public function saveModel()
{
if ($this->scenario == 'insert') {
$hash = password_hash($this->password_entered, PASSWORD_BCRYPT, array('cost' => 10));
$this->password_hash = $hash;
$dt = new DateTime();
$this->date_reg = $dt->format(AuthCommon::getParam('dateFormat'));
$ip = AuthCommon::getUserIp();
$this->ip_endorsed = $ip;
} elseif ($this->scenario == 'update' || $this->scenario == 'passRestore') {
if (!empty($this->password_entered)) {
$hash = password_hash($this->password_entered, PASSWORD_BCRYPT, array('cost' => 10));
$this->password_hash = $hash;
}
} elseif ($this->scenario == 'activation') {
$this->activated = true;
}
$scenario = $this->scenario;
if (!$this->save()) {
yii::app()->user->setFlash('error', CHtml::errorSummary($this));
return false;
}
//add default subscriptions
if ($scenario == 'activation') {
Helpers::setUserDefaultParameters($this->id);
}
//send message to Admin about changes
if ($scenario != 'extServiceLogin' && $scenario != 'setLastLogin') {
$result = AuthCommon::notifyAdminAboutUser($this, $scenario);
}
return true;
}
/**
* Authenticates a user.
* The example implementation makes sure if the username and password
* are both 'demo'.
* In practical applications, this should be changed to authenticate
* against some persistent user identity storage (e.g. database).
* @return boolean whether authentication succeeds.
*/
public function authenticate($isExtServiceLogin = false)
{
$ip = AuthCommon::getUserIp();
$timeZoneLabel = AuthCommon::getParam('timeZoneLabel');
$dateFormat = AuthCommon::getParam('dateFormat');
if (!empty($ip)) {
$result = $this->checkIpBlocked($ip);
if ($result != null) {
$this->errorCode = self::ERROR_UNKNOWN_IDENTITY;
yii::app()->user->setFlash('error', sprintf(Yii::t('AuthModule.main', 'Your IP address has been blocked'), $ip, $result, $timeZoneLabel));
return false;
}
}
$modelUser = Users::model()->getByUsername($this->username);
if (empty($modelUser)) {
$this->errorCode = self::ERROR_UNKNOWN_IDENTITY;
$this->saveUnsuccessfulIpAttempt($ip, $this->username);
Yii::app()->user->setFlash('error', Yii::t('AuthModule.main', 'Inrorrect login or password'));
return false;
}
if (!$modelUser->activated) {
$this->errorCode = self::ERROR_UNKNOWN_IDENTITY;
Yii::app()->user->setFlash('error', sprintf(Yii::t('AuthModule.main', 'User not activated'), $modelUser->username));
return false;
}
if ($modelUser->blocked) {
//blocked by admin
$this->errorCode = self::ERROR_UNKNOWN_IDENTITY;
Yii::app()->user->setFlash('error', sprintf(Yii::t('AuthModule.main', 'User has been blocked'), $modelUser->username));
return false;
}
if ($modelUser->deleted) {
$this->errorCode = self::ERROR_UNKNOWN_IDENTITY;
Yii::app()->user->setFlash('error', sprintf(Yii::t('AuthModule.main', 'User has been deleted'), $modelUser->username));
return false;
}
$result = $this->checkUserBlocked($modelUser);
if ($result != null) {
$this->errorCode = self::ERROR_UNKNOWN_IDENTITY;
Yii::app()->user->setFlash('error', sprintf(Yii::t('AuthModule.main', 'User has been blocked until'), $result));
return false;
}
if (!$isExtServiceLogin) {
$password_hash = $modelUser->password_hash;
$pass = $this->password;
if (!password_verify($pass, $password_hash)) {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
$result = $this->saveUnsuccessfulIpAttempt($ip, $modelUser->username);
if ($result != null) {
Yii::app()->user->setFlash('error', sprintf(Yii::t('AuthModule.main', 'Too much login attempts from IP'), $ip, $result->format($dateFormat), $timeZoneLabel));
return;
}
$result = $this->saveUnsuccessfulUserAttempt($modelUser);
if ($result != null) {
Yii::app()->user->setFlash('error', sprintf(Yii::t('AuthModule.main', 'Too much login attempts from user'), $modelUser->username, $result->format($dateFormat), $timeZoneLabel));
return;
}
Yii::app()->user->setFlash('error', Yii::t('AuthModule.main', 'Login failed'));
return false;
}
}
//login OK
$this->errorCode = self::ERROR_NONE;
$this->_id = $modelUser->id;
$this->saveSuccessfulUserAttemt($modelUser);
