public function control()
{
$output = "";
$authorized = false;
if (isset($this->argc) && $this->argc > 1) {
// check for CLI credentials
$session = new Session();
$username = $this->argv[1];
if ($this->argc > 2) {
$pw = $this->argv[2];
} else {
$pw = getenv('THINKUP_PASSWORD');
}
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$owner = $owner_dao->getByEmail($username);
if ($owner_dao->isOwnerAuthorized($username, $pw)) {
$authorized = true;
Session::completeLogin($owner);
} else {
$output = "ERROR: Incorrect username and password.";
}
} else {
// check user is logged in on the web
if ($this->isLoggedIn()) {
$authorized = true;
} else {
$output = "ERROR: Invalid or missing username and password.";
}
}
if ($authorized) {
$crawler = Crawler::getInstance();
$crawler->crawl();
}
return $output;
}
public function control()
{
$this->setPageTitle('Log in');
$this->setViewTemplate('session.login.tpl');
$this->view_mgr->addHelp('login', 'userguide/accounts/index');
$this->disableCaching();
//don't show login form if already logged in
if ($this->isLoggedIn()) {
$controller = new DashboardController(true);
return $controller->go();
} else {
$owner_dao = DAOFactory::getDAO('OwnerDAO');
if (isset($_POST['Submit']) && $_POST['Submit'] == 'Log In' && isset($_POST['email']) && isset($_POST['pwd'])) {
if ($_POST['email'] == '' || $_POST['pwd'] == '') {
if ($_POST['email'] == '') {
$this->addErrorMessage("Email must not be empty");
return $this->generateView();
} else {
$this->addErrorMessage("Password must not be empty");
return $this->generateView();
}
} else {
$session = new Session();
$user_email = $_POST['email'];
if (get_magic_quotes_gpc()) {
$user_email = stripslashes($user_email);
}
$this->addToView('email', $user_email);
$owner = $owner_dao->getByEmail($user_email);
if (!$owner) {
$this->addErrorMessage("Incorrect email");
return $this->generateView();
} elseif (!$owner->is_activated) {
$this->addErrorMessage("Inactive account. " . $owner->account_status . ". " . '<a href="forgot.php">Reset your password.</a>');
return $this->generateView();
} elseif (!$session->pwdCheck($_POST['pwd'], $owner_dao->getPass($user_email))) {
//failed login
if ($owner->failed_logins >= 10) {
$owner_dao->deactivateOwner($user_email);
$owner_dao->setAccountStatus($user_email, "Account deactivated due to too many failed logins");
}
$owner_dao->incrementFailedLogins($user_email);
$this->addErrorMessage("Incorrect password");
return $this->generateView();
} else {
// this sets variables in the session
$session->completeLogin($owner);
$owner_dao->updateLastLogin($user_email);
$owner_dao->resetFailedLogins($user_email);
$owner_dao->clearAccountStatus('');
$controller = new DashboardController(true);
return $controller->control();
}
}
} else {
return $this->generateView();
}
}
}
/**
* @return string
*/
public function control()
{
$output = "";
$authorized = false;
if (isset($this->argc) && $this->argc > 2) {
// check for CLI credentials
$session = new Session();
$streamer_method = $this->argv[1];
$username = $this->argv[2];
if ($this->argc > 3) {
$pw = $this->argv[3];
} else {
$pw = getenv('THINKUP_PASSWORD');
}
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$owner = $owner_dao->getByEmail($username);
$passcheck = $owner_dao->getPass($username);
if ($session->pwdCheck($pw, $passcheck)) {
$authorized = true;
Session::completeLogin($owner);
} else {
$output = "ERROR: Incorrect username and password.";
}
} else {
// check user is logged in on the web
if ($this->isLoggedIn()) {
$authorized = true;
} else {
$output = "ERROR: Invalid or missing stream method, username, and password.";
}
}
if ($authorized) {
$streamer = Streamer::getInstance();
// print "have streamer method: $streamer_method\n";
switch ($streamer_method) {
case 'stream':
$streamer->stream();
break;
case 'streamProcess':
$streamer->streamProcess();
break;
case 'shutdownStreams':
$streamer->shutdownStreams();
break;
default:
$output = "Error: could not identify stream method to run.";
}
}
return $output;
}
/**
* Checks if the authorization tokens (username & API secret) are valid or not, and allow the request if they are.
* If there are no authorization tokens, the request could be allowed if a valid session is found.
