Exemplo n.º 1
0
 /**
  * Perform request access validation based on security settings.
  * @param $requiresJournal boolean
  */
 function validate($requiresJournal = false)
 {
     if (Config::getVar('security', 'force_ssl') && Request::getProtocol() != 'https') {
         // Force SSL connections site-wide
         Request::redirectSSL();
     }
     $journal = Request::getJournal();
     if ($requiresJournal && $journal == null) {
         // Requested page is only allowed for journals
         Request::redirect(null, 'about');
     }
     $page = Request::getRequestedPage();
     if ($journal != null && !Validation::isLoggedIn() && !in_array($page, Handler::getLoginExemptions()) && $journal->getSetting('restrictSiteAccess')) {
         Request::redirect(null, 'login');
     }
 }
Exemplo n.º 2
0
 /**
  * Validate a user's credentials and log the user in.
  */
 function signIn()
 {
     parent::validate();
     if (Validation::isLoggedIn()) {
         Request::redirect(null, 'user');
     }
     if (Config::getVar('security', 'force_login_ssl') && Request::getProtocol() != 'https') {
         // Force SSL connections for login
         Request::redirectSSL();
     }
     $user = Validation::login(Request::getUserVar('username'), Request::getUserVar('password'), $reason, Request::getUserVar('remember') == null ? false : true);
     if ($user !== false) {
         if (Config::getVar('security', 'force_login_ssl') && !Config::getVar('security', 'force_ssl')) {
             // Redirect back to HTTP if forcing SSL for login only
             Request::redirectNonSSL();
         } else {
             if ($user->getMustChangePassword()) {
                 // User must change their password in order to log in
                 Validation::logout();
                 Request::redirect(null, null, 'changePassword', $user->getUsername());
             } else {
                 $source = Request::getUserVar('source');
                 if (isset($source) && !empty($source)) {
                     Request::redirectUrl(Request::getProtocol() . '://' . Request::getServerHost() . $source, false);
                 } else {
                     Request::redirect(null, 'user');
                 }
             }
         }
     } else {
         $sessionManager =& SessionManager::getManager();
         $session =& $sessionManager->getUserSession();
         $templateMgr =& TemplateManager::getManager();
         $templateMgr->assign('username', Request::getUserVar('username'));
         $templateMgr->assign('remember', Request::getUserVar('remember'));
         $templateMgr->assign('source', Request::getUserVar('source'));
         $templateMgr->assign('showRemember', Config::getVar('general', 'session_lifetime') > 0);
         $templateMgr->assign('error', $reason === null ? 'user.login.loginError' : ($reason === '' ? 'user.login.accountDisabled' : 'user.login.accountDisabledWithReason'));
         $templateMgr->assign('reason', $reason);
         $templateMgr->display('user/login.tpl');
     }
 }