/** * Logs a user in, using the local Craft user-base if possible, or falling back to legacy user-base data. * * @param string $username The user’s username. * @param string $password The user’s submitted password. * @param bool $rememberMe Whether the user should be remembered. * * @throws Exception * @return bool Whether the user was logged in successfully. */ public function login($username, $password, $rememberMe = false) { // First, try logging in a native User. $nativeSuccess = craft()->userSession->login($username, $password, $rememberMe); if ($nativeSuccess === true) { return LegacyLoginPlugin::NativeUserType; } // Okay, we'll try to match and validate a legacy user... // First, validate the provided username/password. $usernameModel = new UsernameModel(['username' => $username]); $passwordModel = new PasswordModel(['password' => $password]); if (!$usernameModel->validate() || !$passwordModel->validate()) { LegacyLoginPlugin::log($username . ' tried to log in unsuccessfully, but there was a validation issue with the username or password.', LogLevel::Warning); return false; } // Okay, we have a valid username and password... Can we authenticate a legacy user? $allowedServices = craft()->config->get('allowedServices', 'legacylogin'); // Bail if we're mis-configured if (!is_array($allowedServices)) { return false; } // Try each service in sequence... foreach ($allowedServices as $service) { switch ($service) { case LegacyLoginPlugin::BigCommerceLegacyUserType: if (LegacyLogin_BigCommerceHelper::login($username, $password, $rememberMe)) { return LegacyLoginPlugin::BigCommerceLegacyUserType; } break; case LegacyLoginPlugin::EE2LegacyUserType: if (LegacyLogin_Ee2Helper::login($username, $password, $rememberMe)) { return LegacyLoginPlugin::EE2LegacyUserType; } break; case LegacyLoginPlugin::WellspringLegacyUserType: if (LegacyLogin_WellspringHelper::login($username, $password, $rememberMe)) { return LegacyLoginPlugin::WellspringLegacyUserType; } break; case LegacyLoginPlugin::WordPressLegacyUserType: if (LegacyLogin_WordPressHelper::login($username, $password, $rememberMe)) { return LegacyLoginPlugin::WordPressLegacyUserType; } break; } } // Alas, it just wasn't meant to be. LegacyLoginPlugin::log($username . ' could not be authenticated as a legacy user.', LogLevel::Warning); return false; }
/** * Logs a user in. * * If $rememberMe is set to `true`, the user will be logged in for the duration specified by the * [rememberedUserSessionDuration](http://craftcms.com/docs/config-settings#rememberedUserSessionDuration) * config setting. Otherwise it will last for the duration specified by the * [userSessionDuration](http://craftcms.com/docs/config-settings#userSessionDuration) * config setting. * * @param string $username The user’s username. * @param string $password The user’s submitted password. * @param bool $rememberMe Whether the user should be remembered. * * @throws Exception * @return bool Whether the user was logged in successfully. */ public function login($username, $password, $rememberMe = false) { // Require a userAgent string and an IP address to help prevent direct socket connections from trying to login. if (!craft()->request->userAgent || !$_SERVER['REMOTE_ADDR']) { Craft::log('Someone tried to login with loginName: ' . $username . ', without presenting an IP address or userAgent string.', LogLevel::Warning); $this->logout(true); $this->requireLogin(); } // Validate the username/password first. $usernameModel = new UsernameModel(); $passwordModel = new PasswordModel(); $usernameModel->username = $username; $passwordModel->password = $password; // Validate the models. if ($usernameModel->validate() && $passwordModel->validate()) { $this->_identity = new UserIdentity($username, $password); // Did we authenticate? if ($this->_identity->authenticate()) { return $this->loginByUserId($this->_identity->getUserModel()->id, $rememberMe, true); } } Craft::log($username . ' tried to log in unsuccessfully.', LogLevel::Warning); return false; }
/** * Logs a user in. * * If $rememberMe is set to `true`, the user will be logged in for the duration specified by the * [rememberedUserSessionDuration](http://buildwithcraft.com/docs/config-settings#rememberedUserSessionDuration) * config setting. Otherwise it will last for the duration specified by the * [userSessionDuration](http://buildwithcraft.com/docs/config-settings#userSessionDuration) * config setting. * * @param string $username The user’s username. * @param string $password The user’s submitted password. * @param bool $rememberMe Whether the user should be remembered. * * @throws Exception * @return bool Whether the user was logged in successfully. */ public function login($username, $password, $rememberMe = false) { // Validate the username/password first. $usernameModel = new UsernameModel(); $passwordModel = new PasswordModel(); $usernameModel->username = $username; $passwordModel->password = $password; // Require a userAgent string and an IP address to help prevent direct socket connections from trying to login. if (!craft()->request->userAgent || !$_SERVER['REMOTE_ADDR']) { Craft::log('Someone tried to login with loginName: ' . $username . ', without presenting an IP address or userAgent string.', LogLevel::Warning); $this->logout(true); $this->requireLogin(); } // Validate the model. if ($usernameModel->validate() && $passwordModel->validate()) { // Authenticate the credentials. $this->_identity = new UserIdentity($username, $password); $this->_identity->authenticate(); // Was the login successful? if ($this->_identity->errorCode == UserIdentity::ERROR_NONE) { // See if the 'rememberUsernameDuration' config item is set. If so, save the name to a cookie. $rememberUsernameDuration = craft()->config->get('rememberUsernameDuration'); if ($rememberUsernameDuration) { $this->saveCookie('username', $username, DateTimeHelper::timeFormatToSeconds($rememberUsernameDuration)); } else { // Just in case... $this->deleteStateCookie('username'); } // Get how long this session is supposed to last. $this->authTimeout = craft()->config->getUserSessionDuration($rememberMe); $id = $this->_identity->getId(); $states = $this->_identity->getPersistentStates(); // Fire an 'onBeforeLogin' event $this->onBeforeLogin(new Event($this, array('username' => $usernameModel->username))); // Run any before login logic. if ($this->beforeLogin($id, $states, false)) { $this->changeIdentity($id, $this->_identity->getName(), $states); // Fire an 'onLogin' event $this->onLogin(new Event($this, array('username' => $usernameModel->username))); if ($this->authTimeout) { if ($this->allowAutoLogin) { $user = craft()->users->getUserById($id); if ($user) { // Save the necessary info to the identity cookie. $sessionToken = StringHelper::UUID(); $hashedToken = craft()->security->hashData(base64_encode(serialize($sessionToken))); $uid = craft()->users->handleSuccessfulLogin($user, $hashedToken); $data = array($this->getName(), $sessionToken, $uid, $rememberMe ? 1 : 0, craft()->request->getUserAgent(), $this->saveIdentityStates()); $this->_identityCookie = $this->saveCookie('', $data, $this->authTimeout); } else { throw new Exception(Craft::t('Could not find a user with Id of {userId}.', array('{userId}' => $this->getId()))); } } else { throw new Exception(Craft::t('{class}.allowAutoLogin must be set true in order to use cookie-based authentication.', array('{class}' => get_class($this)))); } } $this->_sessionRestoredFromCookie = false; $this->_userRow = null; // Run any after login logic. $this->afterLogin(false); } return !$this->getIsGuest(); } } Craft::log($username . ' tried to log in unsuccessfully.', LogLevel::Warning); return false; }