/**
* Show and process login form
*
* @param void
* @return null
*/
function login()
{
include_once ROOT . "/library/browser/Browser.php";
if (Browser::instance()->getBrowser() == Browser::BROWSER_IE && Browser::instance()->getVersion() < 7) {
flash_error(lang("ie browser outdated"));
}
$this->addHelper('form');
if (function_exists('logged_user') && (logged_user() instanceof Contact && logged_user()->isUser())) {
$ref_controller = null;
$ref_action = null;
$ref_params = array();
foreach ($_GET as $k => $v) {
if (str_starts_with($k, 'ref_')) {
$ref_var_name = trim(substr($k, 4, strlen($k)));
switch ($ref_var_name) {
case 'c':
$ref_controller = $v;
break;
case 'a':
$ref_action = $v;
break;
default:
$ref_params[$ref_var_name] = $v;
}
// switch
}
// if
}
// if
$this->redirectTo($ref_controller, $ref_action, $ref_params);
}
// if
$login_data = array_var($_POST, 'login');
$localization = array_var($_POST, 'configOptionSelect');
if (!is_array($login_data)) {
$login_data = array();
foreach ($_GET as $k => $v) {
if (str_starts_with($k, 'ref_')) {
$login_data[htmlspecialchars($k)] = htmlspecialchars($v);
}
}
// foreach
}
// if
tpl_assign('login_data', $login_data);
if (is_array(array_var($_POST, 'login'))) {
$username = array_var($login_data, 'username');
$password = array_var($login_data, 'password');
$remember = array_var($login_data, 'remember') == 'checked';
if (config_option('block_login_after_x_tries')) {
$from_time = DateTimeValueLib::now();
$from_time = $from_time->add('m', -10);
$sec_logs = AdministrationLogs::getLastLogs(AdministrationLogs::ADM_LOG_CATEGORY_SECURITY, "invalid login", array_var($_SERVER, 'REMOTE_ADDR'), 10, "`created_on` > '" . $from_time->toMySQL() . "'");
if (is_array($sec_logs) && count($sec_logs) >= 5) {
AdministrationLogs::createLog("invalid login", array_var($_SERVER, 'REMOTE_ADDR'), AdministrationLogs::ADM_LOG_CATEGORY_SECURITY);
tpl_assign('error', new Error(lang('invalid login data')));
$this->render();
}
}
if (trim($username) == '') {
AdministrationLogs::createLog("invalid login", array_var($_SERVER, 'REMOTE_ADDR'), AdministrationLogs::ADM_LOG_CATEGORY_SECURITY);
tpl_assign('error', new Error(lang('username value missing')));
$this->render();
}
// if
if (trim($password) == '') {
AdministrationLogs::createLog("invalid login", array_var($_SERVER, 'REMOTE_ADDR'), AdministrationLogs::ADM_LOG_CATEGORY_SECURITY);
tpl_assign('error', new Error(lang('password value missing')));
$this->render();
}
// if
if (preg_match(EMAIL_FORMAT, $username)) {
$user = Contacts::getByEmail($username);
} else {
$user = Contacts::getByUsername($username);
}
if (!($user instanceof Contact && $user->isUser()) || $user->getDisabled()) {
AdministrationLogs::createLog("invalid login", array_var($_SERVER, 'REMOTE_ADDR'), AdministrationLogs::ADM_LOG_CATEGORY_SECURITY);
tpl_assign('error', new Error(lang('invalid login data')));
$this->render();
}
// if
$userIsValidPassword = false;
// If ldap authentication is enabled ldap.config.php will return true.
