Пример #1
0
 /**
  * @param int  $user_id
  * @param bool $admin
  * @param bool $auto_login
  * @param bool $viewonline
  * @param string $class
  * @return \Symfony\Component\HttpFoundation\Response
  * @throws http_exception
  */
 public function submit($user_id, $admin, $auto_login, $viewonline, $class)
 {
     $this->user->add_lang_ext('paul999/tfa', 'common');
     if (!check_form_key('tfa_login_page')) {
         throw new http_exception(403, 'FORM_INVALID');
     }
     if (empty($this->user->data['tfa_random']) || $user_id != $this->user->data['tfa_uid']) {
         throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
     }
     $random = $this->request->variable('random', '');
     if ($this->user->data['tfa_random'] !== $random || strlen($random) !== 40) {
         throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
     }
     $sql_ary = array('tfa_random' => '', 'tfa_uid' => 0);
     $sql = 'UPDATE ' . SESSIONS_TABLE . ' SET ' . $this->db->sql_build_array('UPDATE', $sql_ary) . "\n\t\t\tWHERE\n\t\t\t\tsession_id = '" . $this->db->sql_escape($this->user->data['session_id']) . "' AND\n\t\t\t\tsession_user_id = '" . (int) $this->user->data['user_id'];
     $this->db->sql_query($sql);
     if (empty($class)) {
         throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
     }
     $module = $this->session_helper->findModule($class);
     if ($module == null) {
         throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
     }
     $redirect = $this->request->variable('redirect', "{$this->root_path}/index.{$this->php_ext}");
     try {
         if (!$module->login($user_id)) {
             $this->template->assign_var('S_ERROR', $this->user->lang('TFA_INCORRECT_KEY'));
             $this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect);
         }
     } catch (http_exception $ex) {
         if ($ex->getStatusCode() == 400) {
             $this->template->assign_var('S_ERROR', $ex->getMessage());
             $this->session_helper->generate_page($user_id, $admin, $auto_login, $viewonline, $redirect);
         }
     }
     $old_session_id = $this->user->session_id;
     if ($admin) {
         $cookie_expire = time() - 31536000;
         $this->user->set_cookie('u', '', $cookie_expire);
         $this->user->set_cookie('sid', '', $cookie_expire);
     }
     $result = $this->user->session_create($user_id, $admin, $auto_login, $viewonline);
     // Successful session creation
     if ($result === true) {
         // If admin re-authentication we remove the old session entry because a new one has been created...
         if ($admin) {
             // the login array is used because the user ids do not differ for re-authentication
             $sql = 'DELETE FROM ' . SESSIONS_TABLE . "\n\t\t\t\t\tWHERE session_id = '" . $this->db->sql_escape($old_session_id) . "'\n\t\t\t\t\tAND session_user_id = " . (int) $user_id;
             $this->db->sql_query($sql);
             redirect(append_sid("{$this->root_path}adm/index.{$this->php_ext}", false, true, $this->user->data['session_id']));
         }
         redirect(append_sid($redirect, false, true, $this->user->data['session_id']));
     }
     throw new http_exception(400, 'TFA_SOMETHING_WENT_WRONG');
 }