/** * Perform request access validation based on security settings. * @param $requiresJournal boolean */ function validate($requiresJournal = false) { if (Config::getVar('security', 'force_ssl') && Request::getProtocol() != 'https') { // Force SSL connections site-wide Request::redirectSSL(); } $journal = Request::getJournal(); if ($requiresJournal && $journal == null) { // Requested page is only allowed for journals Request::redirect(null, 'about'); } $page = Request::getRequestedPage(); if ($journal != null && !Validation::isLoggedIn() && !in_array($page, Handler::getLoginExemptions()) && $journal->getSetting('restrictSiteAccess')) { Request::redirect(null, 'login'); } }
/** * Validate a user's credentials and log the user in. */ function signIn() { parent::validate(); if (Validation::isLoggedIn()) { Request::redirect(null, 'user'); } if (Config::getVar('security', 'force_login_ssl') && Request::getProtocol() != 'https') { // Force SSL connections for login Request::redirectSSL(); } $user = Validation::login(Request::getUserVar('username'), Request::getUserVar('password'), $reason, Request::getUserVar('remember') == null ? false : true); if ($user !== false) { if (Config::getVar('security', 'force_login_ssl') && !Config::getVar('security', 'force_ssl')) { // Redirect back to HTTP if forcing SSL for login only Request::redirectNonSSL(); } else { if ($user->getMustChangePassword()) { // User must change their password in order to log in Validation::logout(); Request::redirect(null, null, 'changePassword', $user->getUsername()); } else { $source = Request::getUserVar('source'); if (isset($source) && !empty($source)) { Request::redirectUrl(Request::getProtocol() . '://' . Request::getServerHost() . $source, false); } else { Request::redirect(null, 'user'); } } } } else { $sessionManager =& SessionManager::getManager(); $session =& $sessionManager->getUserSession(); $templateMgr =& TemplateManager::getManager(); $templateMgr->assign('username', Request::getUserVar('username')); $templateMgr->assign('remember', Request::getUserVar('remember')); $templateMgr->assign('source', Request::getUserVar('source')); $templateMgr->assign('showRemember', Config::getVar('general', 'session_lifetime') > 0); $templateMgr->assign('error', $reason === null ? 'user.login.loginError' : ($reason === '' ? 'user.login.accountDisabled' : 'user.login.accountDisabledWithReason')); $templateMgr->assign('reason', $reason); $templateMgr->display('user/login.tpl'); } }