*/
public function control()
{
if ($this->isAPICallValid()) {
$owner_dao = DAOFactory::getDAO('OwnerDAO');
$owner = $owner_dao->getByEmail($this->getLoggedInUser());
Session::completeLogin($owner);
return $this->authControl();
}
$as = $this->getAPISecretFromRequest();
if (empty($as) && $this->isLoggedIn()) {
return $this->authControl();
}
$this->setContentType("text/plain; charset=UTF-8");
throw new UnauthorizedUserException("Unauthorized API call");
}
public function control()
{
$this->setPageTitle('Log in');
$this->setViewTemplate('session.login.tpl');
$this->disableCaching();
//don't show login form if already logged in
if ($this->isLoggedIn()) {
$controller = new DashboardController(true);
return $controller->go();
} else {
$od = DAOFactory::getDAO('OwnerDAO');
if (isset($_POST['Submit']) && $_POST['Submit'] == 'Log In' && isset($_POST['email']) && isset($_POST['pwd'])) {
if ($_POST['email'] == '' || $_POST['pwd'] == '') {
if ($_POST['email'] == '') {
$this->addErrorMessage("Email must not be empty");
return $this->generateView();
} else {
$this->addErrorMessage("Password must not be empty");
return $this->generateView();
}
} else {
$session = new Session();
$user_email = $_POST['email'];
$this->addToView('email', $user_email);
$owner = $od->getByEmail($user_email);
if (!$owner) {
$this->addErrorMessage("Incorrect email");
return $this->generateView();
} elseif (!$session->pwdCheck($_POST['pwd'], $od->getPass($user_email))) {
$this->addErrorMessage("Incorrect password");
return $this->generateView();
} else {
// this sets variables in the session
$session->completeLogin($owner);
$od->updateLastLogin($user_email);
$controller = new DashboardController(true);
return $controller->control();
}
}
} else {
return $this->generateView();
}
}
}
/**
* Checks if the authorization tokens (username & API secret) are valid or not, and allow the request if they are.
* If there are no authorization tokens, the request could be allowed if a valid session is found.
*/
public function control()
{
$owner = $this->isAPICallValid();
if ($owner) {
Session::completeLogin($owner);
return $this->authControl();
}
$as = $this->getAPISecretFromRequest();
if (empty($as) && $this->isLoggedIn()) {
return $this->authControl();
}
// Assume if no API key is set, that it's a regular HTML page request
if (empty($as)) {
parent::control();
} else {
$this->setContentType("text/plain; charset=UTF-8");
throw new UnauthorizedUserException("Unauthorized API call");
}
}
public function go()
{
$this->setViewTemplate('admin_login.tpl');
$this->addPageTitle('Log in');
if ($this->isLoggedIn()) {
header('Location: ' . SOURCE_ROOT_PATH . "admin/pages/dashboard.php");
} else {
if (isset($_POST['submit']) && $_POST['submit'] == 'Login' && isset($_POST['username']) && isset($_POST['pwd'])) {
if ($_POST['username'] == '' || $_POST['pwd'] == '') {
if ($_POST['username'] == '') {
$this->addErrorMessage("Username must not be empty");
return $this->generateView();
} else {
$this->addErrorMessage("Password must not be empty");
return $this->generateView();
}
} else {
$session = new Session();
$username = $_POST['username'];
$this->addToView('username', $username);
$user = User::findByUsername($username);
if (!$user) {
$this->addErrorMessage("Incorrect username");
return $this->generateView();
} elseif (!$session->pwdCheck($_POST['pwd'], $user->password)) {
$this->addErrorMessage("Incorrect password");
return $this->generateView();
} elseif (!$user->type) {
$this->addErrorMessage("You are not an administrator");
return $this->generateView();
} else {
// this sets variables in the session
$session->completeLogin($user);
header('Location: ' . SOURCE_ROOT_PATH . "admin/pages/login.php");
}
}
} else {
$this->addPageTitle('Log in');
return $this->generateView();
}
}
}
public function go()
{
$this->setViewTemplate('landingpage.tpl');
$this->addPageTitle('Log in');
