if ($option == 'search') { $option = 'com_search'; } /** mainframe is an API workhorse, lots of 'core' interaction routines */ $mainframe = new mosMainFrame($database, $option, '.'); $mainframe->initSession(); // loads english language file by default if ($mosConfig_lang == '') { $mosConfig_lang = 'english'; } include_once 'language/' . $mosConfig_lang . '.php'; // frontend login & logout controls $return = mosGetParam($_REQUEST, 'return', NULL); $message = mosGetParam($_POST, 'message', 0); if ($option == "login") { $mainframe->login(); // JS Popup message if ($message) { ?> <script> <!--// alert( "<?php echo _LOGIN_SUCCESS; ?> " ); //--> </script> <?php } if ($return) { mosRedirect($return);
/** * User login into CMS framework * * @param string $username The username * @param string|boolean $password if boolean FALSE: login without password if possible * @param booleean $rememberme 1 for "remember-me" cookie method * @param int $userId used for "remember-me" login function only * @return boolean Login success */ function login( $username, $password, $rememberme = 0, $userId = null ) { header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"'); // needed for IE6 to accept this anti-spam cookie in higher security setting. if ( checkJversion() >= 1 ) { // Joomla 1.5 RC and above: if ( $password !== false ) { $result = $this->_baseFramework->login( array( 'username' => $username, 'password' => $password ), array( 'remember' => $rememberme ) ); } else { // login without password: jimport( 'joomla.user.authentication' ); // load user plugins: JPluginHelper::importPlugin( 'user' ); // get JAuthentication object: $authenticate =& JAuthentication::getInstance(); $dispatcher =& JDispatcher::getInstance(); $response = new JAuthenticationResponse(); // prepare our SUCCESS login response including user data: global $_CB_database; $row = new moscomprofilerUser( $_CB_database ); $row->loadByUsername( stripslashes( $username ) ); $response->status = JAUTHENTICATE_STATUS_SUCCESS; $response->username = $username; $response->fullname = $row->name; // now we attempt user login and check results: if ( checkJversion() == 2 ) { $login = $dispatcher->trigger( 'onUserLogin', array( (array) $response, array( 'action' => 'core.login.site' ) ) ); } else { $login = $dispatcher->trigger( 'onLoginUser', array( (array) $response, array() ) ); } $result = ! in_array( false, $login, true ); } if ( $result ) { $user =& JFactory::getUser(); $this->_myId = (int) $user->id; $this->_myUsername = $user->username; $this->_myUserType = $user->usertype; $this->_myCmsGid = $user->get('aid', 0); $lang =& JFactory::getLanguage(); if ( checkJversion() == 2 ) { $this->_myLanguage = strtolower( preg_replace( '/^(\w+).*$/i', '\1', $lang->getName() ) ); } else { $this->_myLanguage = $lang->getBackwardLang(); } } } else { // Mambo 4.5.x and Joomla before 1.0.13+ (in fact RC3+) do need hashed password for login() method: if ( $password !== false ) { $hashedPwdLogin = ( ( checkJversion() == 0 ) && ! function_exists( 'josHashPassword' ) ); // more reliable version-checking than the often hacked version.php file! if ( $hashedPwdLogin ) { // Joomla 1.0.12 and below: $dummyRow = new moscomprofilerUser( $_CB_database ); $this->_baseFramework->login( $username, $dummyRow->hashAndSaltPassword( $password ), $rememberme, $userId ); } else { $this->_baseFramework->login( $username, $password, $rememberme, $userId ); } // Joomla 1.0 redirects bluntly if login fails! so we need to check by ourselves below: $result = true; } else { // login without password: //TBD MAMBO 4.6 support here ! global $_CB_database, $mainframe, $_VERSION; $row = new moscomprofilerUser( $_CB_database ); $row->loadByUsername( stripslashes( $username ) ); // prepare login session with user data: $session =& $mainframe->_session; $session->guest = 0; $session->username = $row->username; $session->userid = (int) $row->id; $session->usertype = $row->usertype; $session->gid = (int) $row->gid; // attempt to login user: if ( $session->update() ) { $result = true; } // check if site is demo or production: if ( $_VERSION->SITE ) { // site is production; remove duplicate sessions: $query = 'DELETE FROM ' . $_CB_database->NameQuote( '#__session' ) . "\n WHERE " . $_CB_database->NameQuote( 'session_id' ) . ' != ' . $_CB_database->Quote( $session->session_id ) . "\n AND " . $_CB_database->NameQuote( 'username' ) . ' = ' . $_CB_database->Quote( $row->username ) . "\n AND " . $_CB_database->NameQuote( 'userid' ) . ' = ' . (int) $row->id . "\n AND " . $_CB_database->NameQuote( 'gid' ) . ' = ' . (int) $row->gid . "\n AND " . $_CB_database->NameQuote( 'guest' ) . ' = 0'; $_CB_database->setQuery( $query ); if ( ! $_CB_database->query() ) { trigger_error( 'loginUser 1 SQL error: ' . $_CB_database->stderr( true ), E_USER_WARNING ); } } // get current datetime: $currentDate = date( 'Y-m-d H:i:s', $this->now() ); // update user last login with current datetime: $query = 'UPDATE ' . $_CB_database->NameQuote( '#__users' ) . "\n SET " . $_CB_database->NameQuote( 'lastvisitDate' ) . " = " . $_CB_database->Quote( $currentDate ) . "\n WHERE " . $_CB_database->NameQuote( 'id' ) . " = " . (int) $session->userid; $_CB_database->setQuery( $query ); if ( ! $_CB_database->query() ) { trigger_error( 'loginUser 2 SQL error: ' . $_CB_database->stderr( true ), E_USER_WARNING ); } // clean old cache: mosCache::cleanCache(); } if ( checkJversion() == 0 ) { global $mainframe; $mymy = $mainframe->getUser(); $this->_myId = (int) $mymy->id; $this->_myUsername = $mymy->username; $this->_myUserType = $mymy->usertype; $this->_myCmsGid = $mymy->gid; if ( ! $this->_myId ) { $result = false; } } //TBD MAMBO 4.6 support here ! } return $result; }