/**
* Returns the logged in user, or default user if not logged in
*
* @param string $uname
* @param string $upwd
*
* @return TBGUser
*/
public static function loginCheck($username = null, $password = null)
{
try {
$row = null;
// If no username and password specified, check if we have a session that exists already
if ($username === null && $password === null) {
if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) {
$username = TBGContext::getRequest()->getCookie('tbg3_username');
$password = TBGContext::getRequest()->getCookie('tbg3_password');
$row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, $password);
if (!$row) {
TBGContext::getResponse()->deleteCookie('tbg3_username');
TBGContext::getResponse()->deleteCookie('tbg3_password');
throw new Exception('No such login');
//TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login'));
}
}
}
// If we have authentication details, validate them
if (TBGSettings::getAuthenticationBackend() !== null && TBGSettings::getAuthenticationBackend() !== 'tbg' && $username !== null && $password !== null) {
TBGLogging::log('Authenticating with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO);
try {
$mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend());
if ($mod->getType() !== TBGModule::MODULE_AUTH) {
TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL);
throw new Exception('Invalid module type');
}
if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) {
$row = $mod->verifyLogin($username, $password);
} else {
$row = $mod->doLogin($username, $password);
}
if (!$row) {
// Invalid
TBGContext::getResponse()->deleteCookie('tbg3_username');
TBGContext::getResponse()->deleteCookie('tbg3_password');
throw new Exception('No such login');
//TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login'));
}
} catch (Exception $e) {
throw $e;
}
} elseif ($username !== null && $password !== null) {
TBGLogging::log('Using internal authentication', 'auth', TBGLogging::LEVEL_INFO);
// First test a pre-encrypted password
$row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, $password);
if (!$row) {
// Then test an unencrypted password
$row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, self::hashPassword($password));
if (!$row) {
// This is a legacy account from a 2.1 upgrade - try md5
$row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, md5($password));
if (!$row) {
// Invalid
TBGContext::getResponse()->deleteCookie('tbg3_username');
TBGContext::getResponse()->deleteCookie('tbg3_password');
throw new Exception('No such login');
//TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login'));
} else {
// convert md5 to new password type
$user = new TBGUser($row->get(TBGUsersTable::ID), $row);
$user->changePassword($password);
$user->save();
unset($user);
}
}
}
} elseif (TBGContext::isCLI()) {
$row = TBGUsersTable::getTable()->getByUsername(TBGContext::getCurrentCLIusername());
} elseif (!TBGSettings::isLoginRequired()) {
$row = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID());
}
if ($row) {
if (!$row->get(TBGScopesTable::ENABLED)) {
throw new Exception('This account belongs to a scope that is not active');
} elseif (!$row->get(TBGUsersTable::ACTIVATED)) {
throw new Exception('This account has not been activated yet');
} elseif (!$row->get(TBGUsersTable::ENABLED)) {
throw new Exception('This account has been suspended');
}
$user = TBGContext::factory()->TBGUser($row->get(TBGUsersTable::ID), $row);
} elseif (TBGSettings::isLoginRequired()) {
throw new Exception('Login required');
} else {
throw new Exception('No such login');
}
} catch (Exception $e) {
throw $e;
}
return $user;
}
