/** * Displays the login page * @param object $formModel * @param bool $isMobile Whether this was called from mobile site controller */ public function login(LoginForm $model, $isMobile = false) { $model->attributes = $_POST['LoginForm']; // get user input data Session::cleanUpSessions(); $ip = $this->owner->getRealIp(); $userModel = $model->getUser(); $isRealUser = $userModel instanceof User; $effectiveUsername = $isRealUser ? $userModel->username : $model->username; $isActiveUser = $isRealUser && $userModel->status == User::STATUS_ACTIVE; /* increment count on every session with this user/IP, to prevent brute force attacks using session_id spoofing or whatever */ Yii::app()->db->createCommand('UPDATE x2_sessions SET status=status-1,lastUpdated=:time WHERE user=:name AND CAST(IP AS CHAR)=:ip AND status BETWEEN -2 AND 0')->bindValues(array(':time' => time(), ':name' => $effectiveUsername, ':ip' => $ip))->execute(); $activeUser = Yii::app()->db->createCommand()->select('username')->from('x2_users')->where('username=:name AND status=1', array(':name' => $model->username))->limit(1)->queryScalar(); // get the correctly capitalized username if (isset($_SESSION['sessionId'])) { $sessionId = $_SESSION['sessionId']; } else { $sessionId = $_SESSION['sessionId'] = session_id(); } $session = X2Model::model('Session')->findByPk($sessionId); /* get the number of failed login attempts from this IP within timeout interval. If the number of login attempts exceeds maximum, display captcha */ $badAttemptsRefreshTimeout = 900; $maxFailedLoginAttemptsPerIP = 100; $maxLoginsBeforeCaptcha = 5; $this->pruneTimedOutBans($badAttemptsRefreshTimeout); $failedLoginRecord = FailedLogins::model()->findActiveByIp($ip); $badAttemptsWithThisIp = $failedLoginRecord ? $failedLoginRecord->attempts : 0; if ($badAttemptsWithThisIp >= $maxFailedLoginAttemptsPerIP) { $this->recordFailedLogin($ip); throw new CHttpException(403, Yii::t('app', 'You are not authorized to use this application')); } // if this client has already tried to log in, increment their attempt count if ($session === null) { $session = new Session(); $session->id = $sessionId; $session->user = $model->getSessionUserName(); $session->lastUpdated = time(); $session->status = 0; $session->IP = $ip; } else { $session->lastUpdated = time(); $session->user = $model->getSessionUserName(); } if ($isActiveUser === false) { $model->verifyCode = ''; // clear captcha code $model->validate(); // validate captcha if it's being used $this->recordFailedLogin($ip); $session->save(); if ($badAttemptsWithThisIp + 1 >= $maxFailedLoginAttemptsPerIP) { throw new CHttpException(403, Yii::t('app', 'You are not authorized to use this application')); } else { if ($badAttemptsWithThisIp >= $maxLoginsBeforeCaptcha - 1) { $model->useCaptcha = true; $model->setScenario('loginWithCaptcha'); $session->status = -2; } } } else { if ($model->validate() && $model->login()) { // user successfully logged in if ($model->rememberMe) { foreach (array('username', 'rememberMe') as $attr) { // Expires in 30 days AuxLib::setCookie(CHtml::resolveName($model, $attr), $model->{$attr}, 2592000); } } else { foreach (array('username', 'rememberMe') as $attr) { // Remove the cookie if they unchecked the box AuxLib::clearCookie(CHtml::resolveName($model, $attr)); } } // We're not using the isAdmin parameter of the application // here because isAdmin in this context hasn't been set yet. $isAdmin = Yii::app()->user->checkAccess('AdminIndex'); if ($isAdmin && !