/** * Returns the logged in user, or default user if not logged in * * @param TBGRequest $request * @param TBGAction $action * * @return TBGUser */ public static function loginCheck(TBGRequest $request, TBGAction $action) { try { $authentication_method = $action->getAuthenticationMethodForAction(TBGContext::getRouting()->getCurrentRouteAction()); $user = null; $external = false; switch ($authentication_method) { case TBGAction::AUTHENTICATION_METHOD_ELEVATED: case TBGAction::AUTHENTICATION_METHOD_CORE: $username = $request['tbg3_username']; $password = $request['tbg3_password']; if ($authentication_method == TBGAction::AUTHENTICATION_METHOD_ELEVATED) { $elevated_password = $request['tbg3_elevated_password']; } $raw = true; // If no username and password specified, check if we have a session that exists already if ($username === null && $password === null) { if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) { $username = TBGContext::getRequest()->getCookie('tbg3_username'); $password = TBGContext::getRequest()->getCookie('tbg3_password'); $user = TBGUsersTable::getTable()->getByUsername($username); if ($authentication_method == TBGAction::AUTHENTICATION_METHOD_ELEVATED) { $elevated_password = TBGContext::getRequest()->getCookie('tbg3_elevated_password'); if ($user instanceof TBGUser && !$user->hasPasswordHash($password)) { $user = null; } else { if ($user instanceof TBGUser && !$user->hasPasswordHash($elevated_password)) { TBGContext::setUser($user); TBGContext::getRouting()->setCurrentRouteName('elevated_login_page'); throw new TBGElevatedLoginException('reenter'); } } } else { if ($user instanceof TBGUser && !$user->hasPasswordHash($password)) { $user = null; } } $raw = false; if (!$user instanceof TBGUser) { TBGContext::logout(); throw new Exception('No such login'); } } } // If we have authentication details, validate them if (TBGSettings::isUsingExternalAuthenticationBackend() && $username !== null && $password !== null) { $external = true; TBGLogging::log('Authenticating with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO); try { $mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend()); if ($mod->getType() !== TBGModule::MODULE_AUTH) { TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL); } if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) { $user = $mod->verifyLogin($username, $password); } else { $user = $mod->doLogin($username, $password); } if (!$user instanceof TBGUser) { // Invalid TBGContext::logout(); throw new Exception('No such login'); //TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login')); } } catch (Exception $e) { throw $e; } } elseif (TBGSettings::isUsingExternalAuthenticationBackend()) { $external = true; TBGLogging::log('Authenticating without credentials with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO); try { $mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend()); if ($mod->getType() !== TBGModule::MODULE_AUTH) { TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL); } $user = $mod->doAutoLogin(); if ($user == false) { // Invalid TBGContext::logout(); throw new Exception('No such login'); //TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login')); } } catch (Exception $e) { throw $e; } } elseif ($username !== null && $password !== null && !$user instanceof TBGUser) { $external = false; TBGLogging::log('Using internal authentication', 'auth', TBGLogging::LEVEL_INFO); $user = TBGUsersTable::getTable()->getByUsername($username); if (!$user->hasPassword($password)) { $user = null; } if (!$user instanceof TBGUser) { TBGContext::logout(); } } break; case TBGAction::AUTHENTICATION_METHOD_DUMMY: $user = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID()); break; case TBGAction::AUTHENTICATION_METHOD_CLI: $user = TBGUsersTable::getTable()->getByUsername(TBGContext::getCurrentCLIusername()); break; case TBGAction::AUTHENTICATION_METHOD_RSS_KEY: $user = TBGUsersTable::getTable()->getByRssKey($request['rsskey']); break; case TBGAction::AUTHENTICATION_METHOD_APPLICATION_PASSWORD: $user = TBGUsersTable::getTable()->getByUsername($request['api_username']); if (!$user->authenticateApplicationPassword($request['api_token'])) { $user = null; } break; default: if (!TBGSettings::isLoginRequired()) { $user = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID()); } } if ($user instanceof TBGUser) { if (!