}
} else {
// create new session object and store it in PHP session
$gCurrentSession = new Session($gDb, $gSessionId);
$_SESSION['gCurrentSession'] = $gCurrentSession;
// create system component
$gSystemComponent = new Component($gDb);
$gSystemComponent->readDataByColumns(array('com_type' => 'SYSTEM', 'com_name_intern' => 'CORE'));
$gCurrentSession->addObject('gSystemComponent', $gSystemComponent);
// if cookie ADMIDIO_DATA is set then there could be an auto login
// the auto login must be done here because after that the corresponding organization must be set
if (array_key_exists($gCookiePraefix . '_DATA', $_COOKIE)) {
// restore user from auto login session
$autoLogin = new AutoLogin($gDb, $gSessionId);
$autoLogin->setValidLogin($gCurrentSession, $_COOKIE[$gCookiePraefix . '_DATA']);
$userIdAutoLogin = $autoLogin->getValue('atl_usr_id');
// create object of the organization of config file with their preferences
if ($autoLogin->getValue('atl_org_id') > 0) {
$gCurrentOrganization = new Organization($gDb, $autoLogin->getValue('atl_org_id'));
} else {
$gCurrentOrganization = new Organization($gDb, $g_organization);
}
} else {
// create object of the organization of config file with their preferences
$gCurrentOrganization = new Organization($gDb, $g_organization);
}
if ($gCurrentOrganization->getValue('org_id') === 0) {
// organization not found
exit('<div style="color: #cc0000;">Error: The organization of the config.php could not be found in the database!</div>');
}
// add the organization to the session
/**
* Check if a valid password is set for the user and return true if the correct password
* was set. Optional the current session could be updated to a valid login session.
* @param string $password The password for the current user. This should not be encoded.
* @param bool $setAutoLogin If set to true then this login will be stored in AutoLogin table
* and the user doesn't need to login another time with this browser.
* To use this functionality @b $updateSessionCookies must be set to true.
* @param bool $updateSessionCookies The current session will be updated to a valid login.
* If set to false then the login is only valid for the current script.
* @return true Return true if the correct password for this user was given to this method.
* @throws AdmException SYS_LOGIN_FAILED
* SYS_LOGIN_FAILED
* SYS_PASSWORD_UNKNOWN
*/
public function checkLogin($password, $setAutoLogin = false, $updateSessionCookies = true)
{
global $gPreferences, $gCookiePraefix, $gCurrentSession, $gSessionId;
if ($this->getValue('usr_number_invalid') >= 3) {
// if within 15 minutes 3 wrong login took place -> block user account for 15 minutes
if (time() - strtotime($this->getValue('usr_date_invalid', 'Y-m-d H:i:s')) < 900) {
$this->clear();
throw new AdmException('SYS_LOGIN_FAILED');
}
}
if ($this->checkPassword($password)) {
if ($updateSessionCookies) {
$gCurrentSession->setValue('ses_usr_id', $this->getValue('usr_id'));
$gCurrentSession->save();
}
// soll der Besucher automatisch eingeloggt bleiben, dann verfaellt das Cookie erst nach einem Jahr
if ($setAutoLogin && $gPreferences['enable_auto_login'] == 1) {
$timestamp_expired = time() + 60 * 60 * 24 * 365;
$autoLogin = new AutoLogin($this->db, $gSessionId);
// falls bereits ein Autologin existiert (Doppelanmeldung an 1 Browser),
// dann kein Neues anlegen, da dies zu 'Duplicate Key' fuehrt
if ($autoLogin->getValue('atl_usr_id') === '') {
$autoLogin->setValue('atl_session_id', $gSessionId);
$autoLogin->setValue('atl_usr_id', $this->getValue('usr_id'));
$autoLogin->save();
}
} else {
$timestamp_expired = 0;
$this->setValue('usr_last_session_id', null);
}
if ($updateSessionCookies) {
// Cookies fuer die Anmeldung setzen und evtl. Ports entfernen
$domain = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':'));
setcookie($gCookiePraefix . '_ID', $gSessionId, $timestamp_expired, '/', $domain, 0);
// User-Id und Autologin auch noch als Cookie speichern
// vorher allerdings noch serialisieren, damit der Inhalt nicht so einfach ausgelesen werden kann
setcookie($gCookiePraefix . '_DATA', $setAutoLogin . ';' . $this->getValue('usr_id'), $timestamp_expired, '/', $domain, 0);
// count logins and update login dates
$this->saveChangesWithoutRights();
$this->updateLoginData();
}
return true;
} else {
// log invalid logins
if ($this->getValue('usr_number_invalid') >= 3) {
$this->setValue('usr_number_invalid', 1);
} else {
$this->setValue('usr_number_invalid', $this->getValue('usr_number_invalid') + 1);
}
$this->setValue('usr_date_invalid', DATETIME_NOW);
$this->save(false);
// don't update timestamp
$this->clear();
if ($this->getValue('usr_number_invalid') >= 3) {
throw new AdmException('SYS_LOGIN_FAILED');
} else {
throw new AdmException('SYS_PASSWORD_UNKNOWN');
}
}
}
