/**
* Returns the logged in user, or default user if not logged in
*
* @param TBGRequest $request
* @param TBGAction $action
*
* @return TBGUser
*/
public static function loginCheck(TBGRequest $request, TBGAction $action)
{
try {
$authentication_method = $action->getAuthenticationMethodForAction(TBGContext::getRouting()->getCurrentRouteAction());
$user = null;
$external = false;
switch ($authentication_method) {
case TBGAction::AUTHENTICATION_METHOD_ELEVATED:
case TBGAction::AUTHENTICATION_METHOD_CORE:
$username = $request['tbg3_username'];
$password = $request['tbg3_password'];
if ($authentication_method == TBGAction::AUTHENTICATION_METHOD_ELEVATED) {
$elevated_password = $request['tbg3_elevated_password'];
}
$raw = true;
// If no username and password specified, check if we have a session that exists already
if ($username === null && $password === null) {
if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) {
$username = TBGContext::getRequest()->getCookie('tbg3_username');
$password = TBGContext::getRequest()->getCookie('tbg3_password');
$user = TBGUsersTable::getTable()->getByUsername($username);
if ($authentication_method == TBGAction::AUTHENTICATION_METHOD_ELEVATED) {
$elevated_password = TBGContext::getRequest()->getCookie('tbg3_elevated_password');
if ($user instanceof TBGUser && !$user->hasPasswordHash($password)) {
$user = null;
} else {
if ($user instanceof TBGUser && !$user->hasPasswordHash($elevated_password)) {
TBGContext::setUser($user);
TBGContext::getRouting()->setCurrentRouteName('elevated_login_page');
throw new TBGElevatedLoginException('reenter');
}
}
} else {
if ($user instanceof TBGUser && !$user->hasPasswordHash($password)) {
$user = null;
}
}
$raw = false;
if (!$user instanceof TBGUser) {
TBGContext::logout();
throw new Exception('No such login');
}
}
}
// If we have authentication details, validate them
if (TBGSettings::isUsingExternalAuthenticationBackend() && $username !== null && $password !== null) {
$external = true;
TBGLogging::log('Authenticating with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO);
try {
$mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend());
if ($mod->getType() !== TBGModule::MODULE_AUTH) {
TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL);
}
if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) {
$user = $mod->verifyLogin($username, $password);
} else {
$user = $mod->doLogin($username, $password);
}
if (!$user instanceof TBGUser) {
// Invalid
TBGContext::logout();
throw new Exception('No such login');
//TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login'));
}
} catch (Exception $e) {
throw $e;
}
} elseif (TBGSettings::isUsingExternalAuthenticationBackend()) {
$external = true;
TBGLogging::log('Authenticating without credentials with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO);
try {
$mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend());
if ($mod->getType() !== TBGModule::MODULE_AUTH) {
TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL);
}
$user = $mod->doAutoLogin();
if ($user == false) {
// Invalid
TBGContext::logout();
throw new Exception('No such login');
//TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login'));
}
} catch (Exception $e) {
throw $e;
}
} elseif ($username !== null && $password !== null && !$user instanceof TBGUser) {
$external = false;
TBGLogging::log('Using internal authentication', 'auth', TBGLogging::LEVEL_INFO);
$user = TBGUsersTable::getTable()->getByUsername($username);
if (!$user->hasPassword($password)) {
$user = null;
}
if (!$user instanceof TBGUser) {
TBGContext::logout();
}
}
break;
case TBGAction::AUTHENTICATION_METHOD_DUMMY:
$user = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID());
break;
case TBGAction::AUTHENTICATION_METHOD_CLI:
$user = TBGUsersTable::getTable()->getByUsername(TBGContext::getCurrentCLIusername());
break;
case TBGAction::AUTHENTICATION_METHOD_RSS_KEY:
$user = TBGUsersTable::getTable()->getByRssKey($request['rsskey']);
break;
case TBGAction::AUTHENTICATION_METHOD_APPLICATION_PASSWORD:
$user = TBGUsersTable::getTable()->getByUsername($request['api_username']);
if (!$user->authenticateApplicationPassword($request['api_token'])) {
$user = null;
}
break;
default:
if (!TBGSettings::isLoginRequired()) {
$user = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID());
}
}
if ($user instanceof TBGUser) {
if (!$user->isActivated()) {
