public function executeLogin() { $this->document()->title = t('Login'); $this->setLayout('login'); $this->setView('Login/default'); /** @var CMSBackendAuth $backendAuth */ $backendAuth = CMSBackendAuth::getInstance(); $comeback = $this->get('r'); $comeback = null != $comeback ? urldecode($comeback) : '/'; if ($backendAuth->isCMSBackendAuthenticated()) { $this->redirect($comeback); } $display = $this->post('credential'); if (!$display) { $display = Factory::getCookie()->read('username'); } $languages = \Languages::getAllActiveLanguages('lang_code'); $error = array(); if ($this->request()->isPostRequest()) { //check captcha first $password = $this->post('password'); $credential = $this->post('credential'); //don't care display name $chosen_lang = $this->post('language'); Factory::getCookie()->write('language', $chosen_lang); /*$captcha = $this->post('captcha');*/ Factory::getCookie()->write('username', $credential); /*if(Math::check($captcha)==false) { $error[] = t('Sai rồi, tính nhẩm kém quá'); }*/ if (empty($error) && true === ($result = $backendAuth->authenticate($credential, $password))) { //authenticated, redirect to pre-page $this->redirect($comeback); } else { if (isset($result)) { switch ($result) { case CMSBackendAuth::ERROR_USER_NOT_ACCESS_ADMIN: $error[] = t('Restricted area, no permission'); break; case CMSBackendAuth::ERROR_CREDENTIAL_INVALID: $error[] = t('Plz re-enter your email or your password'); break; case CMSBackendAuth::ERROR_UNKNOWN_IDENTITY: $error[] = t('Unknown identity'); break; default: $error[] = t('Login fail'); } } } } $this->view()->assign('display', $display); $this->view()->assign('error', $error); $this->view()->assign('current_lang', $this->currentLang ? $this->currentLang->getLangCode() : ''); $this->view()->assign('languages', $languages); return $this->renderComponent(); }
/** * @param bool $autoGen set auto generate token if not exist * @return mixed|string */ public function getCsrfToken($autoGen = true) { $cookie = Factory::getCookie(); $token = $cookie->readSecure('csrf'); if (null == $token && $autoGen) { $token = $this->_generateCsrfToken(); $cookie->writeSecure('csrf', $token, 7200); } return $token; }
/** * load languages */ private function _loadLanguage() { $i18nCfg = ConfigHandler::get('i18n'); if (!$i18nCfg['enable']) { return null; } $current_lang_code = $this->get('lang'); if (!$current_lang_code) { $current_lang_code = Factory::getCookie()->read('language'); } if (!$current_lang_code) { $this->currentLang = \Languages::retrieveByDefault(1); $current_lang_code = $this->currentLang->getLangCode(); } else { $this->currentLang = \Languages::retrieveByLangCode($current_lang_code); } if ($current_lang_code) { Factory::getCookie()->write('language', $current_lang_code); } //load message $translator = Translator::getInstance(); $translator->setLocale($current_lang_code); if ($translator) { $translator->addLoader('yml', new YamlFileLoader()); if (isset($i18nCfg['resource']) && is_array($i18nCfg['resource'])) { foreach ($i18nCfg['resource'] as $locale => $files) { for ($i = 0, $size = sizeof($files); $i < $size; ++$i) { $fileInfo = new \SplFileInfo($files[$i]); $filename = $fileInfo->getFilename(); $ext = $fileInfo->getExtension(); if ($ext == 'yml') { $domain = str_replace('.' . $fileInfo->getExtension(), '', $fileInfo->getFilename()); $translator->addResource('yml', $files[$i], $locale, $domain); } } } } } }
private function _clearCookie() { Factory::getCookie()->writeSecure('auth', null, -100000); }
/** * Performs the CSRF validation. * The default implementation will compare the CSRF token obtained * from a cookie and from a POST field. If they are different, a CSRF attack is detected. */ public function validateCsrfToken() { if (($this->isPostRequest() || $this->isPutRequest() || $this->isDeleteRequest()) && !$this->isXmlHttpRequest()) { $cookie = Factory::getCookie(); $token = $this->getCsrfToken(false); $method = $this->getMethod(); if (!$token) { return false; } $user_token_value = false; switch ($method) { case 'POST': $user_token_value = $this->post($token, 'BOOLEAN', false); break; case 'PUT': $user_token_value = $this->put($token, 'BOOLEAN', false); break; case 'DELETE': $user_token_value = $this->delete($token, 'BOOLEAN', false); } return true === $user_token_value; } return true; }
protected function _initLanguages() { $this->languages = \Languages::findByPublished(true); if (sizeof($this->languages) < 2) { $this->currentLang = $this->languages[0]; return; } $currentLangCode = $this->request()->get('lang'); if (!$currentLangCode) { $currentLangCode = Factory::getCookie()->read('lang'); } if (!$currentLangCode) { $this->currentLang = \Languages::findOneByDefault(true); $currentLangCode = $this->currentLang->getLangCode(); } Factory::getCookie()->write('lang', $currentLangCode); if (Factory::getRouter()->getUrl() == '/' && !$this->request()->get('lang')) { $this->redirect($currentLangCode); } if (!$this->currentLang) { $this->currentLang = \Languages::findOneByLangCode($currentLangCode); } $translator = Translator::getInstance(); $translator->setLocale($currentLangCode); Cms::$currentLang = $this->currentLang; }