/** * This is called when an interactive authentication attempt succeeds. This * is called by authentication listeners inheriting from AbstractAuthenticationListener. * @param Request $request * @param TokenInterface $token * @return Response The response to return */ public function onAuthenticationSuccess(Request $request, TokenInterface $token) { $user = $token->getUser(); // This should actually be handle by the AuthenticationFailedHandler if (!$user->isAdmin()) { // can't go into admin $request->getSession()->set(SecurityContextInterface::AUTHENTICATION_ERROR, new AuthenticationException('User is not an admin.')); return $this->httpUtils->createRedirectResponse($request, 'admin_login'); } \LoginAttempts::DeleteOldLoginAttempts(); \LoginAttempts::ClearLoginAttemptsForIp(); $zendAuth = \Zend_Auth::getInstance(); $this->authAdapter->setUsername($user->getUsername())->setPassword($request->request->get('_password'))->setAdmin(true); $zendAuth->authenticate($this->authAdapter); $OAuthtoken = $this->userService->loginUser($user, 'oauth_authorize'); $session = $request->getSession(); $session->set('_security_oauth_authorize', serialize($OAuthtoken)); $frontendToken = $this->userService->loginUser($user, 'frontend_area'); $session = $request->getSession(); $session->set('_security_frontend_area', serialize($frontendToken)); \Article::UnlockByUser($user->getId()); $request->setLocale($request->request->get('login_language')); $this->setNoCacheCookie($request); $user->setLastLogin(new \DateTime()); $this->em->flush(); if ($request->get('ajax') === 'true') { // close popup with login. return new Response("<script type=\"text/javascript\">window.parent.g_security_token = '" . \SecurityToken::GetToken() . "';window.parent.\$(window.parent.document.body).data('loginDialog').dialog('close');window.parent.setSecurityToken(window.parent.g_security_token);</script>"); } return parent::onAuthenticationSuccess($request, $token); }
public function loginAction(Request $request) { $em = $this->container->get('em'); if ($request->attributes->has(SecurityContext::AUTHENTICATION_ERROR)) { $error = $request->attributes->get(SecurityContext::AUTHENTICATION_ERROR); } else { $error = $request->getSession()->get(SecurityContext::AUTHENTICATION_ERROR); } $languages = $em->getRepository('Newscoop\\Entity\\Language')->getLanguages(); \LoginAttempts::DeleteOldLoginAttempts(); return $this->render('NewscoopNewscoopBundle:Security:login.html.twig', array('last_username' => $request->getSession()->get(SecurityContext::LAST_USERNAME), 'error' => $error, 'languages' => $languages, 'defaultLanguage' => $this->getDefaultLanguage($request, $languages), 'maxLoginAttemptsExceeded' => \LoginAttempts::MaxLoginAttemptsExceeded())); }
$requestIsPost = !empty($tmp['post']); unset($tmp); } // token $key = md5(rand(0, (double)microtime()*1000000)).md5(rand(0,1000000)); camp_session_set('xorkey', $key); // Delete any cookies they currently have. setcookie("LoginUserId", "", time() - 86400); setcookie("LoginUserKey", "", time() - 86400); // This can be "userpass", "captcha", "upgrade" $error_code = isset($_REQUEST['error_code']) ? $_REQUEST['error_code'] : ''; $f_user_name = isset($_REQUEST['f_user_name']) ? $_REQUEST['f_user_name'] : ''; LoginAttempts::DeleteOldLoginAttempts(); // Special case for the login screen: // We have to figure out what language to use. // If they havent logged in before, we should try to display the // language as set by the browser. If the user has logged in before, // use the language that they previously used. $defaultLanguage = null; if (isset($_REQUEST['TOL_Language'])) { $defaultLanguage = $_REQUEST['TOL_Language']; } elseif (isset($_COOKIE['TOL_Language'])) { $defaultLanguage = $_COOKIE['TOL_Language']; } else { // Get the browser languages $browserLanguageStr = isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : ''; $browserLanguageArray = preg_split("/[,;]/", $browserLanguageStr);