public function requireuserAction() { // 403 error -- authorization failed $this->getResponse()->setRawHeader($_SERVER['SERVER_PROTOCOL'] . '403 Forbidden'); $this->view->status = false; $this->view->error = Zend_Registry::get('Zend_Translate')->_('You are not authorized to access this resource.'); // Show the login form for them :P $this->view->form = $form = new User_Form_Login(); $form->addError('Please sign in to continue..'); $form->return_url->setValue(Zend_Controller_Front::getInstance()->getRouter()->assemble(array())); // Facebook login if (User_Model_DbTable_Facebook::authenticate($form)) { // Facebook login succeeded, redirect to home $this->_helper->redirector->gotoRoute(array(), 'home'); } }
public function loginAction() { // Already logged in if (Engine_Api::_()->user()->getViewer()->getIdentity()) { $this->view->status = false; $this->view->error = Zend_Registry::get('Zend_Translate')->_('You are already signed in.'); if (null === $this->_helper->contextSwitch->getCurrentContext()) { $this->_helper->redirector->gotoRoute(array(), 'home'); } return; } // Make form $this->view->form = $form = new User_Form_Login(); $form->populate(array('return_url' => $this->_getParam('return_url'))); // Facebook login if (User_Model_DbTable_Facebook::authenticate($form)) { // Facebook login succeeded, redirect to home $this->_helper->redirector->gotoRoute(array(), 'home'); } // Not a post if (!$this->getRequest()->isPost()) { $this->view->status = false; $this->view->error = Zend_Registry::get('Zend_Translate')->_('No action taken'); return; } // Form not valid if (!$form->isValid($this->getRequest()->getPost())) { $this->view->status = false; $this->view->error = Zend_Registry::get('Zend_Translate')->_('Invalid data'); return; } // Check login creds extract($form->getValues()); // $email, $password, $remember $user_table = Engine_Api::_()->getDbtable('users', 'user'); $user_select = $user_table->select()->where('email = ?', $email); // If post exists $user = $user_table->fetchRow($user_select); // Check if user exists if (empty($user)) { $this->view->status = false; $this->view->error = Zend_Registry::get('Zend_Translate')->_('No record of a member with that email was found.'); $form->addError(Zend_Registry::get('Zend_Translate')->_('No record of a member with that email was found.')); return; } // Check if user is verified and enabled if (!$user->verified || !$user->enabled) { $this->view->status = false; $translate = Zend_Registry::get('Zend_Translate'); $error = $translate->translate('This account still requires either email verification or admin approval.'); if (!empty($user) && !$user->verified) { $resend_url = $this->_helper->url->url(array('action' => 'resend', 'email' => $email), 'user_signup', true); $error .= ' '; $error .= sprintf($translate->translate('Click <a href="%s">here</a> to resend the email.'), $resend_url); } $form->getDecorator('errors')->setOption('escape', false); $form->addError($error); return; } // Version 3 Import compatibility if (empty($user->password)) { $compat = Engine_Api::_()->getApi('settings', 'core')->getSetting('core.compatibility.password'); $migration = null; try { $migration = Engine_Db_Table::getDefaultAdapter()->select()->from('engine4_user_migration')->where('user_id = ?', $user->getIdentity())->limit(1)->query()->fetch(); } catch (Exception $e) { $migration = null; $compat = null; } if (!$migration) { $compat = null; } if ($compat == 'import-version-3') { // Version 3 authentication $cryptedPassword = self::_version3PasswordCrypt($migration['user_password_method'], $migration['user_code'], $password); if ($cryptedPassword === $migration['user_password']) { // Regenerate the user password using the given password $user->salt = (string) rand(1000000, 9999999); $user->password = $password; $user->save(); Engine_Api::_()->user()->getAuth()->getStorage()->write($user->getIdentity()); // @todo should we delete the old migration row? } else { $this->view->status = false; $this->view->error = Zend_Registry::get('Zend_Translate')->_('Invalid credentials'); $form->addError(Zend_Registry::get('Zend_Translate')->_('Invalid credentials supplied')); return; } // End Version 3 authentication } else { $form->addError('There appears to be a problem logging in. Please reset your password with the Forgot Password link.'); return; } } else { $authResult = Engine_Api::_()->user()->authenticate($email, $password); $authCode = $authResult->getCode(); Engine_Api::_()->user()->setViewer(); if ($authCode != Zend_Auth_Result::SUCCESS) { $this->view->status = false; $this->view->error = Zend_Registry::get('Zend_Translate')->_('Invalid credentials'); $form->addError(Zend_Registry::get('Zend_Translate')->_('Invalid credentials supplied')); return; } } // -- Success! -- // Remember if ($remember) { $lifetime = 1209600; // Two weeks Zend_Session::getSaveHandler()->setLifetime($lifetime, true); Zend_Session::rememberMe($lifetime); } // Increment sign-in count Engine_Api::_()->getDbtable('statistics', 'core')->increment('user.logins'); // Test activity @todo remove $viewer = Engine_Api::_()->user()->getViewer(); if ($viewer->getIdentity()) { $viewer->lastlogin_date = date("Y-m-d H:i:s"); $viewer->lastlogin_ip = $_SERVER['REMOTE_ADDR']; $viewer->save(); Engine_Api::_()->getDbtable('actions', 'activity')->addActivity($viewer, $viewer, 'login'); } // Assign sid to view for json context $this->view->status = true; $this->view->message = Zend_Registry::get('Zend_Translate')->_('Login successful'); $this->view->sid = Zend_Session::getId(); $this->view->sname = Zend_Session::getOptions('name'); // Do redirection only if normal context if (null === $this->_helper->contextSwitch->getCurrentContext()) { // Redirect by form $uri = $form->getValue('return_url'); if ($uri) { return $this->_redirect($uri, array('prependBase' => false)); } // Redirect by session $session = new Zend_Session_Namespace('Redirect'); if (isset($session->uri)) { $uri = $session->uri; $opts = $session->options; $session->unsetAll(); return $this->_redirect($uri, $opts); } else { if (isset($session->route)) { $session->unsetAll(); return $this->_helper->redirector->gotoRoute($session->params, $session->route, $session->reset); } else { return $this->_helper->redirector->gotoRoute(array('action' => 'home'), 'user_general'); } } } }