/** * Processes a user login request and sets up the session if successful. * After calling this method, if $this->isLoggedIn() returns false, an * error occurred (which can be retrieved using $this->getLoginError()). * * @param string User's username. * @param string User's password. * @param boolean Log this login attempt in Login History? * @return void */ public function processLogin($username, $password, $addToHistory = true) { $db = DatabaseConnection::getInstance(); /* Is the login information supplied correct? Get the status flag. */ $users = new Users(-1); $loginStatus = $users->isCorrectLogin($username, $password); if ($loginStatus == LOGIN_INVALID_USER) { $this->_isLoggedIn = false; $this->_loginError = 'Invalid username or password.'; return; } $sql = sprintf("SELECT\n user.user_id AS userID,\n user.user_name AS username,\n user.password AS password,\n user.first_name AS firstName,\n user.last_name AS lastName,\n user.access_level AS accessLevel,\n user.site_id AS userSiteID,\n user.is_demo AS isDemoUser,\n user.email AS email,\n user.categories AS categories,\n user.pipeline_entries_per_page AS pipelineEntriesPerPage,\n user.column_preferences as columnPreferences,\n user.can_see_eeo_info as canSeeEEOInfo,\n site.name AS siteName,\n site.unix_name AS unixName,\n site.user_licenses AS userLicenses,\n site.company_id AS companyID,\n site.is_demo AS isDemo,\n site.account_active AS accountActive,\n site.account_deleted AS accountDeleted,\n site.time_zone AS timeZone,\n site.date_format_ddmmyy AS dateFormatDMY,\n site.is_free AS isFree,\n site.is_hr_mode AS isHrMode,\n site.first_time_setup as isFirstTimeSetup,\n site.localization_configured as isLocalizationConfigured,\n site.agreed_to_license as isAgreedToLicense,\n IF(site.last_viewed_day = CURDATE(), 1, 0) AS lastViewedDayIsToday\n FROM\n user\n LEFT JOIN site\n ON site.site_id = user.site_id\n WHERE\n user.user_name = %s", $db->makeQueryString($username)); $rs = $db->getAssoc($sql); /* Invalid username or password. */ if (!$rs || $db->isEOF()) { $this->_isLoggedIn = false; $this->_loginError = 'Invalid username or password.'; return; } if (isset($_SERVER['REMOTE_ADDR'])) { $ip = $_SERVER['REMOTE_ADDR']; } else { $ip = ''; } if (isset($_SERVER['HTTP_USER_AGENT'])) { $userAgent = $_SERVER['HTTP_USER_AGENT']; } else { $userAgent = ''; } switch ($loginStatus) { case LOGIN_INVALID_PASSWORD: $this->_isLoggedIn = false; $this->_loginError = 'Invalid username or password.'; /* Log the login as unsuccessful. */ if ($addToHistory) { $users->addLoginHistory($rs['userID'], $rs['userSiteID'], $ip, $userAgent, false); } break; case LOGIN_ROOT_ONLY: $this->_isLoggedIn = false; $this->_loginError = 'Only root administrators can login at this time.'; /* Log the login as unsuccessful. */ if ($addToHistory) { $users->addLoginHistory($rs['userID'], $rs['userSiteID'], $ip, $userAgent, false); } break; case LOGIN_DISABLED: $this->_isLoggedIn = false; $this->_loginError = 'Your account is disabled.'; /* Log the login as unsuccessful. */ if ($addToHistory) { $users->addLoginHistory($rs['userID'], $rs['userSiteID'], $ip, $userAgent, false); } break; case LOGIN_SUCCESS: $this->_username = $rs['username']; $this->_password = $rs['password']; $this->_userID = $rs['userID']; $this->_siteID = $rs['userSiteID']; $this->_firstName = $rs['firstName']; $this->_lastName = $rs['lastName']; $this->_siteName = $rs['siteName']; $this->_unixName = $rs['unixName']; $this->_userLicenses = $rs['userLicenses']; $this->_accessLevel = $rs['accessLevel']; $this->_realAccessLevel = $rs['accessLevel']; $this->_categories = explode(',', $rs['categories']); $this->_isASP = $rs['companyID'] != 0 ? true : false; $this->_isHrMode = $rs['isHrMode'] != 0 ? true : false; $this->_siteCompanyID = $rs['companyID'] != 0 ? $rs['companyID'] : -1; $this->_isFree = $rs['isFree'] == 0 ? false : true; $this->_isFirstTimeSetup = $rs['isFirstTimeSetup'] == 0 ? false : true; $this->_isLocalizationConfigured = $rs['isLocalizationConfigured'] == 0 ? false : true; $this->_isAgreedToLicense = $rs['isAgreedToLicense'] == 0 ? false : true; $this->_accountActive = $rs['accountActive'] == 0 ? false : true; $this->_accountDeleted = $rs['accountDeleted'] == 0 ? false : true; $this->_email = $rs['email']; $this->_ip = $ip; $this->_userAgent = $userAgent; $this->_timeZoneOffset = $rs['timeZone'] - OFFSET_GMT; $this->_timeZone = $rs['timeZone']; $this->_dateDMY = $rs['dateFormatDMY'] == 0 ? false : true; $this->_canSeeEEOInfo = $rs['canSeeEEOInfo'] == 0 ? false : true; $this->_pipelineEntriesPerPage = $rs['pipelineEntriesPerPage']; $this->_loggedInScript = CATSUtility::getDirectoryName(); /* SA's can always see EEO Info. */ if ($this->_accessLevel >= ACCESS_LEVEL_SA) { $this->_canSeeEEOInfo = true; } if ($rs['isDemo'] == '1' && $_SERVER['REMOTE_ADDR'] != '127.0.0.1' && ENABLE_DEMO_MODE && $rs['isDemoUser'] == 1) { $this->_isDemo = true; $this->_accessLevel = ACCESS_LEVEL_DEMO; } else { $this->_isDemo = false; } /* Account inactive. */ if ($this->_accountActive == 0) { $this->_accessLevel = ACCESS_LEVEL_READ; } /* Account deleted. */ if ($this->_accountDeleted == 1) { $this->_accessLevel = ACCESS_LEVEL_DISABLED; } if (strlen($rs['columnPreferences']) > 0 && $this->_isDemo == false) { $this->__dataGridColumnPreferences = unserialize($rs['columnPreferences']); } else { $this->__dataGridColumnPreferences = array(); } /* Log the login as successful. */ if ($addToHistory) { $userLoginID = $users->addLoginHistory($this->_userID, $this->_siteID, $this->_ip, $this->_userAgent, true); } else { $userLoginID = -1; } $this->_userLoginID = $userLoginID; $this->_isLoggedIn = true; if ($rs['lastViewedDayIsToday'] == 0) { $sql = sprintf("UPDATE\n site\n SET\n last_viewed_day = CURDATE(),\n page_view_days = page_view_days + 1\n WHERE\n site_id = %s", $this->_siteID); $rs = $db->query($sql); } $cookie = $this->getCookie(); $sql = sprintf("UPDATE\n user\n SET\n session_cookie = %s,\n force_logout = 0\n WHERE\n user_id = %s\n AND\n site_id = %s", $db->makeQueryString($cookie), $this->_userID, $this->_siteID); $rs = $db->query($sql); break; } }