throw new Exception('This account has not been activated yet');
} elseif (!$user->isEnabled()) {
throw new Exception('This account has been suspended');
} elseif (!$user->isConfirmedMemberOfScope(TBGContext::getScope())) {
if (!TBGSettings::isRegistrationAllowed()) {
throw new Exception('This account does not have access to this scope');
}
}
if ($external == false && $authentication_method == TBGAction::AUTHENTICATION_METHOD_CORE) {
$password = $user->getHashPassword();
if (!$request->hasCookie('tbg3_username')) {
if ($request->getParameter('tbg3_rememberme')) {
TBGContext::getResponse()->setCookie('tbg3_username', $user->getUsername());
TBGContext::getResponse()->setCookie('tbg3_password', $user->getPassword());
} else {
TBGContext::getResponse()->setSessionCookie('tbg3_username', $user->getUsername());
TBGContext::getResponse()->setSessionCookie('tbg3_password', $user->getPassword());
}
}
}
} elseif (TBGSettings::isLoginRequired()) {
throw new Exception('Login required');
} else {
throw new Exception('No such login');
}
} catch (Exception $e) {
throw $e;
}
return $user;
}
disabled<?php
}
?>
>
<option value=1<?php
if (TBGSettings::isLoginRequired()) {
?>
selected<?php
}
?>
><?php
echo __('You need a valid user account to access any content');
?>
</option>
<option value=0<?php
if (!TBGSettings::isLoginRequired()) {
?>
selected<?php
}
?>
><?php
echo __('Use the guest user account');
?>
</option>
</select>
</td>
</tr>
<tr>
<td><label for="defaultisguest"><?php
echo __('Guest user is authenticated');
?>
/**
* Returns the logged in user, or default user if not logged in
*
* @param string $uname
* @param string $upwd
*
* @return TBGUser
*/
public static function loginCheck($username = null, $password = null)
{
try {
$row = null;
// If no username and password specified, check if we have a session that exists already
if ($username === null && $password === null) {
if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) {
$username = TBGContext::getRequest()->getCookie('tbg3_username');
$password = TBGContext::getRequest()->getCookie('tbg3_password');
$row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, $password);
if (!$row) {
TBGContext::getResponse()->deleteCookie('tbg3_username');
TBGContext::getResponse()->deleteCookie('tbg3_password');
throw new Exception('No such login');
//TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login'));
}
}
}
// If we have authentication details, validate them
if (TBGSettings::getAuthenticationBackend() !== null && TBGSettings::getAuthenticationBackend() !== 'tbg' && $username !== null && $password !== null) {
TBGLogging::log('Authenticating with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO);
try {
$mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend());
if ($mod->getType() !== TBGModule::MODULE_AUTH) {
TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL);
throw new Exception('Invalid module type');
}
if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) {
$row = $mod->verifyLogin($username, $password);
} else {
$row = $mod->doLogin($username, $password);
}
if (!$row) {
// Invalid
TBGContext::getResponse()->deleteCookie('tbg3_username');
TBGContext::getResponse()->deleteCookie('tbg3_password');
throw new Exception('No such login');
//TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login'));
}
} catch (Exception $e) {
throw $e;
}
} elseif ($username !== null && $password !== null) {
TBGLogging::log('Using internal authentication', 'auth', TBGLogging::LEVEL_INFO);
// First test a pre-encrypted password
$row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, $password);
if (!$row) {
// Then test an unencrypted password
$row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, self::hashPassword($password));
if (!$row) {
// This is a legacy account from a 2.1 upgrade - try md5
$row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, md5($password));
if (!$row) {
// Invalid
TBGContext::getResponse()->deleteCookie('tbg3_username');
TBGContext::getResponse()->deleteCookie('tbg3_password');
throw new Exception('No such login');
//TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login'));
} else {
// convert md5 to new password type
$user = new TBGUser($row->get(TBGUsersTable::ID), $row);
$user->changePassword($password);
$user->save();
unset($user);
}
}
}
} elseif (TBGContext::isCLI()) {
