/**
* Logs a user in, using the local Craft user-base if possible, or falling back to legacy user-base data.
*
* @param string $username The user’s username.
* @param string $password The user’s submitted password.
* @param bool $rememberMe Whether the user should be remembered.
*
* @throws Exception
* @return bool Whether the user was logged in successfully.
*/
public function login($username, $password, $rememberMe = false)
{
// First, try logging in a native User.
$nativeSuccess = craft()->userSession->login($username, $password, $rememberMe);
if ($nativeSuccess === true) {
return LegacyLoginPlugin::NativeUserType;
}
// Okay, we'll try to match and validate a legacy user...
// First, validate the provided username/password.
$usernameModel = new UsernameModel(['username' => $username]);
$passwordModel = new PasswordModel(['password' => $password]);
if (!$usernameModel->validate() || !$passwordModel->validate()) {
LegacyLoginPlugin::log($username . ' tried to log in unsuccessfully, but there was a validation issue with the username or password.', LogLevel::Warning);
return false;
}
// Okay, we have a valid username and password... Can we authenticate a legacy user?
$allowedServices = craft()->config->get('allowedServices', 'legacylogin');
// Bail if we're mis-configured
if (!is_array($allowedServices)) {
return false;
}
// Try each service in sequence...
foreach ($allowedServices as $service) {
switch ($service) {
case LegacyLoginPlugin::BigCommerceLegacyUserType:
if (LegacyLogin_BigCommerceHelper::login($username, $password, $rememberMe)) {
return LegacyLoginPlugin::BigCommerceLegacyUserType;
}
break;
case LegacyLoginPlugin::EE2LegacyUserType:
if (LegacyLogin_Ee2Helper::login($username, $password, $rememberMe)) {
return LegacyLoginPlugin::EE2LegacyUserType;
}
break;
case LegacyLoginPlugin::WellspringLegacyUserType:
if (LegacyLogin_WellspringHelper::login($username, $password, $rememberMe)) {
return LegacyLoginPlugin::WellspringLegacyUserType;
}
break;
case LegacyLoginPlugin::WordPressLegacyUserType:
if (LegacyLogin_WordPressHelper::login($username, $password, $rememberMe)) {
return LegacyLoginPlugin::WordPressLegacyUserType;
}
break;
}
}
// Alas, it just wasn't meant to be.
LegacyLoginPlugin::log($username . ' could not be authenticated as a legacy user.', LogLevel::Warning);
return false;
}
/**
* Logs a user in.
*
* If $rememberMe is set to `true`, the user will be logged in for the duration specified by the
* [rememberedUserSessionDuration](http://craftcms.com/docs/config-settings#rememberedUserSessionDuration)
* config setting. Otherwise it will last for the duration specified by the
* [userSessionDuration](http://craftcms.com/docs/config-settings#userSessionDuration)
* config setting.
*
* @param string $username The user’s username.
* @param string $password The user’s submitted password.
* @param bool $rememberMe Whether the user should be remembered.
*
* @throws Exception
* @return bool Whether the user was logged in successfully.
*/
public function login($username, $password, $rememberMe = false)
{
// Require a userAgent string and an IP address to help prevent direct socket connections from trying to login.
if (!craft()->request->userAgent || !$_SERVER['REMOTE_ADDR']) {
Craft::log('Someone tried to login with loginName: ' . $username . ', without presenting an IP address or userAgent string.', LogLevel::Warning);
$this->logout(true);
$this->requireLogin();
}
// Validate the username/password first.
$usernameModel = new UsernameModel();
$passwordModel = new PasswordModel();
$usernameModel->username = $username;
$passwordModel->password = $password;
// Validate the models.
if ($usernameModel->validate() && $passwordModel->validate()) {
$this->_identity = new UserIdentity($username, $password);
// Did we authenticate?
if ($this->_identity->authenticate()) {
return $this->loginByUserId($this->_identity->getUserModel()->id, $rememberMe, true);
}
}
Craft::log($username . ' tried to log in unsuccessfully.', LogLevel::Warning);
return false;
}
/**
* Logs a user in.
