// $profile->theme,
// ThemeGenerator::loadDefault( $_POST['themeName'])
// );
// $profile->save();
// }
LoginThemeHelper::login();
if ($isMobile) {
$this->owner->redirect($this->owner->createUrl('/mobile/home'));
} else {
if (Yii::app()->user->returnUrl == '/site/index') {
$this->owner->redirect(array('/site/index'));
} else {
// after login, redirect to wherever
$this->owner->redirect(Yii::app()->user->returnUrl);
}
}
} else {
// login failed
$model->verifyCode = '';
// clear captcha code
$this->recordFailedLogin($ip);
$session->save();
if ($badAttemptsWithThisIp + 1 >= $maxFailedLoginAttemptsPerIP) {
throw new CHttpException(403, Yii::t('app', 'You are not authorized to use this application'));
} else {
if ($badAttemptsWithThisIp >= $maxLoginsBeforeCaptcha - 1) {
$model->useCaptcha = true;
$model->setScenario('loginWithCaptcha');
$session->status = -2;
}
}
}
}
$model->rememberMe = false;
}
public static function render()
{
$th = new LoginThemeHelper();
ThemeGenerator::renderTheme($th->currentTheme);
echo $th->formHtml();
}
</script>
<?php
$form = $this->beginWidget('CActiveForm', array('id' => 'login-form-outer', 'enableClientValidation' => false, 'enableAjaxValidation' => false, 'clientOptions' => array('validateOnSubmit' => false)));
?>
<div class="form" id="login-form">
<?php
if (isset($_POST['themeName'])) {
echo CHtml::hiddenField('themeName', $_POST['themeName']);
}
?>
<div class="row">
<div class="cell form-cell" id="login-form-inputs-container">
</div>
<?php
echo X2Html::logo('login_' . (LoginThemeHelper::singleton()->usingDarkTheme ? 'white' : 'black'), array('id' => 'login-form-logo'));
if ($profile) {
?>
<!--<div class='avatar-cell'>
<span class='image-alignment-helper'></span>
<?php
echo Profile::renderFullSizeAvatar($profile->id, 105);
?>
</div>-->
<?php
}
if ($profile) {
?>
<div id='full-name'><?php
echo $profile->fullName;
?>
* 02110-1301 USA.
*
* You can contact X2Engine, Inc. P.O. Box 66752, Scotts Valley,
* California 95067, USA. or at email address contact@x2engine.com.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "Powered by
* X2Engine" logo. If the display of the logo is not reasonably feasible for
* technical reasons, the Appropriate Legal Notices must display the words
* "Powered by X2Engine".
*****************************************************************************************/
LoginThemeHelper::init();
Yii::app()->clientScript->registerCssFile($this->module->assetsUrl . '/css/users.css');
$groups = array();
foreach (Groups::model()->findAll() as $group) {
$groups[$group->id] = $group->name;
}
$roles = array();
foreach (Roles::model()->findAll() as $role) {
$roles[$role->id] = $role->name;
}
?>
<!--<div class="page-title icon users"><h2>
<?php
echo Yii::t('users', 'Create {user}', array('{user}' => Modules::displayName(false)));
?>
</h2></div> -->
<link rel="stylesheet" type="text/css" href="<?php echo $themeURL; ?> /css/ie.css" media="screen, projection" /> <![endif]--> <title><?php echo CHtml::encode($this->pageTitle); ?> </title> </head> <body id="body-tag" class="login"> <meta name="viewport" content="width=device-width, initial-scale=0.8, user-scalable=no"> <!--<div class="ie-shadow" style="display:none;"></div>--> <?php echo $content; ?> <div class='background'> <div class='stripe-container'> <div class='stripe small' style="float:left"></div> <div class='stripe' style="float:left"></div> <div class='stripe small' style="float:right"></div> <div class='stripe' style="float:right"></div> </div> </div> <?php LoginThemeHelper::render(); ?> </body> </html>
/**
* Display/set user profile settings.
