// ------------------------------ // Check if group needs whitelist $groupId = $user['group']; $directusGroupsTableGateway = new DirectusGroupsTableGateway($acl, $ZendDb); $group = $directusGroupsTableGateway->find($groupId); if (1 == $group['restrict_to_ip_whitelist']) { $directusIPWhitelist = new DirectusIPWhitelist($acl, $ZendDb); if (!$directusIPWhitelist->hasIP($_SERVER['REMOTE_ADDR'])) { return JsonView::render(array('message' => 'Request not allowed from IP address', 'success' => false, 'all_nonces' => $requestNonceProvider->getAllNonces())); } } if (!$user) { return JsonView::render($response); } // @todo: Login should fail on correct information when user is not active. $response['success'] = Auth::login($user['id'], $user['password'], $user['salt'], $password); // When the credentials are correct but the user is Inactive $userHasStatusColumn = array_key_exists(STATUS_COLUMN_NAME, $user); $isUserActive = false; if ($userHasStatusColumn && $user[STATUS_COLUMN_NAME] == STATUS_ACTIVE_NUM) { $isUserActive = true; } if ($response['success'] && !$isUserActive) { Auth::logout(); $response['success'] = false; $response['message'] = 'You do not have access to this system'; return JsonView::render($response); } if ($response['success']) { unset($response['message']); $response['last_page'] = json_decode($user['last_page']);