$row = TBGUsersTable::getTable()->getByUsername(TBGContext::getCurrentCLIusername());
} elseif (!TBGSettings::isLoginRequired()) {
$row = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID());
}
if ($row) {
if (!$row->get(TBGScopesTable::ENABLED)) {
throw new Exception('This account belongs to a scope that is not active');
} elseif (!$row->get(TBGUsersTable::ACTIVATED)) {
throw new Exception('This account has not been activated yet');
} elseif (!$row->get(TBGUsersTable::ENABLED)) {
throw new Exception('This account has been suspended');
}
$user = TBGContext::factory()->TBGUser($row->get(TBGUsersTable::ID), $row);
} elseif (TBGSettings::isLoginRequired()) {
throw new Exception('Login required');
} else {
throw new Exception('No such login');
}
} catch (Exception $e) {
throw $e;
}
return $user;
}
public function componentLogin()
{
$this->selected_tab = isset($this->section) ? $this->section : 'login';
$this->options = $this->getParameterHolder();
if (TBGContext::hasMessage('login_referer')) {
$this->referer = htmlentities(TBGContext::getMessage('login_referer'), ENT_COMPAT, TBGContext::getI18n()->getCharset());
} elseif (array_key_exists('HTTP_REFERER', $_SERVER)) {
$this->referer = htmlentities($_SERVER['HTTP_REFERER'], ENT_COMPAT, TBGContext::getI18n()->getCharset());
} else {
$this->referer = TBGContext::getRouting()->generate('dashboard');
}
try {
$this->loginintro = null;
$this->registrationintro = null;
$this->loginintro = TBGArticlesTable::getTable()->getArticleByName('LoginIntro');
$this->registrationintro = TBGArticlesTable::getTable()->getArticleByName('RegistrationIntro');
} catch (Exception $e) {
}
if (TBGSettings::isLoginRequired()) {
TBGContext::getResponse()->deleteCookie('tbg3_username');
TBGContext::getResponse()->deleteCookie('tbg3_password');
$this->error = TBGContext::geti18n()->__('You need to log in to access this site');
} elseif (!TBGContext::getUser()->isAuthenticated()) {
$this->error = TBGContext::geti18n()->__('Please log in');
} else {
//$this->error = TBGContext::geti18n()->__('Please log in');
}
}
/**
* Login (AJAX call)
*
* @param TBGRequest $request
*/
public function runLogin(TBGRequest $request)
{
$i18n = TBGContext::getI18n();
$this->login_referer = array_key_exists('HTTP_REFERER', $_SERVER) && isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
$options = $request->getParameters();
$forward_url = TBGContext::getRouting()->generate('home');
try {
if ($request->getMethod() == TBGRequest::POST) {
if ($request->hasParameter('tbg3_username') && $request->hasParameter('tbg3_password')) {
$username = $request->getParameter('tbg3_username');
$password = $request->getParameter('tbg3_password');
$user = TBGUser::loginCheck($username, $password, true);
$this->getResponse()->setCookie('tbg3_username', $username);
$this->getResponse()->setCookie('tbg3_password', TBGUser::hashPassword($password));
TBGContext::setUser($user);
if ($request->hasParameter('return_to')) {
$forward_url = $request->getParameter('return_to');
} else {
if (TBGSettings::get('returnfromlogin') == 'referer') {
if ($request->getParameter('tbg3_referer')) {
$forward_url = $request->getParameter('tbg3_referer');
} else {
$forward_url = TBGContext::getRouting()->generate('dashboard');
}
} else {
$forward_url = TBGContext::getRouting()->generate(TBGSettings::get('returnfromlogin'));
}
}
} else {
throw new Exception($i18n->__('Please enter a username and password'));
}
} elseif (TBGSettings::isLoginRequired()) {
throw new Exception($i18n->__('You need to log in to access this site'));
} elseif (!TBGContext::getUser()->isAuthenticated()) {
throw new Exception($i18n->__('Please log in'));
} elseif (TBGContext::hasMessage('forward')) {
throw new Exception($i18n->__(TBGContext::getMessageAndClear('forward')));
}
} catch (Exception $e) {
if (TBGContext::getRequest()->isAjaxCall() || TBGContext::getRequest()->getRequestedFormat() == 'json') {
return $this->renderJSON(array('failed' => true, "error" => $i18n->__($e->getMessage()), 'referer' => $request->getParameter('tbg3_referer')));
} else {
$options['error'] = $e->getMessage();
}
}
if (TBGContext::getRequest()->isAjaxCall() || TBGContext::getRequest()->getRequestedFormat() == 'json') {
return $this->renderJSON(array('forward' => $forward_url));
} elseif ($forward_url !== null && $request->getParameter('continue') != true) {
$this->forward($forward_url);
}
$this->options = $options;
}