$isMobile) { $this->owner->attachBehavior('updaterBehavior', new UpdaterBehavior()); $this->owner->checkUpdates(); // check for updates if admin } else { Yii::app()->session['versionCheck'] = true; } // ...or don't $session->status = 1; $session->save(); SessionLog::logSession($model->username, $sessionId, 'login'); $_SESSION['playLoginSound'] = true; if (YII_UNIT_TESTING && defined('X2_DEBUG_EMAIL') && X2_DEBUG_EMAIL) { Yii::app()->session['debugEmailWarning'] = 1; } // if ( isset($_POST['themeName']) ) { // $profile = X2Model::model('Profile')->findByPk(Yii::app()->user->id); // $profile->theme = array_merge( // $profile->theme, // ThemeGenerator::loadDefault( $_POST['themeName']) // ); // $profile->save(); // } LoginThemeHelper::login(); if ($isMobile) { $this->owner->redirect($this->owner->createUrl('/mobile/home')); } else { if (Yii::app()->user->returnUrl == '/site/index') { $this->owner->redirect(array('/site/index')); } else { // after login, redirect to wherever $this->owner->redirect(Yii::app()->user->returnUrl); } } } else { // login failed $model->verifyCode = ''; // clear captcha code $this->recordFailedLogin($ip); $session->save(); if ($badAttemptsWithThisIp + 1 >= $maxFailedLoginAttemptsPerIP) { throw new CHttpException(403, Yii::t('app', 'You are not authorized to use this application')); } else { if ($badAttemptsWithThisIp >= $maxLoginsBeforeCaptcha - 1) { $model->useCaptcha = true; $model->setScenario('loginWithCaptcha'); $session->status = -2; } } } } $model->rememberMe = false; }
public static function render() { $th = new LoginThemeHelper(); ThemeGenerator::renderTheme($th->currentTheme); echo $th->formHtml(); }
</script> <?php $form = $this->beginWidget('CActiveForm', array('id' => 'login-form-outer', 'enableClientValidation' => false, 'enableAjaxValidation' => false, 'clientOptions' => array('validateOnSubmit' => false))); ?> <div class="form" id="login-form"> <?php if (isset($_POST['themeName'])) { echo CHtml::hiddenField('themeName', $_POST['themeName']); } ?> <div class="row"> <div class="cell form-cell" id="login-form-inputs-container"> </div> <?php echo X2Html::logo('login_' . (LoginThemeHelper::singleton()->usingDarkTheme ? 'white' : 'black'), array('id' => 'login-form-logo')); if ($profile) { ?> <!--<div class='avatar-cell'> <span class='image-alignment-helper'></span> <?php echo Profile::renderFullSizeAvatar($profile->id, 105); ?> </div>--> <?php } if ($profile) { ?> <div id='full-name'><?php echo $profile->fullName; ?>
* 02110-1301 USA. * * You can contact X2Engine, Inc. P.O. Box 66752, Scotts Valley, * California 95067, USA. or at email address contact@x2engine.com. * * The interactive user interfaces in modified source and object code versions * of this program must display Appropriate Legal Notices, as required under * Section 5 of the GNU Affero General Public License version 3. * * In accordance with Section 7(b) of the GNU Affero General Public License version 3, * these Appropriate Legal Notices must retain the display of the "Powered by * X2Engine" logo. If the display of the logo is not reasonably feasible for * technical reasons, the Appropriate Legal Notices must display the words * "Powered by X2Engine". *****************************************************************************************/ LoginThemeHelper::init(); Yii::app()->clientScript->registerCssFile($this->module->assetsUrl . '/css/users.css'); $groups = array(); foreach (Groups::model()->findAll() as $group) { $groups[$group->id] = $group->name; } $roles = array(); foreach (Roles::model()->findAll() as $role) { $roles[$role->id] = $role->name; } ?> <!--<div class="page-title icon users"><h2> <?php echo Yii::t('users', 'Create {user}', array('{user}' => Modules::displayName(false))); ?> </h2></div> -->