$this->saveSuccessfulIpAttemt($ip);
// Generate a login token and save it in the DB
$dt = new DateTime();
$modelUser->date_lastlogin = $dt->format($dateFormat);
$modelUser->setScenario('setLastLogin');
$modelUser->logintoken = sha1(uniqid(mt_rand(), true));
if ($modelUser->save()) {
//the login token is saved as a state
$this->setState(self::LOGIN_TOKEN, $modelUser->logintoken);
} else {
yii::app()->user->setFlash('error', CHtml::errorSummary($modelUser));
}
$this->setState('username', $modelUser->username);
$this->setState('fullname', $modelUser->full_name);
return true;
}
private function getUserByServiceProfile($serviceProfile, $service)
{
//check if user exist in database
$serviceUserId = $serviceProfile->identifier;
$serviceUserEmail = $serviceProfile->emailVerified;
//define service username
if (array_key_exists('username', $serviceProfile) && !empty($serviceProfile->username)) {
$serviceUsername = $serviceProfile->username;
} else {
$serviceUsername = $serviceProfile->firstName . '' . $serviceProfile->lastName;
}
$dt = new DateTime();
$currentDateString = $dt->format(AuthCommon::getParam('dateFormat'));
$ExtAccount = ExtAccounts::model()->getUserByServiceIndentifier($service, $serviceUserId);
if ($ExtAccount == null) {
//create external account
$ExtAccount = new ExtAccounts();
$ExtAccount->date_connected = $currentDateString;
$ExtAccount->provider_name = $service;
//check user in database by email
if (!empty($serviceUserEmail)) {
$siteUser = Users::model()->getByEmail($serviceUserEmail);
} else {
//no external email, so we try to find by existing non manually created users
//$isCreatedManually=false;
//$siteUser=Users::model()->getByUsername($serviceUsername, $isCreatedManually);
$accountName = Yii::t('userProfile', $service);
throw new CHttpException(404, 'Нет адреса электронной почты в учетной записи ' . $accountName);
}
} else {
//serivce found in database
$userId = $ExtAccount->user_id;
$siteUser = Users::model()->findByPk($userId);
}
if ($siteUser == null) {
//create database user
$siteUser = new Users();
$siteUser->created_manually = false;
$siteUser->date_reg = $currentDateString;
$siteUser->activated = true;
//do not need activation by email
$siteUser->ip_endorsed = AuthCommon::getUserIp();
$userContemporary = new UsersComplementary();
} else {
//update database user
$userContemporary = UsersComplementary::model()->getByUserById($siteUser->id);
}
if ($userContemporary == null) {
$userContemporary = new UsersComplementary();
}
$isNewUserContemporary = $userContemporary == null;
$siteUser->scenario = 'extServiceLogin';
$siteUser->date_lastlogin = $currentDateString;
if (!$siteUser->created_manually) {
//update user data if it is not created manually
$siteUser->username = $serviceUsername;
$siteUser->full_name = $serviceProfile->firstName . ' ' . $serviceProfile->lastName;
if (empty($siteUser->email)) {
$siteUser->email = $serviceUserEmail;
}
$siteUser->comments = 'Updated from ' . ucwords($service);
}
if ($siteUser->saveModel() === false) {
throw new CHttpException(404, CHtml::errorSummary($siteUser));
}
if ($isNewUserContemporary || !$siteUser->created_manually) {
$userContemporary->scenario = 'extServiceLogin';
$userContemporary->user_id = $siteUser->id;
$userContemporary->city = $serviceProfile->city;
$userContemporary->country = $serviceProfile->country;
$userContemporary->picture_url = $serviceProfile->photoURL;
$userContemporary->language = $serviceProfile->language;
$userContemporary->comments = 'Updated from ' . ucwords($service);
if ($userContemporary->saveModel() === false) {
throw new CHttpException(404, CHtml::errorSummary($userContemporary));
}
}
//fill service user data
$ExtAccount->user_id = $siteUser->id;
$ExtAccount->connected = true;
$ExtAccount->service_user_email = $serviceUserEmail;
$ExtAccount->service_user_id = $serviceUserId;
if ($ExtAccount->saveModel() === false) {
throw new CHttpException(404, CHtml::errorSummary($ExtAccount));
}
return $siteUser;
}
