function OnPostback()
{
# new list for validation
$this->o_error_list = new XhtmlElement('ul');
$this->o_error_list->AddAttribute('class', 'validationSummary');
# check we've got email
if (isset($_POST['email']) and !trim($_POST['email']) or !isset($_POST['email'])) {
$this->o_error_list->AddControl(new XhtmlElement('li', 'Please enter your email address'));
}
# check for request to resend activation email
if (isset($_POST['resend']) and !$this->o_error_list->CountControls()) {
# Get the person's name and id. Only checking email at this point creates the possibility that someone could
# fake this request for another user, but the worst they can do is send a new activation request to that other
# user; they can't gain any information themselves or disable anyone's account. Don't try to check password because
# browser security means we can't be sure it'll be repopulated and reposted.
$authentication = $this->GetAuthenticationManager();
$authentication->ReadByEmail($_POST['email']);
$account = $authentication->GetFirst();
if (is_object($account)) {
# send a new email
$s_hash = $authentication->SaveRequest($account->GetId());
$email_success = $authentication->SendActivationEmail($account, $s_hash);
# redirect to activation message
$s_email_status = $email_success ? '' : '&email=no';
$this->Redirect($this->GetSettings()->GetUrl('AccountActivate') . '?action=request&name=' . urlencode($account->GetName()) . '&address=' . urlencode($account->GetEmail()) . $s_email_status);
}
}
# check we've got password
if (isset($_POST['password']) and !trim($_POST['password']) or !isset($_POST['password'])) {
$this->o_error_list->AddControl(new XhtmlElement('li', 'Please enter your password'));
}
# no message so form OK
if (!$this->o_error_list->CountControls()) {
# try to sign in
$sign_in_result = $this->GetAuthenticationManager()->SignIn($_POST['email'], $_POST['password'], isset($_POST['remember_me']));
switch ($sign_in_result) {
case SignInResult::Success():
if (isset($_POST['page'])) {
header('Location: ' . str_replace('&', '&', str_replace('&', '&', $_POST['page'])));
} else {
header('location: ' . $this->GetSettings()->GetClientRoot());
}
exit;
case SignInResult::AccountDisabled():
$this->o_error_list->AddControl(new XhtmlElement('li', 'Sorry, your account has been disabled due to misuse.'));
break;
case SignInResult::NotActivated():
$not_activated = new XhtmlElement('li', 'You need to activate your account. Check your email inbox.');
$not_activated->AddControl('<input type="submit" name="resend" value="Send a new email" class="inlineButton" />');
$this->o_error_list->AddControl($not_activated);
break;
case SignInResult::NotFound():
$this->o_error_list->AddControl(new XhtmlElement('li', 'You tried to sign in with an incorrect email address and/or password. Please sign in again.'));
break;
}
}
}
/**
* Attempt to sign in to the website using the supplied username and password
*
* @param string $username
* @param string $password
* @param bool $enable_auto_sign_in
* @param bool $password_already_hashed
* @return SignInResult
*/
public function SignIn($username, $password, $enable_auto_sign_in = false, $password_already_hashed = false)
{
$user_id = $this->ValidateUser($username, $password, $password_already_hashed);
if (!$user_id) {
return SignInResult::NotFound();
}
$user = $this->ReadDataForValidUser($user_id);
$sign_in_result = $this->SignInValidUser($user, $enable_auto_sign_in);
return $sign_in_result;
}