<link rel="stylesheet" type="text/css" href="<?php echo $themeURL; ?> /css/ie.css" media="screen, projection" /> <![endif]--> <title><?php echo CHtml::encode($this->pageTitle); ?> </title> </head> <body id="body-tag" class="login"> <meta name="viewport" content="width=device-width, initial-scale=0.8, user-scalable=no"> <!--<div class="ie-shadow" style="display:none;"></div>--> <?php echo $content; ?> <div class='background'> <div class='stripe-container'> <div class='stripe small' style="float:left"></div> <div class='stripe' style="float:left"></div> <div class='stripe small' style="float:right"></div> <div class='stripe' style="float:right"></div> </div> </div> <?php LoginThemeHelper::render(); ?> </body> </html>
/** * Display/set user profile settings. */ public function actionSettings() { $model = $this->loadModel(Yii::app()->user->getId()); if (isset($_POST['Profile']) || isset($_POST['preferences'])) { if (isset($_POST['Profile'])) { $model->attributes = $_POST['Profile']; if (isset($_POST['preferences']['loginSound'])) { $pieces = explode(',', $_POST['preferences']['loginSound']); $model->loginSound = $pieces[0]; unset($_POST['preferences']['loginSound']); } if (isset($_POST['preferences']['notificationSound'])) { $pieces = explode(',', $_POST['preferences']['notificationSound']); $model->notificationSound = $pieces[0]; unset($_POST['preferences']['notificationSound']); } $model->save(); } if (isset($_POST['preferences']['themeName'])) { ThemeGenerator::clearCache(); Yii::import('application.components.ThemeGenerator.LoginThemeHelper'); LoginThemeHelper::saveProfileTheme($_POST['preferences']['themeName']); $model->theme = array_merge(array_diff_key($model->theme, array_flip(ThemeGenerator::getProfileKeys())), ThemeGenerator::loadDefault($_POST['preferences']['themeName'], false), array_diff_key($_POST['preferences'], array_flip(ThemeGenerator::getProfileKeys()))); $model->save(); } $this->refresh(); } $modules = Modules::model()->findAllByAttributes(array('visible' => 1)); $menuItems = array(); foreach ($modules as $module) { if ($module->name == 'document') { $menuItems[$module->title] = $module->title; } else { $menuItems[$module->name] = Yii::t('app', $module->title); } } $menuItems = array('' => Yii::t('app', 'Activity Feed')) + $menuItems; $languages = $model->getLanguageOptions(); $times = $this->getTimeZones(); $myThemeProvider = new CActiveDataProvider('Media', array('criteria' => array('condition' => "((private = 1 AND uploadedBy = '" . Yii::app()->user->name . "') OR private = 0) AND associationType = 'theme'", 'order' => 'createDate DESC'), 'pagination' => false)); $myBackgroundProvider = new CActiveDataProvider('Media', array('criteria' => array('condition' => "(associationType = 'bg-private' AND associationId = '" . Yii::app()->user->getId() . "') OR associationType = 'bg'", 'order' => 'createDate DESC'), 'pagination' => false)); $myLoginSoundProvider = new CActiveDataProvider('Media', array('criteria' => array('condition' => "(associationType='loginSound' AND (private=0 OR private IS NULL OR uploadedBy='" . Yii::app()->user->getName() . "'))", 'order' => 'createDate DESC'), 'pagination' => false)); $myNotificationSoundProvider = new CActiveDataProvider('Media', array('criteria' => array('condition' => "(associationType='notificationSound' AND (private=0 OR private IS NULL OR uploadedBy='" . Yii::app()->user->getName() . "'))", 'order' => 'createDate DESC'), 'pagination' => false)); $hiddenTags = json_decode(Yii::app()->params->profile->hiddenTags, true); if (empty($hiddenTags)) { $hiddenTags = array(); } if (sizeof($hiddenTags)) { $tagParams = AuxLib::bindArray($hiddenTags); $allTags = Yii::app()->db->createCommand()->select('COUNT(*) AS count, tag')->from('x2_tags')->group('tag')->where('tag IS NOT NULL AND tag IN (' . implode(',', array_keys($tagParams)) . ')', $tagParams)->order('tag ASC')->limit(20)->queryAll(); } else { $allTags = array(); } $admin = Yii::app()->settings; $this->render('settings', array('model' => $model, 'languages' => $languages, 'times' => $times, 'myThemes' => $myThemeProvider, 'myBackgrounds' => $myBackgroundProvider, 'myLoginSounds' => $myLoginSoundProvider, 'myNotificationSounds' => $myNotificationSoundProvider, 'menuItems' => $menuItems, 'allTags' => $allTags)); }