*/
public function actionSettings()
{
$model = $this->loadModel(Yii::app()->user->getId());
if (isset($_POST['Profile']) || isset($_POST['preferences'])) {
if (isset($_POST['Profile'])) {
$model->attributes = $_POST['Profile'];
if (isset($_POST['preferences']['loginSound'])) {
$pieces = explode(',', $_POST['preferences']['loginSound']);
$model->loginSound = $pieces[0];
unset($_POST['preferences']['loginSound']);
}
if (isset($_POST['preferences']['notificationSound'])) {
$pieces = explode(',', $_POST['preferences']['notificationSound']);
$model->notificationSound = $pieces[0];
unset($_POST['preferences']['notificationSound']);
}
$model->save();
}
if (isset($_POST['preferences']['themeName'])) {
ThemeGenerator::clearCache();
Yii::import('application.components.ThemeGenerator.LoginThemeHelper');
LoginThemeHelper::saveProfileTheme($_POST['preferences']['themeName']);
$model->theme = array_merge(array_diff_key($model->theme, array_flip(ThemeGenerator::getProfileKeys())), ThemeGenerator::loadDefault($_POST['preferences']['themeName'], false), array_diff_key($_POST['preferences'], array_flip(ThemeGenerator::getProfileKeys())));
$model->save();
}
$this->refresh();
}
$modules = Modules::model()->findAllByAttributes(array('visible' => 1));
$menuItems = array();
foreach ($modules as $module) {
if ($module->name == 'document') {
$menuItems[$module->title] = $module->title;
} else {
$menuItems[$module->name] = Yii::t('app', $module->title);
}
}
$menuItems = array('' => Yii::t('app', 'Activity Feed')) + $menuItems;
$languages = $model->getLanguageOptions();
$times = $this->getTimeZones();
$myThemeProvider = new CActiveDataProvider('Media', array('criteria' => array('condition' => "((private = 1 AND uploadedBy = '" . Yii::app()->user->name . "') OR private = 0) AND associationType = 'theme'", 'order' => 'createDate DESC'), 'pagination' => false));
$myBackgroundProvider = new CActiveDataProvider('Media', array('criteria' => array('condition' => "(associationType = 'bg-private' AND associationId = '" . Yii::app()->user->getId() . "') OR associationType = 'bg'", 'order' => 'createDate DESC'), 'pagination' => false));
$myLoginSoundProvider = new CActiveDataProvider('Media', array('criteria' => array('condition' => "(associationType='loginSound' AND (private=0 OR private IS NULL OR uploadedBy='" . Yii::app()->user->getName() . "'))", 'order' => 'createDate DESC'), 'pagination' => false));
$myNotificationSoundProvider = new CActiveDataProvider('Media', array('criteria' => array('condition' => "(associationType='notificationSound' AND (private=0 OR private IS NULL OR uploadedBy='" . Yii::app()->user->getName() . "'))", 'order' => 'createDate DESC'), 'pagination' => false));
$hiddenTags = json_decode(Yii::app()->params->profile->hiddenTags, true);
if (empty($hiddenTags)) {
$hiddenTags = array();
}
if (sizeof($hiddenTags)) {
$tagParams = AuxLib::bindArray($hiddenTags);
$allTags = Yii::app()->db->createCommand()->select('COUNT(*) AS count, tag')->from('x2_tags')->group('tag')->where('tag IS NOT NULL AND tag IN (' . implode(',', array_keys($tagParams)) . ')', $tagParams)->order('tag ASC')->limit(20)->queryAll();
} else {
$allTags = array();
}
$admin = Yii::app()->settings;
$this->render('settings', array('model' => $model, 'languages' => $languages, 'times' => $times, 'myThemes' => $myThemeProvider, 'myBackgrounds' => $myBackgroundProvider, 'myLoginSounds' => $myLoginSoundProvider, 'myNotificationSounds' => $myNotificationSoundProvider, 'menuItems' => $menuItems, 'allTags' => $allTags));
}
/**
* Display/set user profile settings.