$user->isActivated()) { throw new Exception('This account has not been activated yet'); } elseif (!$user->isEnabled()) { throw new Exception('This account has been suspended'); } elseif (!$user->isConfirmedMemberOfScope(TBGContext::getScope())) { if (!TBGSettings::isRegistrationAllowed()) { throw new Exception('This account does not have access to this scope'); } } if ($external == false && $authentication_method == TBGAction::AUTHENTICATION_METHOD_CORE) { $password = $user->getHashPassword(); if (!$request->hasCookie('tbg3_username')) { if ($request->getParameter('tbg3_rememberme')) { TBGContext::getResponse()->setCookie('tbg3_username', $user->getUsername()); TBGContext::getResponse()->setCookie('tbg3_password', $user->getPassword()); } else { TBGContext::getResponse()->setSessionCookie('tbg3_username', $user->getUsername()); TBGContext::getResponse()->setSessionCookie('tbg3_password', $user->getPassword()); } } } } elseif (TBGSettings::isLoginRequired()) { throw new Exception('Login required'); } else { throw new Exception('No such login'); } } catch (Exception $e) { throw $e; } return $user; }
disabled<?php } ?> > <option value=1<?php if (TBGSettings::isLoginRequired()) { ?> selected<?php } ?> ><?php echo __('You need a valid user account to access any content'); ?> </option> <option value=0<?php if (!TBGSettings::isLoginRequired()) { ?> selected<?php } ?> ><?php echo __('Use the guest user account'); ?> </option> </select> </td> </tr> <tr> <td><label for="defaultisguest"><?php echo __('Guest user is authenticated'); ?>
/** * Returns the logged in user, or default user if not logged in * * @param string $uname * @param string $upwd * * @return TBGUser */ public static function loginCheck($username = null, $password = null) { try { $row = null; // If no username and password specified, check if we have a session that exists already if ($username === null && $password === null) { if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) { $username = TBGContext::getRequest()->getCookie('tbg3_username'); $password = TBGContext::getRequest()->getCookie('tbg3_password'); $row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, $password); if (!$row) { TBGContext::getResponse()->deleteCookie('tbg3_username'); TBGContext::getResponse()->deleteCookie('tbg3_password'); throw new Exception('No such login'); //TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login')); } } } // If we have authentication details, validate them if (TBGSettings::getAuthenticationBackend() !== null && TBGSettings::getAuthenticationBackend() !== 'tbg' && $username !== null && $password !== null) { TBGLogging::log('Authenticating with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO); try { $mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend()); if ($mod->getType() !== TBGModule::MODULE_AUTH) { TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL); throw new Exception('Invalid module type'); } if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) { $row = $mod->verifyLogin($username, $password); } else { $row = $mod->doLogin($username, $password); } if (!$row) { // Invalid TBGContext::getResponse()->deleteCookie('tbg3_username'); TBGContext::getResponse()->deleteCookie('tbg3_password'); throw new Exception('No such login'); //TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login')); } } catch (Exception $e) { throw $e; } } elseif ($username !== null && $password !== null) { TBGLogging::log('Using internal authentication', 'auth', TBGLogging::LEVEL_INFO); // First test a pre-encrypted password $row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, $password); if (!$row) { // Then test an unencrypted password $row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, self::hashPassword($password)); if (!$row) { // This is a legacy account from a 2.1 upgrade - try md5 $row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, md5($password)); if (!$row) { // Invalid TBGContext::getResponse()->deleteCookie('tbg3_username'); TBGContext::getResponse()->deleteCookie('tbg3_password'); throw new Exception('No such login'); //TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login')); } else { // convert md5 to new password type $user = new TBGUser($row->get(TBGUsersTable::ID), $row); $user->changePassword($password); $user->save(); unset($user); } } } } elseif (TBGContext::isCLI()) { $row = TBGUsersTable::getTable()->getByUsername(TBGContext::getCurrentCLIusername()); } elseif (!TBGSettings::isLoginRequired()) { $row = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID()); } if ($row) { if (!