예제 #1
  * Logins on host CMS using any allowed authentication methods
  * @param  string          $username        The username
  * @param  string|boolean  $password        Well, The password OR strictly boolean false for login without password
  * @param  boolean         $rememberMe      If login should be remembered in a cookie to be sent back to user's browser
  * @param  boolean         $message         If an alert message should be prepared on successful login
  * @param  string          $return          IN & OUT: IN: return URL NOT SEFED for normal login completition (unless an event says different), OUT: redirection url (no htmlspecialchars) NOT SEFED
  * @param  array           $messagesToUser  OUT: messages to display to user (html)
  * @param  array           $alertMessages   OUT: messages to alert to user (text)
  * @param  int             $loginType       0: username, 1: email, 2: username or email, 3: username, email or CMS authentication
  * @param  string          $secretKey       secretKey used for two step authentication
  * @return string                           Error message if error
 public function login($username, $password, $rememberMe, $message, &$return, &$messagesToUser, &$alertMessages, $loginType = 0, $secretKey = null)
     global $_CB_framework, $ueConfig, $_PLUGINS;
     $returnURL = null;
     $loggedIn = false;
     if (!$username || !$password && $password !== false) {
         $resultError = CBTxt::T('LOGIN_INCOMPLETE', 'Please complete the username and password fields.');
     } else {
         $_PLUGINS->trigger('onBeforeLogin', array(&$username, &$password, &$secretKey));
         $resultError = null;
         $showSysMessage = true;
         $stopLogin = false;
         $firstLogin = false;
         $row = new UserTable();
         if ($_PLUGINS->is_errors()) {
             $resultError = $_PLUGINS->getErrorMSG();
         } else {
             $foundUser = false;
             // Try login by CB authentication trigger:
             $_PLUGINS->trigger('onLoginAuthentication', array(&$username, &$password, &$row, $loginType, &$foundUser, &$stopLogin, &$resultError, &$messagesToUser, &$alertMessages, &$return, &$secretKey));
             if (!$foundUser) {
                 if ($loginType != 2) {
                     // login by username:
                     $foundUser = $row->loadByUsername($username) && ($password === false || $row->verifyPassword($password));
                 if (!$foundUser && $loginType >= 1) {
                     // login by email:
                     $foundUser = $row->loadByEmail($username) && ($password === false || $row->verifyPassword($password));
                     if ($foundUser) {
                         $username = $row->username;
                 if (!$foundUser && $loginType > 2) {
                     // If no result, try login by CMS authentication:
                     if ($_CB_framework->login($username, $password, $rememberMe, null, $secretKey)) {
                         $foundUser = $row->load((int) $_CB_framework->myId());
                         // core user might not have username set, so we use id (bug #3303 fix)
                         $row->confirmed = 1;
                         $row->approved = 1;
                         // synchronizes with comprofiler table
                         $loggedIn = true;
             if ($foundUser) {
                 $returnPluginsOverrides = null;
                 $pluginResults = $_PLUGINS->trigger('onDuringLogin', array(&$row, 1, &$returnPluginsOverrides));
                 if ($returnPluginsOverrides) {
                     $return = $returnPluginsOverrides;
                 if (is_array($pluginResults) && count($pluginResults)) {
                     foreach ($pluginResults as $res) {
                         if (is_array($res)) {
                             if (isset($res['messagesToUser'])) {
                                 $messagesToUser[] = $res['messagesToUser'];
                             if (isset($res['alertMessage'])) {
                                 $alertMessages[] = $res['alertMessage'];
                             if (isset($res['showSysMessage'])) {
                                 $showSysMessage = $showSysMessage && $res['showSysMessage'];
                             if (isset($res['stopLogin'])) {
                                 $stopLogin = $stopLogin || $res['stopLogin'];
                 if ($_PLUGINS->is_errors()) {
                     $resultError = $_PLUGINS->getErrorMSG();
                 } elseif ($stopLogin) {
                     // login stopped: don't even check for errors...
