/**
* Process
* All the action happens here.
* If you are not logged in, it will print the login form.
* Submitting that form will then try to authenticate you.
* If you are successfully authenticated, you get redirected back to the main index page (quickstats etc).
* Otherwise, will show an error message and the login form again.
*
* @see ShowLoginForm
* @uses AuthenticationSystem::Authenticate()
*
* @return Void Doesn't return anything. Checks the action and passes it off to the appropriate area.
*/
function Process()
{
$action = IEM::requestGetGET('Action', '', 'strtolower');
switch ($action) {
case 'forgotpass':
$this->ShowForgotForm();
break;
case 'changepassword':
if (!IEM::sessionGet('ForgotUser')) {
$this->ShowForgotForm('login_error', GetLang('BadLogin_Link'));
break;
}
$userapi = GetUser(-1);
$loaded = $userapi->Load(IEM::sessionGet('ForgotUser'));
if (!$loaded) {
$this->ShowForgotForm('login_error', GetLang('BadLogin_Link'));
break;
}
$password = IEM::requestGetPOST('ss_password', false);
$confirm = IEM::requestGetPOST('ss_password_confirm', false);
if ($password == false || ($password != $confirm)) {
$this->ShowForgotForm_Step2($userapi->Get('username'), 'login_error', GetLang('PasswordsDontMatch'));
break;
}
$userapi->password = $password;
$userapi->Save();
$code = md5(uniqid(rand(), true));
$userapi->ResetForgotCode($code);
$this->ShowLoginForm('login_success', GetLang('PasswordUpdated'));
break;
case 'sendpass':
$user = GetUser(-1);
$username = IEM::requestGetPOST('ss_username', '');
/**
* Fix vulnerabilities with MySQL
* Documented here: http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/
*
* Basically MySQL is truncating values in a column
*/
$username = preg_replace('/\s+/', ' ', $username);
$username = trim($username);
/**
* -----
*/
$founduser = $user->Find($username);
if (!$founduser) {
$this->ShowForgotForm('login_error', GetLang('BadLogin_Forgot'));
break;
}
$user->Load($founduser, false);
$code = md5(uniqid(rand(), true));
$user->ResetForgotCode($code);
$link = SENDSTUDIO_APPLICATION_URL . '/admin/index.php?Page=Login&Action=ConfirmCode&user='******'&code=' . $code;
$message = sprintf(GetLang('ChangePasswordEmail'), $link);
$email_api = $this->GetApi('Email');
$email_api->Set('CharSet', SENDSTUDIO_CHARSET);
$email_api->Set('Multipart', false);
$email_api->AddBody('text', $message);
$email_api->Set('Subject', GetLang('ChangePasswordSubject'));
$email_api->Set('FromAddress', SENDSTUDIO_EMAIL_ADDRESS);
$email_api->Set('ReplyTo', SENDSTUDIO_EMAIL_ADDRESS);
$email_api->Set('BounceAddress', SENDSTUDIO_EMAIL_ADDRESS);
$email_api->SetSmtp(SENDSTUDIO_SMTP_SERVER, SENDSTUDIO_SMTP_USERNAME, @base64_decode(SENDSTUDIO_SMTP_PASSWORD), SENDSTUDIO_SMTP_PORT);
$user_fullname = $user->Get('fullname');
$email_api->AddRecipient($user->emailaddress, $user_fullname, 't');
$email_api->Send();
$this->ShowForgotForm_Step2($username,'login_success', sprintf(GetLang('ChangePassword_Emailed'), $user->emailaddress));
break;
case 'confirmcode':
$user = IEM::requestGetGET('user', false, 'intval');
$code = IEM::requestGetGET('code', false, 'trim');
if (empty($user) || empty($code)) {
$this->ShowForgotForm('login_error', GetLang('BadLogin_Link'));
break;
}
$userapi = GetUser(-1);
$loaded = $userapi->Load($user, false);
if (!$loaded || $userapi->Get('forgotpasscode') != $code) {
$this->ShowForgotForm('login_error', GetLang('BadLogin_Link'));
break;
}
IEM::sessionSet('ForgotUser', $user);
$this->ShowForgotForm_Step2($userapi->Get('username'));
break;
case 'login':
$auth_system = new AuthenticationSystem();
$username = IEM::requestGetPOST('ss_username', '');
$password = IEM::requestGetPOST('ss_password', '');
$result = $auth_system->Authenticate($username, $password);
if ($result === -1) {
$this->ShowLoginForm('login_error', GetLang('PleaseWaitAWhile'));
break;
} elseif ($result === -2) {
$this->ShowLoginForm('login_error', GetLang('FreeTrial_Expiry_Login'));
break;
} elseif (!$result) {
$this->ShowLoginForm('login_error', GetLang('BadLogin'));
break;
} elseif ($result && defined('IEM_SYSTEM_ACTIVE') && !IEM_SYSTEM_ACTIVE) {
$msg = (isset($result['admintype']) && $result['admintype'] == 'a') ? 'ApplicationInactive_Admin' : 'ApplicationInactive_Regular';
$this->ShowLoginForm('login_error', GetLang($msg));
break;
}
$rememberdetails = IEM::requestGetPOST('rememberme', false);
$rememberdetails = (bool)$rememberdetails;
$user = false;
$rand_check = false;
IEM::userLogin($result['userid']);
$oneyear = 365 * 24 * 3600; // one year's time.
$redirect = $this->_validateTakeMeToRedirect(IEM::requestGetPOST('ss_takemeto', 'index.php'));
if ($rememberdetails) {
if (!$user) { $user = IEM::userGetCurrent(); }
if (!$rand_check) { $rand_check = uniqid(true); }
$usercookie_info = array('user' => $user->userid, 'time' => time(), 'rand' => $rand_check, 'takemeto' => $redirect);
IEM::requestSetCookie('IEM_CookieLogin', $usercookie_info, $oneyear);
$usercookie_info = array('takemeto' => $redirect);
IEM::requestSetCookie('IEM_LoginPreference', $usercookie_info, $oneyear);
}
header('Location: ' . SENDSTUDIO_APPLICATION_URL . '/admin/' . $redirect);
exit();
break;
default:
$msg = false; $template = false;
if ($action == 'logout') {
$this->LoadLanguageFile('Logout');
}
$this->ShowLoginForm($template, $msg);
break;
}
}