if ($this->isLoggedIn()) {
$controller = new LandingPageController();
return $controller->go();
} else {
if (isset($_POST['submit']) && $_POST['submit'] == 'Login' && isset($_POST['username']) && isset($_POST['pwd'])) {
if ($_POST['username'] == '' || $_POST['pwd'] == '') {
if ($_POST['username'] == '') {
$this->addErrorMessage("Username must not be empty");
return $this->generateView();
} else {
$this->addErrorMessage("Password must not be empty");
return $this->generateView();
}
} else {
$session = new Session();
$username = $_POST['username'];
$this->addToView('username', $username);
$user = User::findByUsername($username);
if (!$user) {
header('Location:' . SOURCE_ROOT_PATH . "pages/mainlogin.php?msg=username");
//return $this->generateView();
} elseif (!$session->pwdCheck($_POST['pwd'], $user->password)) {
header('Location:' . SOURCE_ROOT_PATH . "pages/mainlogin.php?msg=password");
return $this->generateView();
} else {
// this sets variables in the session
$session->completeLogin($user);
header('Location:' . SOURCE_ROOT_PATH . "pages/home.php");
}
}
} else {
$this->addPageTitle('Log in');
return $this->generateView();
}
}
}
public function testCompleteLoginAndIsLoggedInIsAdmin()
{
$val = array();
$val["id"] = 10;
$val["user_name"] = 'testuser';
$val["full_name"] = 'Test User';
$val['email'] = '*****@*****.**';
$val['last_login'] = '******';
$val["is_admin"] = 0;
$val["is_activated"] = 1;
$val["failed_logins"] = 0;
$val["account_status"] = '';
$owner = new Owner($val);
$session = new Session();
$session->completeLogin($owner);
$this->assertTrue(Session::isLoggedIn());
$this->assertFalse(Session::isAdmin());
$val = array();
$val["id"] = 11;
$val["user_name"] = 'testuser';
$val["full_name"] = 'Test User2';
$val['email'] = '*****@*****.**';
$val['last_login'] = '******';
$val["is_admin"] = 1;
$val["is_activated"] = 1;
$val["failed_logins"] = 0;
$val["account_status"] = '';
$owner = new Owner($val);
$session->completeLogin($owner);
$this->assertTrue(Session::isLoggedIn());
$this->assertTrue(Session::isAdmin());
$this->assertEqual(Session::getLoggedInUser(), '*****@*****.**');
}
public function control()
{
$this->setPageTitle('Log in');
$this->setViewTemplate('session.login.tpl');
$this->view_mgr->addHelp('login', 'userguide/accounts/index');
$this->disableCaching();
//don't show login form if already logged in
if ($this->isLoggedIn()) {
$controller = new DashboardController(true);
return $controller->go();
} else {
$owner_dao = DAOFactory::getDAO('OwnerDAO');
if (isset($_POST['Submit']) && $_POST['Submit'] == 'Log In' && isset($_POST['email']) && isset($_POST['pwd'])) {
if ($_POST['email'] == '' || $_POST['pwd'] == '') {
if ($_POST['email'] == '') {
$this->addErrorMessage("Email must not be empty");
return $this->generateView();
} else {
$this->addErrorMessage("Password must not be empty");
return $this->generateView();
}
} else {
$session = new Session();
$user_email = $_POST['email'];
if (get_magic_quotes_gpc()) {
$user_email = stripslashes($user_email);
}
$this->addToView('email', $user_email);
$owner = $owner_dao->getByEmail($user_email);
if (!$owner) {
$this->addErrorMessage("Incorrect email");
return $this->generateView();
} elseif (!$owner->is_activated) {
$error_msg = 'Inactive account. ';
if ($owner->failed_logins == 0) {
$error_msg .= '<a href="http://thinkupapp.com/docs/install/install.html#activate-your-account">' . 'You must activate your account.</a>';
} elseif ($owner->failed_logins == 10) {
$error_msg .= $owner->account_status . '. <a href="forgot.php">Reset your password.</a>';
}
$this->addErrorMessage($error_msg);
return $this->generateView();
// If the credentials supplied by the user are incorrect
} elseif (!$owner_dao->isOwnerAuthorized($user_email, $_POST['pwd'])) {
$error_msg = 'Incorrect password';
if ($owner->failed_logins == 9) {
// where 9 represents the 10th attempt!
