/** * Simple check if given username/password are correct */ public function executeCheckLogin(sfWebRequest $request) { $email = trim($request->getParameter('email')); $password = trim($request->getParameter('password')); if ($email == '' || $password == '') { return $this->renderText('FAIL'); } $user = UserPeer::checkLogin($request->getParameter('email'), $request->getParameter('password')); return $this->renderText($user instanceof User ? 'OK' : 'FAIL'); }
/** * Action to check login credentials */ public function executeLoginCheck() { $connection = RaykuCommon::getDatabaseConnection(); $sEmail = trim($this->getRequestParameter('name')); $sPassword = trim($this->getRequestParameter('pass')); if ($sEmail == '' && $sPassword == '') { StatsD::increment("login.failure"); $this->redirect('login/index'); } //Check the user credentials $this->user = UserPeer::checkLogin($sEmail, $sPassword); if (!$this->user) { StatsD::increment("login.failure"); $_SESSION['loginErrorMsg'] = 'Your username or password was incorrect.'; } else { StatsD::increment("login.success"); } /** * @todo - check if we ever got a chance to hit this place with recaptch - it looks like no so either lets remove it or make it working */ if (isset($_SESSION['loginWrongPass']) && $_SESSION['loginWrongPass'] >= 5) { require_once $_SERVER['DOCUMENT_ROOT'] . '/recaptcha/recaptchalib.php'; // Get a key from https://www.google.com/recaptcha/admin/create $publickey = "6Lc_mscSAAAAAE0Bxon37XRl56V_l3Ba0sqib2Zm"; $privatekey = "6Lc_mscSAAAAAKG3YnU2l3uHYqcBDB6R31XlVTW8"; # the response from reCAPTCHA $resp = null; # the error code from reCAPTCHA, if any $error = null; # was there a reCAPTCHA response? $resp = recaptcha_check_answer($privatekey, $_SERVER["REMOTE_ADDR"], $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); if ($resp->is_valid) { $_SESSION['loginWrongPass'] = 0; $_SESSION['recaptchaError'] = ''; } else { # set the error code so that we can display it $_SESSION['recaptchaError'] = $resp->error; $this->user = false; } } if (!$this->user) { $this->msg = 'Your username or password was incorrect.'; /////incrementing session value plus one if the password is wrong $_SESSION['loginWrongPass'] = @$_SESSION['loginWrongPass'] + 1; if ($_SESSION['loginWrongPass'] >= 5) { $this->redirect("/login"); } return sfView::ERROR; } //If the user hasn't confirmed their account, display a message if ($this->user->isTypeUnconfirmed()) { $this->msg = 'You have not confirmed your account yet. Please go to your email inbox and click on the link in the confirmation email.'; return sfView::ERROR; } //If the user is banned, display a message if ($this->user->getHidden()) { $this->msg = 'You are currently banned.'; return sfView::ERROR; } $this->getUser()->signIn($this->user, $this->getRequestParameter('remember', false)); /** * Invisible in practice means "invisible until next login" * On each login this flag is set either to 0 or 1 * There is no possibility to change invisible status while being logged in */ $this->user->setInvisible($this->getRequestParameter('invisible', false)); $_SESSION[$this->user->getUsername()] = time(); $this->user->save(); $currentUser = $this->getUser()->getRaykuUser(); $userId = $currentUser->getId(); if (!empty($userId)) { mysql_query("delete from popup_close where user_id=" . $userId, $connection) or die(mysql_error()); mysql_query("delete from sendmessage where asker_id =" . $userId, $connection) or die(mysql_error()); mysql_query("delete from user_expert where checked_id=" . $userId, $connection) or die(mysql_error()); } if (isset($_SESSION['modelPopupOpen'])) { unset($_SESSION['modelPopupOpen']); if ($_SESSION['popup_session']) { unset($_SESSION['popup_session']); } } if ($this->getRequestParameter('referer') != 'http://' . RaykuCommon::getCurrentHttpDomain() . '/login') { if ($this->getRequestParameter('referer') != NULL) { return $this->redirect($this->getRequestParameter('referer')); } } else { return sfView::SUCCESS; } }