/** * Display/set user profile settings. */ public function actionSettings() { $model = $this->loadModel(Yii::app()->user->getId()); if (isset($_POST['Profile']) || isset($_POST['preferences'])) { if (isset($_POST['Profile'])) { $model->attributes = $_POST['Profile']; if ($model->save()) { //$this->redirect(array('view','id'=>$model->id)); } } if (isset($_POST['preferences'])) { $model->theme = ThemeGenerator::generatePalette($_POST['preferences']); if ($model->save()) { Yii::import('application.components.ThemeGenerator.LoginThemeHelper'); LoginThemeHelper::saveProfileTheme($_POST['preferences']['themeName']); } } $this->refresh(); } $modules = Modules::model()->findAllByAttributes(array('visible' => 1)); $menuItems = array(); foreach ($modules as $module) { if ($module->name == 'document') { $menuItems[$module->title] = $module->title; } else { $menuItems[$module->name] = Yii::t('app', $module->title); } } $menuItems = array('' => Yii::t('app', 'Activity Feed')) + $menuItems; $languageDirs = scandir('./protected/messages'); // scan for installed language folders $languages = array('en' => 'English'); foreach ($languageDirs as $code) { // look for langauges name $name = $this->getLanguageName($code, $languageDirs); // in each item in $languageDirs if ($name !== false) { $languages[$code] = $name; } // add to $languages if name is found } $times = $this->getTimeZones(); $myThemeProvider = new CActiveDataProvider('Media', array('criteria' => array('condition' => "((private = 1 AND uploadedBy = '" . Yii::app()->user->name . "') OR private = 0) AND associationType = 'theme'", 'order' => 'createDate DESC'), 'pagination' => false)); $myBackgroundProvider = new CActiveDataProvider('Media', array('criteria' => array('condition' => "(associationType = 'bg-private' AND associationId = '" . Yii::app()->user->getId() . "') OR associationType = 'bg'", 'order' => 'createDate DESC'), 'pagination' => false)); $myLoginSoundProvider = new CActiveDataProvider('Media', array('criteria' => array('condition' => "(associationType='loginSound' AND (private=0 OR private IS NULL OR uploadedBy='" . Yii::app()->user->getName() . "'))", 'order' => 'createDate DESC'), 'pagination' => false)); $myNotificationSoundProvider = new CActiveDataProvider('Media', array('criteria' => array('condition' => "(associationType='notificationSound' AND (private=0 OR private IS NULL OR uploadedBy='" . Yii::app()->user->getName() . "'))", 'order' => 'createDate DESC'), 'pagination' => false)); $hiddenTags = json_decode(Yii::app()->params->profile->hiddenTags, true); if (empty($hiddenTags)) { $hiddenTags = array(); } if (sizeof($hiddenTags)) { $tagParams = AuxLib::bindArray($hiddenTags); $allTags = Yii::app()->db->createCommand()->select('COUNT(*) AS count, tag')->from('x2_tags')->group('tag')->where('tag IS NOT NULL AND tag IN (' . implode(',', array_keys($tagParams)) . ')', $tagParams)->order('tag ASC')->limit(20)->queryAll(); } else { $allTags = array(); } $admin = Yii::app()->settings; $this->render('settings', array('model' => $model, 'languages' => $languages, 'times' => $times, 'myThemes' => $myThemeProvider, 'myBackgrounds' => $myBackgroundProvider, 'myLoginSounds' => $myLoginSoundProvider, 'myNotificationSounds' => $myNotificationSoundProvider, 'menuItems' => $menuItems, 'allTags' => $allTags)); }