/** * Initialize login plugin if path matches. */ public function initializeSession() { // Check to ensure sessions are enabled. if ($this->grav['config']->get('system.session.enabled') === false) { throw new \RuntimeException('The Login plugin requires "system.session" to be enabled'); } // Autoload classes $autoload = __DIR__ . '/vendor/autoload.php'; if (!is_file($autoload)) { throw new \Exception('Login Plugin failed to load. Composer dependencies not met.'); } require_once $autoload; // Define current user service. $this->grav['user'] = function ($c) { /** @var Grav $c */ $session = $c['session']; if (!isset($session->user)) { $session->user = new User(); if ($c['config']->get('plugins.login.rememberme.enabled')) { $controller = new Controller($c, ''); $rememberMe = $controller->rememberMe(); // If we can present the correct tokens from the cookie, we are logged in $username = $rememberMe->login(); if ($username) { // Normal login process $user = User::load($username); if ($user->exists()) { // There is a chance that an attacker has stolen // the login token, so we store the fact that // the user was logged in via RememberMe // (instead of login form) $session->remember_me = $rememberMe; $session->user = $user; } } // Check if the token was invalid if ($rememberMe->loginTokenWasInvalid()) { $controller->setMessage($c['language']->translate('PLUGIN_LOGIN.REMEMBER_ME_STOLEN_COOKIE')); } } } return $session->user; }; }
/** * Initialize login plugin if path matches. */ public function initialize() { /** @var Uri $uri */ $uri = $this->grav['uri']; // Check to ensure sessions are enabled. if ($this->grav['config']->get('system.session.enabled') === false) { throw new \RuntimeException('The Login plugin requires "system.session" to be enabled'); } /** @var Grav\Common\Session */ $session = $this->grav['session']; // Autoload classes $autoload = __DIR__ . '/vendor/autoload.php'; if (!is_file($autoload)) { throw new \Exception('Login Plugin failed to load. Composer dependencies not met.'); } require_once $autoload; // Define session message service. $this->grav['messages'] = function ($c) { $session = $c['session']; if (!isset($session->messages)) { $session->messages = new Message(); } return $session->messages; }; // Define current user service. $this->grav['user'] = function ($c) { $session = $c['session']; if (!isset($session->user)) { $session->user = new User(); if ($c['config']->get('plugins.login.rememberme.enabled')) { $controller = new Login\Controller($c, ''); $rememberMe = $controller->rememberMe(); // If we can present the correct tokens from the cookie, we are logged in $username = $rememberMe->login(); if ($username) { // Normal login process $user = User::load($username); if ($user->exists()) { // There is a chance that an attacker has stolen // the login token, so we store the fact that // the user was logged in via RememberMe // (instead of login form) $session->remember_me = $rememberMe; $session->user = $user; } } // Check if the token was invalid if ($rememberMe->loginTokenWasInvalid()) { $controller->setMessage($c['language']->translate('PLUGIN_LOGIN.REMEMBER_ME_STOLEN_COOKIE')); } } } return $session->user; }; // Manage OAuth login $task = !empty($_POST['task']) ? $_POST['task'] : $uri->param('task'); if (!$task && isset($_POST['oauth']) || !empty($_GET) && $session->oauth) { $this->oauthController(); } // Aborted OAuth authentication (invalidate it) unset($session->oauth); $admin_route = $this->config->get('plugins.admin.route'); // Register route to login page if it has been set. if ($uri->path() != $admin_route && substr($uri->path(), 0, strlen($admin_route) + 1) != $admin_route . '/') { $this->route = $this->config->get('plugins.login.route'); } if ($this->route && $this->route == $uri->path()) { $this->enable(['onPagesInitialized' => ['addLoginPage', 0]]); } if ($uri->path() == $this->config->get('plugins.login.route_forgot')) { $this->enable(['onPagesInitialized' => ['addForgotPage', 0]]); } if ($uri->path() == $this->config->get('plugins.login.route_reset')) { $this->enable(['onPagesInitialized' => ['addResetPage', 0]]); } if ($uri->path() == $this->config->get('plugins.login.route_register')) { $this->enable(['onPagesInitialized' => ['addRegisterPage', 0]]); } if ($uri->path() == $this->config->get('plugins.login.route_activate')) { $this->enable(['onPagesInitialized' => ['handleUserActivation', 0]]); } }