public function setDynamicRules()
{
$context = $this->getContext();
$user = $context->getUser();
$request = $context->getRequest();
$module = $request->getParameter('module');
$action = $request->getParameter('action');
$cache = false;
$lifetime = 0;
$withLayout = false;
//the following actions will not be hard cached when access is restricted to admins only
$nuclearCachingExceptions = array('sfGuardAuth' => array('signin' => true), 'home' => array('contact' => true, 'join' => true, 'confirmed' => true, 'requested' => true, 'joined' => true, 'confirmEmail' => true, 'chat' => true));
//if access is restricted to admins only, pages not in the home module will be cached for a week
if (sfConfig::get('app_login_admin_only') == 'on' && (!$user->isAuthenticated() || !sfGuardUserTable::isAdmin($user->getGuardUser()->id)) && !isset($nuclearCachingExceptions[$module][$action])) {
$cache = true;
$withLayout = true;
$lifetime = self::WEEK_LIFETIME;
} elseif ($lifetime = self::$alwaysCached[$module][$action]) {
$cache = true;
$withLayout = $request->isXmlHttpRequest() || !$user->isAuthenticated();
} elseif (!$user->isAuthenticated() && ($lifetime = self::$outsideCached[$module][$action])) {
$cache = true;
$withLayout = true;
} elseif ($user->isAuthenticated() && ($lifetime = self::$insideCached[$module][$action])) {
$cache = true;
$withLayout = false;
}
if ($cache) {
$context->getViewCacheManager()->addCache($module, $action, array('withLayout' => $withLayout, 'lifeTime' => $lifetime));
}
}
public function executeSignin($request)
{
$user = $this->getUser();
if ($user->isAuthenticated()) {
return $this->redirect('@homepage');
}
if ($request->getParameter('no_layout')) {
$this->setLayout(false);
}
$this->form = new LoginForm();
if ($request->isMethod('post')) {
$this->form->bind($request->getParameter('signin'));
if ($this->form->isValid()) {
$values = $this->form->getValues();
//check that email has been confirmed
$profile = Doctrine::getTable('sfGuardUserProfile')->findOneByEmail($values['username']);
if (!$profile->is_confirmed) {
$request->setError('', "This email address hasn't been confirmed; check your inbox for an email with a confirmation link");
$this->getUser()->setAuthenticated(false);
return sfView::SUCCESS;
}
if (!$profile->User->is_active) {
$request->setError('', "This account is disabled; contact the system administrator");
$this->getUser()->setAuthenticated(false);
return sfView::SUCCESS;
}
//if logins restricted to admins only, check that they have admin powers
if (sfConfig::get('app_login_admin_only') == 'on') {
if (!sfGuardUserTable::isAdmin($profile->user_id)) {
$request->setError('', "Login has been disabled for non-administrators. Please try again later.");
$this->getUser()->setAuthenticated(false);
return sfView::SUCCESS;
}
}
$remember = isset($values['remember']);
$this->getUser()->signIn($values['user'], $remember);
if (!($signinUrl = $request->getParameter('referer'))) {
$signinUrl = sfConfig::get('app_sf_guard_plugin_success_signinUrl', $user->getReferer($request->getReferer()));
}
$url = LsRouting::generateUrlForRedirect($signinUrl);
return $this->redirect('' != $url ? $url : '@homepage');
}
} else {
if ($request->isXmlHttpRequest()) {
$this->getResponse()->setHeaderOnly(true);
$this->getResponse()->setStatusCode(401);
return sfView::NONE;
}
$user->setReferer($request->getReferer());
$module = sfConfig::get('sf_login_module');
if ($this->getModuleName() != $module) {
return $this->redirect($module . '/' . sfConfig::get('sf_login_action'));
}
}
}
public function execute($filterChain)
{
$context = $this->getContext();
$user = $context->getUser();
$firstCall = $this->isFirstCall();
//attempt to log in user if they have the sfRemember cookie
if (sfconfig::get('app_login_enabled') && $firstCall && (!$user->isAuthenticated() || !$user->getGuardUser())) {
if ($cookie = $context->getRequest()->getCookie(sfConfig::get('app_sf_guard_plugin_remember_cookie_name', 'sfRemember'))) {
$q = Doctrine_Query::create()->from('sfGuardRememberKey r')->innerJoin('r.sfGuardUser u')->where('r.remember_key = ?', $cookie);
//if login restricted to admins only
if (sfConfig::get('app_login_admin_only') == 'on') {
$q->leftJoin('u.sfGuardUserGroup g')->leftJoin('u.sfGuardUserPermission p')->andWhere('g.group_id = 1 OR p.permission_id = 1');
}
if ($q->count()) {
$user->signIn($q->fetchOne()->sfGuardUser);
} else {
$context->getResponse()->setCookie(sfConfig::get('app_sf_guard_plugin_remember_cookie_name', 'sfRemember'), false, time() - 86400);
}
}
}
if ($firstCall && sfConfig::get('app_login_admin_only') == 'on' && $user->isAuthenticated()) {
if (!sfGuardUserTable::isAdmin($user->getGuardUser()->id)) {
$options = $context->getStorage()->getOptions();
$cookieName = $options['session_name'];
$user->setAuthenticated(false);
$context->getResponse()->setCookie(sfConfig::get('app_sf_guard_plugin_remember_cookie_name', 'sfRemember'), false, time() - 86400);
$context->getResponse()->setCookie($cookieName, false, time() - 86400);
}
}
if (!sfconfig::get('app_login_enabled')) {
$user->signOut();
}
$filterChain->execute();
//set cookie to indicate whether user us logged in
if (sfconfig::get('app_login_enabled') && $user->isAuthenticated()) {
$context->getResponse()->setCookie('LittleSisUser', true);
} else {
$context->getResponse()->setCookie('LittleSisUser', false, time() - 86400);
}
}