$owner_dao->deactivateOwner($user_email);
$status = 'Account deactivated due to too many failed logins';
$owner_dao->setAccountStatus($user_email, $status);
$error_msg = 'Inactive account. ' . $status . '. <a href="forgot.php">Reset your password.</a>';
}
$owner_dao->incrementFailedLogins($user_email);
$this->addErrorMessage($error_msg);
return $this->generateView();
} else {
// user has logged in sucessfully this sets variables in the session
$session->completeLogin($owner);
$owner_dao->updateLastLogin($user_email);
$owner_dao->resetFailedLogins($user_email);
$owner_dao->clearAccountStatus($user_email);
$controller = new DashboardController(true);
return $controller->go();
}
}
} else {
return $this->generateView();
}
}
}
}
$db = new Database($THINKTANK_CFG);
$conn = $db->getConnection();
$od = new OwnerDAO($db);
$user_email = mysql_real_escape_string($_POST['email']);
$s = new SmartyThinkTank();
$s->caching = false;
if ($_POST['Submit'] == 'Login') {
$result = $od->getForLogin($user_email);
if (!$result) {
header("Location: login.php?emsg=Invalid+email+or+password");
} elseif (!$session->pwdCheck($_POST['pwd'], $result['pwd'])) {
header("Location: login.php?emsg=Incorrect+email+or+password");
} else {
// this sets variables in the session
$session->completeLogin($result);
$od->updateLastLogin($user_email);
if (isset($_GET['ret']) && !empty($_GET['ret'])) {
header("Location: {$_GET['ret']}");
} else {
header("Location: " . $THINKTANK_CFG['site_root_path']);
}
exit;
}
}
if (isset($_GET["emsg"])) {
$emsg = $_GET["emsg"];
}
if (isset($_GET["smsg"])) {
$smsg = $_GET["smsg"];
}
/**
* Attempt to log in user via private API key and redirect to specified success or failure URLs based on result
* with msg parameter set.
* Expected $_GET parameters:
* u: email address
* k: private API key
* failure_redir: failure redirect URL
* success_redir: success redirect URL
*/
public function control()
{
$this->disableCaching();
if (!isset($_GET['success_redir']) || !isset($_GET['failure_redir']) || $_GET['success_redir'] == "" || $_GET['failure_redir'] == "") {
if (!isset($_GET['success_redir']) || $_GET['success_redir'] == "") {
$controller = new LoginController(true);
$controller->addErrorMessage('No success redirect specified');
return $controller->go();
}
if (!isset($_GET['failure_redir']) || $_GET['failure_redir'] == "") {
$controller = new LoginController(true);
$controller->addErrorMessage('No failure redirect specified');
return $controller->go();
}
} else {
$this->success_redir = $_GET['success_redir'];
$this->failure_redir = $_GET['failure_redir'];
if (!isset($_GET['u'])) {
$this->fail('User is not set.');
}
if (!isset($_GET['k'])) {
$this->fail('API key is not set.');
}
if ($this->isLoggedIn()) {
Session::logout();
}
$owner_dao = DAOFactory::getDAO('OwnerDAO');
if ($_GET['u'] == '' || $_GET['k'] == '') {
if ($_GET['u'] == '') {
$this->fail("Email must not be empty.");
} else {
$this->fail("API key must not be empty.");
}
} else {
$user_email = $_GET['u'];
if (get_magic_quotes_gpc()) {
$user_email = stripslashes($user_email);
}
$owner = $owner_dao->getByEmail($user_email);
if (!$owner) {
$this->fail("Invalid email.");
} elseif (!$owner->is_activated) {
$error_msg = 'Inactive account.';
$this->fail($error_msg);
// If the credentials supplied by the user are incorrect
} elseif (!$owner_dao->isOwnerAuthorizedViaPrivateAPIKey($user_email, $_GET['k'])) {
$error_msg = 'Invalid API key.';
$this->fail($error_msg);
} else {
// user has logged in sucessfully this sets variables in the session
Session::completeLogin($owner);
$owner_dao->updateLastLogin($user_email);
$owner_dao->resetFailedLogins($user_email);
$owner_dao->clearAccountStatus($user_email);
$this->succeed("Logged in successfully.");
}
}
}
}
public function control()
{
if (isset($_GET['redirect'])) {
$this->redirectToThinkUpLLCEndpoint($page = null, $redirect = $_GET['redirect']);
} else {
$this->redirectToThinkUpLLCEndpoint();
}
$this->setPageTitle('Log in');
$this->setViewTemplate('session.login.tpl');
$this->view_mgr->addHelp('login', 'userguide/accounts/index');
$this->disableCaching();
// set var for open registration
$config = Config::getInstance();
$is_registration_open = $config->getValue('is_registration_open');