*/
public function actionSettings()
{
$model = $this->loadModel(Yii::app()->user->getId());
if (isset($_POST['Profile']) || isset($_POST['preferences'])) {
if (isset($_POST['Profile'])) {
$model->attributes = $_POST['Profile'];
if ($model->save()) {
//$this->redirect(array('view','id'=>$model->id));
}
}
if (isset($_POST['preferences'])) {
$model->theme = ThemeGenerator::generatePalette($_POST['preferences']);
if ($model->save()) {
Yii::import('application.components.ThemeGenerator.LoginThemeHelper');
LoginThemeHelper::saveProfileTheme($_POST['preferences']['themeName']);
}
}
$this->refresh();
}
$modules = Modules::model()->findAllByAttributes(array('visible' => 1));
$menuItems = array();
foreach ($modules as $module) {
if ($module->name == 'document') {
$menuItems[$module->title] = $module->title;
} else {
$menuItems[$module->name] = Yii::t('app', $module->title);
}
}
$menuItems = array('' => Yii::t('app', 'Activity Feed')) + $menuItems;
$languageDirs = scandir('./protected/messages');
// scan for installed language folders
$languages = array('en' => 'English');
foreach ($languageDirs as $code) {
// look for langauges name
$name = $this->getLanguageName($code, $languageDirs);
// in each item in $languageDirs
if ($name !== false) {
$languages[$code] = $name;
}
// add to $languages if name is found
}
$times = $this->getTimeZones();
$myThemeProvider = new CActiveDataProvider('Media', array('criteria' => array('condition' => "((private = 1 AND uploadedBy = '" . Yii::app()->user->name . "') OR private = 0) AND associationType = 'theme'", 'order' => 'createDate DESC'), 'pagination' => false));
$myBackgroundProvider = new CActiveDataProvider('Media', array('criteria' => array('condition' => "(associationType = 'bg-private' AND associationId = '" . Yii::app()->user->getId() . "') OR associationType = 'bg'", 'order' => 'createDate DESC'), 'pagination' => false));
$myLoginSoundProvider = new CActiveDataProvider('Media', array('criteria' => array('condition' => "(associationType='loginSound' AND (private=0 OR private IS NULL OR uploadedBy='" . Yii::app()->user->getName() . "'))", 'order' => 'createDate DESC'), 'pagination' => false));
$myNotificationSoundProvider = new CActiveDataProvider('Media', array('criteria' => array('condition' => "(associationType='notificationSound' AND (private=0 OR private IS NULL OR uploadedBy='" . Yii::app()->user->getName() . "'))", 'order' => 'createDate DESC'), 'pagination' => false));
$hiddenTags = json_decode(Yii::app()->params->profile->hiddenTags, true);
if (empty($hiddenTags)) {
$hiddenTags = array();
}
if (sizeof($hiddenTags)) {
$tagParams = AuxLib::bindArray($hiddenTags);
$allTags = Yii::app()->db->createCommand()->select('COUNT(*) AS count, tag')->from('x2_tags')->group('tag')->where('tag IS NOT NULL AND tag IN (' . implode(',', array_keys($tagParams)) . ')', $tagParams)->order('tag ASC')->limit(20)->queryAll();
} else {
$allTags = array();
}
$admin = Yii::app()->settings;
$this->render('settings', array('model' => $model, 'languages' => $languages, 'times' => $times, 'myThemes' => $myThemeProvider, 'myBackgrounds' => $myBackgroundProvider, 'myLoginSounds' => $myLoginSoundProvider, 'myNotificationSounds' => $myNotificationSoundProvider, 'menuItems' => $menuItems, 'allTags' => $allTags));
}