$config_ldap_file_path = ROOT . '/config/ldap.config.php';
$config_ldap_is_set = file_exists($config_ldap_file_path) && (include_once $config_ldap_file_path);
if ($config_ldap_is_set === true) {
$userIsValidPassword = $user->isValidPasswordLdap($username, $password, $config_ldap);
}
if (!$userIsValidPassword) {
$userIsValidPassword = $user->isValidPassword($password);
}
if (!$userIsValidPassword) {
AdministrationLogs::createLog("invalid login", array_var($_SERVER, 'REMOTE_ADDR'), AdministrationLogs::ADM_LOG_CATEGORY_SECURITY);
tpl_assign('error', new Error(lang('invalid login data')));
$this->render();
}
// if
//Start change user language
if ($localization != 'Default' && self::check_valid_localization($localization)) {
set_user_config_option('localization', $localization, $user->getId());
}
$ref_controller = null;
$ref_action = null;
$ref_params = array();
foreach ($login_data as $k => $v) {
if (str_starts_with($k, 'ref_')) {
$ref_var_name = trim(substr($k, 4, strlen($k)));
switch ($ref_var_name) {
case 'c':
$ref_controller = $v;
break;
case 'a':
$ref_action = $v;
break;
default:
$ref_params[$ref_var_name] = $v;
}
// switch
}
// if
}
// if
if (!count($ref_params)) {
$ref_params = null;
}
if (ContactPasswords::validatePassword($password)) {
$newest_password = ContactPasswords::getNewestContactPassword($user->getId());
if (!$newest_password instanceof ContactPassword) {
$user_password = new ContactPassword();
$user_password->setContactId($user->getId());
$user_password->setPasswordDate(DateTimeValueLib::now());
$user_password->setPassword(cp_encrypt($password, $user_password->getPasswordDate()->getTimestamp()));
$user_password->password_temp = $password;
$user_password->save();
} else {
if (ContactPasswords::isContactPasswordExpired($user->getId())) {
$this->redirectTo('access', 'change_password', array('id' => $user->getId(), 'msg' => 'expired', 'ref_c' => $ref_controller, 'ref_a' => $ref_action, $ref_params));
}
}
} else {
$this->redirectTo('access', 'change_password', array('id' => $user->getId(), 'msg' => 'invalid', 'ref_c' => $ref_controller, 'ref_a' => $ref_action, $ref_params));
}
try {
CompanyWebsite::instance()->logUserIn($user, $remember);
$ip = get_ip_address();
ApplicationLogs::createLog($user, ApplicationLogs::ACTION_LOGIN, false, false, true, $ip);
} catch (Exception $e) {
tpl_assign('error', new Error(lang('invalid login data')));
$this->render();
}
// try
if ($ref_controller && $ref_action) {
$this->redirectTo($ref_controller, $ref_action, $ref_params);
} else {
$this->redirectTo('access', 'index');
}
// if
}
// if
}
/**
* This function will return paginated result. Result is an array where first element is
* array of returned object and second populated pagination object that can be used for
* obtaining and rendering pagination data using various helpers.
*
* Items and pagination array vars are indexed with 0 for items and 1 for pagination
* because you can't use associative indexing with list() construct
*
* @access public
* @param array $arguments Query argumens (@see find()) Limit and offset are ignored!
* @param integer $items_per_page Number of items per page
* @param integer $current_page Current page number
* @return array
*/
function paginate($arguments = null, $items_per_page = 10, $current_page = 1) {
if(isset($this) && instance_of($this, 'AdministrationLogs')) {
return parent::paginate($arguments, $items_per_page, $current_page);
} else {
return AdministrationLogs::instance()->paginate($arguments, $items_per_page, $current_page);
//$instance =& AdministrationLogs::instance();
//return $instance->paginate($arguments, $items_per_page, $current_page);
} // if
} // paginate
/**
* Return manager instance
*
* @access protected
* @param void
* @return AdministrationLogs
*/
function manager()
{
if (!$this->manager instanceof AdministrationLogs) {
$this->manager = AdministrationLogs::instance();
}
return $this->manager;
}
/**
* Return manager instance
*
* @access protected
* @param void
* @return AdministrationLogs
*/
function manager() {
if(!($this->manager instanceof AdministrationLogs)) $this->manager = AdministrationLogs::instance();
return $this->manager;
} // manager
