public function authenticate() { if (!$this->_session) { return $this; } if (!empty($_GET['return'])) { $this->set('return_url', $_GET['return']); } if ($this->getUserId()) { return $this; } if (!$this->controller()->isInstalled()) { return $this; } try { if (empty($_POST['username']) || empty($_POST['password'])) { $this->controller()->setAction('login'); return $this; } $user = $this->_session->login($_POST['username'], $_POST['password']); $this->_session->refreshAcl(); if (!$user->getId() || !$this->_session->isAllowed('all')) { $this->addMessage('error', 'Invalid user name or password'); $this->controller()->setAction('login'); return $this; } } catch (Exception $e) { $this->addMessage('error', $e->getMessage()); } $this->controller()->redirect($this->controller()->url($this->controller()->getAction()) . '&loggedin', true); }
/** * Disabled form security in order to prevent exit from the app * @magentoConfigFixture current_store admin/security/session_lifetime 59 */ public function testIsLoggedInWithIgnoredLifetime() { //$this->_model->login(Magento_Test_Bootstrap::ADMIN_NAME, Magento_Test_Bootstrap::ADMIN_PASSWORD); $this->_model->login('', ''); $this->assertTrue($this->_model->isLoggedIn()); $this->_model->setUpdatedAt(time() - 101); $this->assertTrue($this->_model->isLoggedIn()); }
/** * Authentication to downloader */ public function authenticate() { if (!$this->_session) { return $this; } if (!empty($_GET['return'])) { $this->set('return_url', $_GET['return']); } if ($this->_checkUserAccess()) { return $this; } if (!$this->controller()->isInstalled()) { return $this; } try { if (isset($_POST['username']) && !$this->validateFormKey()) { $this->controller()->redirect($this->controller()->url(), true); } if (isset($_POST['username']) && empty($_POST['username']) || isset($_POST['password']) && empty($_POST['password'])) { $this->addMessage('error', 'Invalid user name or password'); } if (empty($_POST['username']) || empty($_POST['password'])) { $this->controller()->setAction('login'); return $this; } $user = $this->_session->login($_POST['username'], $_POST['password']); $this->_session->refreshAcl(); if ($this->_checkUserAccess($user)) { return $this; } } catch (Exception $e) { $this->addMessage('error', $e->getMessage()); } $this->controller()->redirect($this->controller()->url('loggedin'), true); }
public function login($username, $password, $request = null) { $ip = Mage::app()->getRequest()->getClientIp(); $max = $this->_config('max', true); //clear chache, as we store blacklist and whitelist. Mage::app()->cleanCache('CONFIG'); if ($max && !$this->_inList('white', $ip)) { if ($this->_inList('black', $ip)) { return $this->_fault(); } $attemptCnt = $this->_getFailedAttemptsCount($ip); if ($attemptCnt > $max) { return $this->_fault(); } if ($attemptCnt == $max) { $this->_createLoginResrtiction($ip, $username); return $this->_fault(); } } return parent::login($username, $password, $request); }