// ------------------------------
// Check if group needs whitelist
$groupId = $user['group'];
$directusGroupsTableGateway = new DirectusGroupsTableGateway($acl, $ZendDb);
$group = $directusGroupsTableGateway->find($groupId);
if (1 == $group['restrict_to_ip_whitelist']) {
$directusIPWhitelist = new DirectusIPWhitelist($acl, $ZendDb);
if (!$directusIPWhitelist->hasIP($_SERVER['REMOTE_ADDR'])) {
return JsonView::render(array('message' => 'Request not allowed from IP address', 'success' => false, 'all_nonces' => $requestNonceProvider->getAllNonces()));
}
}
if (!$user) {
return JsonView::render($response);
}
// @todo: Login should fail on correct information when user is not active.
$response['success'] = Auth::login($user['id'], $user['password'], $user['salt'], $password);
// When the credentials are correct but the user is Inactive
$userHasStatusColumn = array_key_exists(STATUS_COLUMN_NAME, $user);
$isUserActive = false;
if ($userHasStatusColumn && $user[STATUS_COLUMN_NAME] == STATUS_ACTIVE_NUM) {
$isUserActive = true;
}
if ($response['success'] && !$isUserActive) {
Auth::logout();
$response['success'] = false;
$response['message'] = 'You do not have access to this system';
return JsonView::render($response);
}
if ($response['success']) {
unset($response['message']);
$response['last_page'] = json_decode($user['last_page']);