$this->addToView('is_registration_open', $is_registration_open);
// Set successful login redirect destination
if (isset($_GET['redirect'])) {
$this->addToView('redirect', $_GET['redirect']);
}
// If form has been submitted
if (isset($_POST['redirect'])) {
$this->addToView('redirect', $_POST['redirect']);
}
//don't show login form if already logged in
if ($this->isLoggedIn()) {
$controller = new InsightStreamController(true);
return $controller->go();
} else {
$owner_dao = DAOFactory::getDAO('OwnerDAO');
if (isset($_POST['Submit']) && $_POST['Submit'] == 'Log In' && isset($_POST['email']) && isset($_POST['pwd'])) {
if ($_POST['email'] == '' || $_POST['pwd'] == '') {
if ($_POST['email'] == '') {
$this->addErrorMessage("Email must not be empty");
return $this->generateView();
} else {
$this->addErrorMessage("Password must not be empty");
return $this->generateView();
}
} else {
$session = new Session();
$user_email = $_POST['email'];
if (get_magic_quotes_gpc()) {
$user_email = stripslashes($user_email);
}
$this->addToView('email', $user_email);
$owner = $owner_dao->getByEmail($user_email);
if (!$owner) {
$this->addErrorMessage("Hmm, that email seems wrong.");
return $this->generateView();
} elseif (!$owner->is_activated) {
$error_msg = 'Inactive account. ';
if ($owner->failed_logins == 0) {
$error_msg .= '<a href=\\"http://thinkup.com/docs/install/install.html#activate-your-account\\">' . 'You must activate your account.</a>';
} elseif ($owner->failed_logins == 10) {
$error_msg .= $owner->account_status . '. <a href=\\"forgot.php\\">Reset your password.</a>';
}
$disable_xss = true;
$this->addErrorMessage($error_msg, null, $disable_xss);
return $this->generateView();
// If the credentials supplied by the user are incorrect
} elseif (!$owner_dao->isOwnerAuthorized($user_email, $_POST['pwd'])) {
$error_msg = "Hmm, that password seems wrong.";
if ($owner->failed_logins == 9) {
// where 9 represents the 10th attempt!
$owner_dao->deactivateOwner($user_email);
$status = 'Account deactivated due to too many failed logins';
$owner_dao->setAccountStatus($user_email, $status);
$error_msg = 'Inactive account. ' . $status . '. <a href=\\"forgot.php\\">Reset your password.</a>';
}
$owner_dao->incrementFailedLogins($user_email);
$disable_xss = true;
$this->addErrorMessage($error_msg, null, $disable_xss);
return $this->generateView();
} else {
// user has logged in sucessfully this sets variables in the session
$session->completeLogin($owner);
$owner_dao->updateLastLogin($user_email);
$owner_dao->resetFailedLogins($user_email);
$owner_dao->clearAccountStatus($user_email);
if (isset($_POST['redirect']) && $_POST['redirect'] != '') {
$success_redir = $_POST['redirect'];
} else {
$success_redir = $config->getValue('site_root_path');
}
if (!$this->redirect($success_redir)) {
$controller = new InsightStreamController(true);
return $controller->go();
}
}
}
} else {
return $this->generateView();
}
}
}
public function testCompleteLoginAndIsLoggedInIsAdmin()
{
$val = array();
$val["id"] = 10;
$val["user_name"] = 'testuser';
$val["full_name"] = 'Test User';
$val['email'] = '*****@*****.**';
$val['last_login'] = '******';
$val["is_admin"] = 0;
$val["is_activated"] = 1;
$val["failed_logins"] = 0;
$val["account_status"] = '';
$val["timezone"] = 'America/New_York';
$val["joined"] = date('Y-m-d');
$val["api_key"] = '';
$val["api_key_private"] = '';
$val["email_notification_frequency"] = 'daily';
$val["membership_level"] = 0;
$owner = new Owner($val);
$session = new Session();
$session->completeLogin($owner);
$this->assertTrue(Session::isLoggedIn());
$this->assertFalse(Session::isAdmin());
$val = array();
$val["id"] = 11;
$val["user_name"] = 'testuser';
$val["full_name"] = 'Test User2';
$val['email'] = '*****@*****.**';
$val['last_login'] = '******';
$val["is_admin"] = 1;
$val["is_activated"] = 1;
$val["failed_logins"] = 0;
$val["account_status"] = '';
$val["timezone"] = 'America/New_York';
$val["joined"] = date('Y-m-d');
$val["api_key"] = '';
$val["api_key_private"] = '';
$val["email_notification_frequency"] = 'daily';
$val["membership_level"] = 0;
$owner = new Owner($val);
$session->completeLogin($owner);
$this->assertTrue(Session::isLoggedIn());
$this->assertTrue(Session::isAdmin());
$this->assertEqual(Session::getLoggedInUser(), '*****@*****.**');
}