private function doLogIn() { if (!AntiForgeryToken::getInstance()->validate()) { return Response::fiveHundred(); } if (!Honeypot::getInstance()->validate()) { return Response::fiveHundred(); } $hookEngine = HookEngine::getInstance(); $hookEngine->runAction('userIsLoggingIn'); $user = CurrentUser::getUserSession(); if ($user->isLoggedIn()) { return Response::redirect(new Link("")); } $username = Request::getPostParameter("username"); $password = Request::getPostParameter("password"); if (!$username) { return $this->showErrorMessage(); } if (!$password) { return $this->showErrorMessage(); } $lockoutEngine = LockoutEngine::getInstance(); if ($lockoutEngine->isLockedOut($_SERVER['REMOTE_ADDR'])) { return Response::redirect(new Link("users/login")); } $logger = Logger::getInstance(); $username = preg_replace('/\\s+/', '', strip_tags($username)); if (!$user->logIn($username, $password)) { $logger->logIt(new LogEntry(0, logEntryType::warning, 'Someone failed to log into ' . $username . '\'s account from IP:' . $_SERVER['REMOTE_ADDR'], 0, new DateTime())); return $this->showErrorMessage(); } $user = CurrentUser::getUserSession(); $logger->logIt(new LogEntry(0, logEntryType::info, 'A new session was opened for ' . $user->getFullName() . ', who has an IP of ' . $_SERVER['REMOTE_ADDR'] . '.', $user->getUserID(), new DateTime())); $hookEngine->runAction('userLoggedIn'); return Response::redirect(new Link("")); }
public function Honeypot() { return Honeypot::getInstance(); }
private function secondStepPost($inParam2) { if (!$this->request->isPostRequest()) { $this->response = Response::fourOhFour(); return; } if (!AntiForgeryToken::getInstance()->validate()) { $this->response = Response::fiveHundred(); return; } if (!Honeypot::getInstance()->validate()) { $this->response = Response::fiveHundred(); return; } $token = Request::getPostParameter('token'); $email = Request::getPostParameter('email'); $newPassword = Request::getPostParameter('newPassword'); $confirmNewPassword = Request::getPostParameter('confirmNewPassword'); if ($token === false) { $this->response = Response::fiveHundred(); return; } if ($email === false) { $this->response = Response::fiveHundred(); return; } if ($newPassword === false) { $this->response = Response::fiveHundred(); return; } if ($confirmNewPassword === false) { $this->response = Response::fiveHundred(); return; } $token = preg_replace('/\\s+/', '', strip_tags($token)); if ($inParam2 !== $token) { $this->response = Response::fiveHundred(); return; } $forgotPasswordEngine = ForgotPasswordEngine::getInstance(); $forgotPassword1 = $forgotPasswordEngine->getForgotPasswordByToken($token); if ($forgotPassword1 === false) { $this->response = Response::fiveHundred(); return; } if (!$forgotPasswordEngine->forgotPasswordIsOfValidAge($forgotPassword1)) { $this->response = Response::fourOhFour(); return; } $username = preg_replace('/\\s+/', '', strip_tags($email)); $validator = new emailValidator(); if (!$validator->validate($username)) { $this->showErrorMessageForForgotPasswordIdentity(); $this->redirectOnError($inParam2); return; } $user = UserEngine::getInstance()->getUserByEmail($username); if ($user === false) { $this->showErrorMessageForForgotPasswordIdentity(); $this->redirectOnError($inParam2); return; } $forgotPassword2 = $forgotPasswordEngine->getForgotPasswordByUserID($user->getUserID()); if ($forgotPassword2 === false) { $this->showErrorMessageForForgotPasswordIdentity(); $this->redirectOnError($inParam2); return; } if (!$forgotPasswordEngine->forgotPasswordIsOfValidAge($forgotPassword2)) { $this->showErrorMessageForForgotPasswordIdentity(); $this->redirectOnError($inParam2); return; } if ($forgotPassword1->getID() !== $forgotPassword2->getID()) { $this->showErrorMessageForForgotPasswordIdentity(); $this->redirectOnError($inParam2); return; } if (!$forgotPassword1->verify($forgotPassword2->getToken(), $forgotPassword2->getUserID())) { $this->showErrorMessageForForgotPasswordIdentity(); $this->redirectOnError($inParam2); return; } if (!$forgotPassword2->verify($forgotPassword1->getToken(), $forgotPassword1->getUserID())) { $this->showErrorMessageForForgotPasswordIdentity(); $this->redirectOnError($inParam2); return; } $minimumPasswordLength = $forgotPasswordEngine->getMinimumPasswordLength(); if ($newPassword !== $confirmNewPassword) { $this->showErrorMessageForForgotPasswordNonMatch($minimumPasswordLength); $this->redirectOnError($inParam2); return; } if (!$forgotPasswordEngine->resetUsersPassword($forgotPassword1->getToken(), $forgotPassword2->getUserID(), $newPassword, $confirmNewPassword)) { $this->showErrorMessageForForgotPasswordNonMatch($minimumPasswordLength); $this->redirectOnError($inParam2); return; } $forgotPasswordEngine->removeForgotPassword($forgotPassword1); $this->showSuccessMessageForForgotPasswordChange(); $this->response = Response::redirect(new Link("users/login")); }