*
* If $rememberMe is set to `true`, the user will be logged in for the duration specified by the
* [rememberedUserSessionDuration](http://buildwithcraft.com/docs/config-settings#rememberedUserSessionDuration)
* config setting. Otherwise it will last for the duration specified by the
* [userSessionDuration](http://buildwithcraft.com/docs/config-settings#userSessionDuration)
* config setting.
*
* @param string $username The user’s username.
* @param string $password The user’s submitted password.
* @param bool $rememberMe Whether the user should be remembered.
*
* @throws Exception
* @return bool Whether the user was logged in successfully.
*/
public function login($username, $password, $rememberMe = false)
{
// Validate the username/password first.
$usernameModel = new UsernameModel();
$passwordModel = new PasswordModel();
$usernameModel->username = $username;
$passwordModel->password = $password;
// Require a userAgent string and an IP address to help prevent direct socket connections from trying to login.
if (!craft()->request->userAgent || !$_SERVER['REMOTE_ADDR']) {
Craft::log('Someone tried to login with loginName: ' . $username . ', without presenting an IP address or userAgent string.', LogLevel::Warning);
$this->logout(true);
$this->requireLogin();
}
// Validate the model.
if ($usernameModel->validate() && $passwordModel->validate()) {
// Authenticate the credentials.
$this->_identity = new UserIdentity($username, $password);
$this->_identity->authenticate();
// Was the login successful?
if ($this->_identity->errorCode == UserIdentity::ERROR_NONE) {
// See if the 'rememberUsernameDuration' config item is set. If so, save the name to a cookie.
$rememberUsernameDuration = craft()->config->get('rememberUsernameDuration');
if ($rememberUsernameDuration) {
$this->saveCookie('username', $username, DateTimeHelper::timeFormatToSeconds($rememberUsernameDuration));
} else {
// Just in case...
$this->deleteStateCookie('username');
}
// Get how long this session is supposed to last.
$this->authTimeout = craft()->config->getUserSessionDuration($rememberMe);
$id = $this->_identity->getId();
$states = $this->_identity->getPersistentStates();
// Fire an 'onBeforeLogin' event
$this->onBeforeLogin(new Event($this, array('username' => $usernameModel->username)));
// Run any before login logic.
if ($this->beforeLogin($id, $states, false)) {
$this->changeIdentity($id, $this->_identity->getName(), $states);
// Fire an 'onLogin' event
$this->onLogin(new Event($this, array('username' => $usernameModel->username)));
if ($this->authTimeout) {
if ($this->allowAutoLogin) {
$user = craft()->users->getUserById($id);
if ($user) {
// Save the necessary info to the identity cookie.
$sessionToken = StringHelper::UUID();
$hashedToken = craft()->security->hashData(base64_encode(serialize($sessionToken)));
$uid = craft()->users->handleSuccessfulLogin($user, $hashedToken);
$data = array($this->getName(), $sessionToken, $uid, $rememberMe ? 1 : 0, craft()->request->getUserAgent(), $this->saveIdentityStates());
$this->_identityCookie = $this->saveCookie('', $data, $this->authTimeout);
} else {
throw new Exception(Craft::t('Could not find a user with Id of {userId}.', array('{userId}' => $this->getId())));
}
} else {
throw new Exception(Craft::t('{class}.allowAutoLogin must be set true in order to use cookie-based authentication.', array('{class}' => get_class($this))));
}
}
$this->_sessionRestoredFromCookie = false;
$this->_userRow = null;
// Run any after login logic.
$this->afterLogin(false);
}
return !$this->getIsGuest();
}
}
Craft::log($username . ' tried to log in unsuccessfully.', LogLevel::Warning);
return false;
}
