/**
* constructor
*/
public function __construct()
{
parent::__construct();
if (!Core::getUser() instanceof UserAccount && get_class($this) !== 'LoginController') {
if (isset($_REQUEST['user']) && isset($_REQUEST['pass']) && in_array(get_class($this), array('OrderPrintController', 'POPrintController')) && ($userAccount = UserAccount::getUserByUsernameAndPassword(trim($_REQUEST['user']), trim($_REQUEST['pass']), true)) instanceof UserAccount) {
Core::setUser($userAccount);
} else {
$this->getResponse()->Redirect('/login.html');
}
}
}
/**
* login a user
*
* @param array $params
*
* @throws Exception
* @return multitype:
*/
private function _login($params)
{
if (!isset($params['username']) || ($username = trim($params['username'])) === '') {
throw new Exception('username is empty!');
}
if (!isset($params['password']) || ($password = trim($params['password'])) === '') {
throw new Exception('password is empty!');
}
$userAccount = UserAccount::getUserByUsernameAndPassword($username, $password, true);
$role = null;
if (count($roles = $userAccount->getRoles()) > 0) {
$role = $roles[0];
}
Core::setUser($userAccount, $role);
return array();
}
/**
* validate a user providing $username and $password
*
* @param string $username
* @param string $password
* @return true, if there is such a userAccount in the database;otherwise, false;
*/
public function validateUser($username, $password)
{
if (!Core::getUser() instanceof UserAccount) {
$userAccount = UserAccount::getUserByUsernameAndPassword($username, $password);
if (!$userAccount instanceof UserAccount) {
return false;
}
$role = null;
if (!Core::getRole() instanceof Role) {
if (count($roles = $userAccount->getRoles()) > 0) {
$role = $roles[0];
}
}
Core::setUser($userAccount, $role);
}
return true;
}
/**
* Logs in a user with the given username and password POSTed. Though true
* REST doesn't believe in sessions, it is often desirable for an AJAX server.
*
* @url POST /login
*/
public function login()
{
try {
$username = trim($_POST['username']);
if ($username === '') {
throw new AuthenticationException("Empty username not allowed");
}
$password = trim($_POST['password']);
if ($password === '') {
throw new AuthenticationException("Empty password not allowed");
}
$userAccount = UserAccount::getUserByUsernameAndPassword($username, $password);
if ($userAccount instanceof UserAccount) {
Core::getUser($userAccount);
}
} catch (Exception $ex) {
throw new RestException(401, $ex->getMessage(), $ex);
}
return array("success" => "Logged in " . $username);
}