$row->get(TBGScopesTable::ENABLED)) { throw new Exception('This account belongs to a scope that is not active'); } elseif (!$row->get(TBGUsersTable::ACTIVATED)) { throw new Exception('This account has not been activated yet'); } elseif (!$row->get(TBGUsersTable::ENABLED)) { throw new Exception('This account has been suspended'); } $user = TBGContext::factory()->TBGUser($row->get(TBGUsersTable::ID), $row); } elseif (TBGSettings::isLoginRequired()) { throw new Exception('Login required'); } else { throw new Exception('No such login'); } } catch (Exception $e) { throw $e; } return $user; }
public function componentLogin() { $this->selected_tab = isset($this->section) ? $this->section : 'login'; $this->options = $this->getParameterHolder(); if (TBGContext::hasMessage('login_referer')) { $this->referer = htmlentities(TBGContext::getMessage('login_referer'), ENT_COMPAT, TBGContext::getI18n()->getCharset()); } elseif (array_key_exists('HTTP_REFERER', $_SERVER)) { $this->referer = htmlentities($_SERVER['HTTP_REFERER'], ENT_COMPAT, TBGContext::getI18n()->getCharset()); } else { $this->referer = TBGContext::getRouting()->generate('dashboard'); } try { $this->loginintro = null; $this->registrationintro = null; $this->loginintro = TBGArticlesTable::getTable()->getArticleByName('LoginIntro'); $this->registrationintro = TBGArticlesTable::getTable()->getArticleByName('RegistrationIntro'); } catch (Exception $e) { } if (TBGSettings::isLoginRequired()) { TBGContext::getResponse()->deleteCookie('tbg3_username'); TBGContext::getResponse()->deleteCookie('tbg3_password'); $this->error = TBGContext::geti18n()->__('You need to log in to access this site'); } elseif (!TBGContext::getUser()->isAuthenticated()) { $this->error = TBGContext::geti18n()->__('Please log in'); } else { //$this->error = TBGContext::geti18n()->__('Please log in'); } }
/** * Login (AJAX call) * * @param TBGRequest $request */ public function runLogin(TBGRequest $request) { $i18n = TBGContext::getI18n(); $this->login_referer = array_key_exists('HTTP_REFERER', $_SERVER) && isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; $options = $request->getParameters(); $forward_url = TBGContext::getRouting()->generate('home'); try { if ($request->getMethod() == TBGRequest::POST) { if ($request->hasParameter('tbg3_username') && $request->hasParameter('tbg3_password')) { $username = $request->getParameter('tbg3_username'); $password = $request->getParameter('tbg3_password'); $user = TBGUser::loginCheck($username, $password, true); $this->getResponse()->setCookie('tbg3_username', $username); $this->getResponse()->setCookie('tbg3_password', TBGUser::hashPassword($password)); TBGContext::setUser($user); if ($request->hasParameter('return_to')) { $forward_url = $request->getParameter('return_to'); } else { if (TBGSettings::get('returnfromlogin') == 'referer') { if ($request->getParameter('tbg3_referer')) { $forward_url = $request->getParameter('tbg3_referer'); } else { $forward_url = TBGContext::getRouting()->generate('dashboard'); } } else { $forward_url = TBGContext::getRouting()->generate(TBGSettings::get('returnfromlogin')); } } } else { throw new Exception($i18n->__('Please enter a username and password')); } } elseif (TBGSettings::isLoginRequired()) { throw new Exception($i18n->__('You need to log in to access this site')); } elseif (!TBGContext::getUser()->isAuthenticated()) { throw new Exception($i18n->__('Please log in')); } elseif (TBGContext::hasMessage('forward')) { throw new Exception($i18n->__(TBGContext::getMessageAndClear('forward'))); } } catch (Exception $e) { if (TBGContext::getRequest()->isAjaxCall() || TBGContext::getRequest()->getRequestedFormat() == 'json') { return $this->renderJSON(array('failed' => true, "error" => $i18n->__($e->getMessage()), 'referer' => $request->getParameter('tbg3_referer'))); } else { $options['error'] = $e->getMessage(); } } if (TBGContext::getRequest()->isAjaxCall() || TBGContext::getRequest()->getRequestedFormat() == 'json') { return $this->renderJSON(array('forward' => $forward_url)); } elseif ($forward_url !== null && $request->getParameter('continue') != true) { $this->forward($forward_url); } $this->options = $options; }