                 } elseif ($row->approved == 2) {
                     $resultError = CBTxt::T('LOGIN_REJECTED', 'Your sign up request was rejected!');
                 } elseif ($row->confirmed != 1) {
                     if ($row->cbactivation == '') {
                         // just in case the activation code was missing
                     $cbNotification = new cbNotification();
                     $cbNotification->sendFromSystem($row->id, CBTxt::T(stripslashes($ueConfig['reg_pend_appr_sub'])), CBTxt::T(stripslashes($ueConfig['reg_pend_appr_msg'])), true, isset($ueConfig['reg_email_html']) ? (int) $ueConfig['reg_email_html'] : 0);
                     $resultError = CBTxt::T('LOGIN_NOT_CONFIRMED', 'Your sign up process is not yet complete! Please check again your email for further instructions that have just been resent. If you don\'t find the email, check your spam-box. Make sure that your email account options are not set to immediately delete spam. If that was the case, just try logging in again to receive a new instructions email.');
                 } elseif ($row->approved == 0) {
                     $resultError = CBTxt::T('LOGIN_NOT_APPROVED', 'Your account has not yet been approved!');
                 } elseif ($row->block == 1) {
                     $resultError = CBTxt::T('LOGIN_BLOCKED', 'Your login is blocked.');
                 } elseif ($row->lastvisitDate == '0000-00-00 00:00:00') {
                     $firstLogin = true;
                     if (isset($ueConfig['reg_first_visit_url']) and $ueConfig['reg_first_visit_url'] != "") {
                         $return = $ueConfig['reg_first_visit_url'];
                     } else {
                         if ($returnPluginsOverrides) {
                             $return = $returnPluginsOverrides;
                             // by default return to homepage on first login (or on page overridden by plugin).
                     $_PLUGINS->trigger('onBeforeFirstLogin', array(&$row, $username, $password, &$return, $secretKey));
                     if ($_PLUGINS->is_errors()) {
                         $resultError = $_PLUGINS->getErrorMSG("<br />");
             } else {
                 if ($loginType < 2) {
                     $resultError = CBTxt::T('LOGIN_INCORRECT_USER_NOT_FOUND LOGIN_INCORRECT', 'Incorrect username or password. Please try again.');
                 } else {
                     $resultError = CBTxt::T('UE_INCORRECT_EMAIL_OR_PASSWORD', 'Incorrect email or password. Please try again.');
         if ($resultError) {
             if ($showSysMessage) {
                 $alertMessages[] = $resultError;
         } elseif (!$stopLogin) {
             if (!$loggedIn) {
                 $_PLUGINS->trigger('onDoLoginNow', array($username, $password, $rememberMe, &$row, &$loggedIn, &$resultError, &$messagesToUser, &$alertMessages, &$return, $secretKey));
             if (!$loggedIn) {
                 $_CB_framework->login($username, $password, $rememberMe, null, $secretKey);
                 $loggedIn = true;
             if ($firstLogin) {
                 $_PLUGINS->trigger('onAfterFirstLogin', array(&$row, $loggedIn));
             $_PLUGINS->trigger('onAfterLogin', array(&$row, $loggedIn));
             if ($loggedIn && $message && $showSysMessage) {
                 $alertMessages[] = CBTxt::T('LOGIN_SUCCESS', 'You have successfully logged in');
             if (!$loggedIn) {
                 $resultError = CBTxt::T('LOGIN_INCORRECT_USER_AUTHENTICATION_FAILED LOGIN_INCORRECT', 'Incorrect username or password. Please try again.');
             // changing com_comprofiler to comprofiler is a quick-fix for SEF ON on return path...
             if ($return && !(strpos($return, 'comprofiler') && (strpos($return, 'login') || strpos($return, 'logout') || strpos($return, 'registers') || strpos(strtolower($return), 'lostpassword')))) {
                 // checks for the presence of a return url
                 // and ensures that this url is not the registration or login pages
                 $returnURL = $return;
             } elseif (!$returnURL) {
                 $returnURL = 'index.php';
     if (!$loggedIn) {
         $_PLUGINS->trigger('onLoginFailed', array(&$resultError, &$returnURL));
     $return = $returnURL;
     return $resultError;