/**
* ACTION - User login.
*
* @access public
* @return View
* @since 1.0.2, 2013-12-07
* @version 1.0.7-dev, 2015-05-04
*/
public function actionLogin()
{
$this->setTitle(Core::getAppName() . ' - ' . __('Login form'));
$this->addBreadCrumb(__('Login form'));
$oLoggedUser = Model\User::getLoggedUser();
if ($oLoggedUser instanceof Model\User) {
Route::factory('user_profile')->redirectTo(['id' => $oLoggedUser->getId()]);
}
$failedLogins = \User\LoginFail::getCachedData();
if ($failedLogins > 4) {
return View::factory('base/alert')->set('sType', 'danger')->set('sMsg', __('to.many.incorrect.logins'));
}
$oLoginForm = Form::factory('login');
$oLoginForm->addField(Form\Field\Text::factory('login', $oLoginForm));
$oLoginForm->addField(Form\Field\Password::factory('password', $oLoginForm));
if ($oLoginForm->isSubmittedAndValid()) {
$sUsername = $oLoginForm->get('login');
$sPassword = $oLoginForm->get('password');
$sEncryptedPassword = Helper\Encrypter::factory()->encrypt($sUsername, $sPassword);
$oUser = DB::query("SELECT u FROM \\Model\\User u WHERE u.login = :login AND u.password = :pass")->param('login', $sUsername)->param('pass', $sEncryptedPassword)->single();
if ($oUser instanceof Model\User) {
Session::set('username', $sUsername);
Session::set('uid', (int) $oUser->getId());
$oUser->setLoginDateNOW();
DB::flush();
# Get role permissions for particular user and set them in session
\UserPermissions::reset();
Route::factory(Router::getCurrentRouteName())->redirectTo();
} else {
$currentUrl = Router::currentUrl();
$alert = __('You have entered wrong username or password. Try again.');
\User\LoginFail::addLoginFail();
Session::flash($currentUrl, $alert, 'danger');
}
}
$oLoginForm->addToSuffix(View::factory('user/frontend/login_links')->render());
return View::factory('base/form')->bind('oForm', $oLoginForm);
}
/**
* Set permissions to session.
*
* @static
* @access public
* @param array $aPermissions
* @since 1.0.0, 2015-01-10
* @version 1.0.0, 2015-01-10
*/
public static function setPerms(array $aPermissions)
{
static::$aPermissions = $aPermissions;
Session::set('permissions', array_values($aPermissions));
}
/**
* Get (generate) token for this form.
*
* @access public
* @return string
* @since 1.0.0-alpha
* @version 1.0.0-alpha
*/
public function getFormToken()
{
$sFormID = $this->getFormID();
$aFormTokens = Session::get('form_tokens');
if (!isset($aFormTokens[$sFormID]) || !is_array($aFormTokens[$sFormID]) || $aFormTokens[$sFormID][1] < time()) {
$sToken = base64_encode(openssl_random_pseudo_bytes(16));
$aFormTokens[$sFormID] = [$sToken, time() + 3600];
Session::set('form_tokens', $aFormTokens);
} else {
$sToken = $aFormTokens[$sFormID][0];
}
return $sToken;
}
