public function signIn($login_name, $password, $remember = false, $password_is_hashed = false)
{
c2cTools::log('in signin function from myUser class');
$return = false;
// we need to retrieve the stored hash for the correspondings user to:
// - the salt is stored there, needed for verifiying the password
// - allows us to check whether it is still an old hash, without salt
$upd = UserPrivateData::retrieveByLoginName($login_name);
if (!$upd) {
return false;
} else {
$userid = $upd->id;
$hash_tmp = $upd->password_tmp;
$hash = $upd->password;
}
if ($password_is_hashed) {
$user = $password === $hash ? sfDoctrine::getTable('User')->find($userid) : false;
} else {
$user = self::check_password($password, $hash) ? sfDoctrine::getTable('User')->find($userid) : false;
}
// maybe the user requested a new password, check if password_tmp is ok
if (!$user && !$password_is_hashed) {
// This block is not used when password is hashed. Indeed password is hashed only
// when performing an automatic signIn ("remember me").
// In that case, no temp password is used.
c2cTools::log('base login failed, start trying with password_temp');
// user not found, try with tmp password
$user = self::check_password($password, $hash_tmp) ? sfDoctrine::getTable('User')->find($userid) : false;
if ($user) {
c2cTools::log('user found, make temp password the new password');
// user used his tmp password
$user_private_data = $user->get('private_data');
// set password to tmp password
$user_private_data->set('password', $password);
// delete tmp password
$user_private_data->set('password_tmp', null);
$user->save();
}
}
if ($user) {
c2cTools::log('user found, continue to test if active');
if ($user->isActive()) {
c2cTools::log('user is active');
$user_id = $user->get('id');
// if we went there with the old hash algorithm (simple hash, no salt),
// then update the db with so that we use the new algorithm next time
if (!$password_is_hashed && password_needs_rehash($hash, PASSWORD_DEFAULT)) {
c2cTools::log('upgrading user to new hash algorithm');
$conn = sfDoctrine::Connection();
try {
$user_private_data = UserPrivateData::find($user_id);
$user_private_data->setPassword($password);
$user_private_data->save();
$conn->commit();
} catch (Exception $e) {
$conn->rollback();
c2cTools::log('could not upgrade user to new hash algorithm');
}
$hash = $user_private_data->getPassword();
}
$user_culture = $user->get('private_data')->getPreferedCulture();
// when user signs-in it confirms his signup
if ($user->isConfirmationPending()) {
c2cTools::log('remove user from pending group');
$user->removeFromGroup('pending');
}
// login punbb
if ($password_is_hashed) {
Punbb::signIn($user_id, $password);
} else {
Punbb::signIn($user_id, $hash);
}
c2cTools::log('logged in punbb');
// remember?
if ($remember) {
c2cTools::log('remember me requested / or renew');
$context = sfContext::getInstance();
$remember_cookie = sfConfig::get('app_remember_key_cookie_name', 'c2corg_remember');
$key = RememberKey::generateRandomKey();
// if remember_cookie was set in the request, it means that we are renewing it
$remember_key = $context->getRequest()->getCookie($remember_cookie);
if ($remember_key) {
RememberKey::renewKey($remember_key, $key);
} else {
$rk = new RememberKey();
$rk->set('remember_key', $key);
$rk->set('user', $user);
$rk->set('ip_address', isset($_SERVER['HTTP_X_ORIGIN_IP']) ? $_SERVER['HTTP_X_ORIGIN_IP'] : $_SERVER['REMOTE_ADDR']);
// TODO remove obsolete field
$rk->save();
}
// TODO : move remove old keys in a batch
// remove old keys
RememberKey::deleteOldKeys();
// make key as a cookie
$expiration_age = sfConfig::get('app_remember_key_expiration_age', 30 * 24 * 3600);
$context->getResponse()->setCookie($remember_cookie, $key, time() + $expiration_age, '/', '', false, true);
} else {
// user is authenticated but has not checked "remember me" option
// let's add a cookie to indicate his/her session should not be reset while his/her browser is open
sfContext::getInstance()->getResponse()->setCookie('temp_remember', 1);
}
c2cTools::log('add some information in user session');
// give credentials
$this->addCredentials($user->getAllPermissionNames());
// login session symfony
$this->setAttribute('username', $user->get('private_data')->get('topo_name'));
$this->setAttribute('id', $user_id);
// set the prefered language for user session
// and the list of languages ordered by preference
$this->saveLanguageListInSession($user->get('private_data')->getDocumentCulture());
// set logged
$this->setAuthenticated(true);
$return = true;
// change language session if needed
if ($this->getCulture() != $user_culture) {
$this->setCulture($user_culture);
}
// be sure to update punbb language cookie
Punbb::setLanguage($user_culture);
// Restore pref cookies
c2cPersonalization::restorePrefCookies($user_id);
}
}
return $return;
}
