public function loginEvent($runData)
{
$pl = $runData->getParameterList();
$uname = $pl->getParameterValue("name");
$upass = $pl->getParameterValue("password");
$userId = $pl->getParameterValue("welcome");
$keepLogged = $pl->getParameterValue("keepLogged");
$bindIP = $pl->getParameterValue("bindIP");
// decrypt! woooohhooooo!!!!!!!!
$seed = $runData->sessionGet("login_seed");
if ($seed == null) {
throw new ProcessException(_("You have been inactive quite long while trying to log in and your session data have expired. Please try to click 'log in' once again."), "no_seed");
}
$uname = CryptUtils::rsaDecrypt($uname);
$upass = CryptUtils::rsaDecrypt($upass);
// remove seed
if (preg_match('/^' . $seed . '/', $uname) == 0 || preg_match('/^' . $seed . '/', $upass) == 0) {
EventLogger::instance()->logFailedLogin($uname);
throw new ProcessException(_("The user and password do not match."), "login_invalid");
}
$uname = preg_replace('/^' . $seed . '/', '', $uname);
$upass = preg_replace('/^' . $seed . '/', '', $upass);
if ($userId && is_numeric($userId) && $userId > 0) {
$user = DB_OzoneUserPeer::instance()->selectByPrimaryKey($userId);
if ($user && $user->getPassword() !== md5($upass)) {
$user = null;
}
} else {
$user = SecurityManager::authenticateUser($uname, $upass);
}
if ($user == null) {
EventLogger::instance()->logFailedLogin($uname);
throw new ProcessException(_("The login and password do not match."), "login_invalid");
}
$runData->resetSession();
$session = $runData->getSession();
$session->setUserId($user->getUserId());
// set other parameters
$session->setStarted(new ODate());
$session->setLastAccessed(new ODate());
$user->setLastLogin(new ODate());
$user->save();
if ($keepLogged) {
$session->setInfinite(true);
}
if ($bindIP) {
$session->setCheckIp(true);
}
setcookie("welcome", $user->getUserId(), time() + 10000000, "/", GlobalProperties::$SESSION_COOKIE_DOMAIN);
// log event
EventLogger::instance()->logLogin();
}
public function loginEvent($runData)
{
$pl = $runData->getParameterList();
$uname = $pl->getParameterValue("name");
$upass = $pl->getParameterValue("password");
$userId = $pl->getParameterValue("welcome");
$keepLogged = $pl->getParameterValue("keepLogged");
$bindIP = $pl->getParameterValue("bindIP");
// decrypt! woooohhooooo!!!!!!!!
if ($userId && is_numeric($userId) && $userId > 0) {
$user = DB_OzoneUserPeer::instance()->selectByPrimaryKey($userId);
if ($user && $user->getPassword() !== md5($upass)) {
$user = null;
}
} else {
// allow logging with nick name too
if (!strpos('@', $uname)) {
$c = new Criteria();
$c->add('lower(nick_name)', strtolower($uname));
$user_by_nick = DB_OzoneUserPeer::instance()->selectOne($c);
if ($user_by_nick) {
$uname = $user_by_nick->getName();
}
}
$user = SecurityManager::authenticateUser($uname, $upass);
}
if ($user == null) {
EventLogger::instance()->logFailedLogin($uname);
throw new ProcessException(_("The login and password do not match."), "login_invalid");
}
$originalUrl = $runData->sessionGet('loginOriginalUrl');
$runData->resetSession();
$session = $runData->getSession();
$session->setUserId($user->getUserId());
// set other parameters
$session->setStarted(new ODate());
$session->setLastAccessed(new ODate());
$user->setLastLogin(new ODate());
$user->save();
if ($keepLogged) {
$session->setInfinite(true);
}
if ($bindIP) {
$session->setCheckIp(true);
}
/* If the request is over https:, we should also use loginauth.php script to set non-ssl ip address. */
if ($_SERVER['HTTPS']) {
$sessionHash = md5($session->getSessionId() . LoginAuthController::$secretSeed);
$parms = array('sessionHash' => $sessionHash);
if ($originalUrl) {
$parms['origUrl'] = $originalUrl;
}
$originalUrl = 'http://' . GlobalProperties::$URL_HOST . '/loginauth.php?' . http_build_query($parms);
}
if ($originalUrl) {
$runData->ajaxResponseAdd('originalUrl', $originalUrl);
}
setcookie("welcome", $user->getUserId(), time() + 10000000, "/", GlobalProperties::$SESSION_COOKIE_DOMAIN);
setcookie(GlobalProperties::$SESSION_COOKIE_NAME_IE, $runData->getSessionId(), null, "/");
// log event
EventLogger::instance()->logLogin();
}
