/**
* User login into CMS framework
*
* @param string $username The username
* @param string|boolean $password if boolean FALSE: login without password if possible
* @param booleean $rememberme 1 for "remember-me" cookie method
* @param int $userId used for "remember-me" login function only
* @return boolean Login success
*/
function login( $username, $password, $rememberme = 0, $userId = null ) {
header('P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"'); // needed for IE6 to accept this anti-spam cookie in higher security setting.
if ( checkJversion() >= 1 ) { // Joomla 1.5 RC and above:
if ( $password !== false ) {
$result = $this->_baseFramework->login( array( 'username' => $username, 'password' => $password ), array( 'remember' => $rememberme ) );
} else {
// login without password:
jimport( 'joomla.user.authentication' );
// load user plugins:
JPluginHelper::importPlugin( 'user' );
// get JAuthentication object:
$authenticate =& JAuthentication::getInstance();
$dispatcher =& JDispatcher::getInstance();
$response = new JAuthenticationResponse();
// prepare our SUCCESS login response including user data:
global $_CB_database;
$row = new moscomprofilerUser( $_CB_database );
$row->loadByUsername( stripslashes( $username ) );
$response->status = JAUTHENTICATE_STATUS_SUCCESS;
$response->username = $username;
$response->fullname = $row->name;
// now we attempt user login and check results:
if ( checkJversion() == 2 ) {
$login = $dispatcher->trigger( 'onUserLogin', array( (array) $response, array( 'action' => 'core.login.site' ) ) );
} else {
$login = $dispatcher->trigger( 'onLoginUser', array( (array) $response, array() ) );
}
$result = ! in_array( false, $login, true );
}
if ( $result ) {
$user =& JFactory::getUser();
$this->_myId = (int) $user->id;
$this->_myUsername = $user->username;
$this->_myUserType = $user->usertype;
$this->_myCmsGid = $user->get('aid', 0);
$lang =& JFactory::getLanguage();
if ( checkJversion() == 2 ) {
$this->_myLanguage = strtolower( preg_replace( '/^(\w+).*$/i', '\1', $lang->getName() ) );
} else {
$this->_myLanguage = $lang->getBackwardLang();
}
}
} else {
// Mambo 4.5.x and Joomla before 1.0.13+ (in fact RC3+) do need hashed password for login() method:
if ( $password !== false ) {
$hashedPwdLogin = ( ( checkJversion() == 0 ) && ! function_exists( 'josHashPassword' ) ); // more reliable version-checking than the often hacked version.php file!
if ( $hashedPwdLogin ) { // Joomla 1.0.12 and below:
$dummyRow = new moscomprofilerUser( $_CB_database );
$this->_baseFramework->login( $username, $dummyRow->hashAndSaltPassword( $password ), $rememberme, $userId );
} else {
$this->_baseFramework->login( $username, $password, $rememberme, $userId );
}
// Joomla 1.0 redirects bluntly if login fails! so we need to check by ourselves below:
$result = true;
} else {
// login without password: //TBD MAMBO 4.6 support here !
global $_CB_database, $mainframe, $_VERSION;
$row = new moscomprofilerUser( $_CB_database );
$row->loadByUsername( stripslashes( $username ) );
// prepare login session with user data:
$session =& $mainframe->_session;
$session->guest = 0;
$session->username = $row->username;
$session->userid = (int) $row->id;
$session->usertype = $row->usertype;
$session->gid = (int) $row->gid;
// attempt to login user:
if ( $session->update() ) {
$result = true;
}
// check if site is demo or production:
if ( $_VERSION->SITE ) {
// site is production; remove duplicate sessions:
$query = 'DELETE FROM ' . $_CB_database->NameQuote( '#__session' )
. "\n WHERE " . $_CB_database->NameQuote( 'session_id' ) . ' != ' . $_CB_database->Quote( $session->session_id )
. "\n AND " . $_CB_database->NameQuote( 'username' ) . ' = ' . $_CB_database->Quote( $row->username )
. "\n AND " . $_CB_database->NameQuote( 'userid' ) . ' = ' . (int) $row->id
. "\n AND " . $_CB_database->NameQuote( 'gid' ) . ' = ' . (int) $row->gid
. "\n AND " . $_CB_database->NameQuote( 'guest' ) . ' = 0';
$_CB_database->setQuery( $query );
if ( ! $_CB_database->query() ) {
trigger_error( 'loginUser 1 SQL error: ' . $_CB_database->stderr( true ), E_USER_WARNING );
}
}
// get current datetime:
$currentDate = date( 'Y-m-d H:i:s', $this->now() );
// update user last login with current datetime:
$query = 'UPDATE ' . $_CB_database->NameQuote( '#__users' )
. "\n SET " . $_CB_database->NameQuote( 'lastvisitDate' ) . " = " . $_CB_database->Quote( $currentDate )
. "\n WHERE " . $_CB_database->NameQuote( 'id' ) . " = " . (int) $session->userid;
$_CB_database->setQuery( $query );
if ( ! $_CB_database->query() ) {
trigger_error( 'loginUser 2 SQL error: ' . $_CB_database->stderr( true ), E_USER_WARNING );
}
// clean old cache:
mosCache::cleanCache();
}
if ( checkJversion() == 0 ) {
global $mainframe;
$mymy = $mainframe->getUser();
$this->_myId = (int) $mymy->id;
$this->_myUsername = $mymy->username;
$this->_myUserType = $mymy->usertype;
$this->_myCmsGid = $mymy->gid;
if ( ! $this->_myId ) {
$result = false;
}
}
//TBD MAMBO 4.6 support here !
}
return $result;
}
/**
* Logins on host CMS using any allowed authentication methods
*
* @param string $username The username
* @param string|boolean $password Well, The password OR strictly boolean false for login without password
* @param boolean $rememberMe If login should be remembered in a cookie to be sent back to user's browser
* @param boolean $message If an alert message should be prepared on successful login
* @param string $return IN & OUT: IN: return URL NOT SEFED for normal login completition (unless an event says different), OUT: redirection url (no htmlspecialchars) NOT SEFED
* @param array $messagesToUser OUT: messages to display to user (html)
* @param array $alertmessages OUT: messages to alert to user (text)
* @param int $loginType 0: username, 1: email, 2: username or email, 3: username, email or CMS authentication
*/
function login( $username, $password, $rememberMe, $message, &$return, &$messagesToUser, &$alertmessages, $loginType = 0 ) {
global $_CB_database, $_CB_framework, $ueConfig, $_PLUGINS;
$returnURL = null;
if ( ( ! $username ) || ( ( ! $password ) && ( $password !== false ) ) ) {
$resultError = _LOGIN_INCOMPLETE;
} else {
$_PLUGINS->loadPluginGroup('user');
$_PLUGINS->trigger( 'onBeforeLogin', array( &$username, &$password ) );
$resultError = null;
$showSysMessage = true;
$stopLogin = false;
$loggedIn = false;
if($_PLUGINS->is_errors()) {
$resultError = $_PLUGINS->getErrorMSG();
} else {
$row = new moscomprofilerUser( $_CB_database );
$foundUser = false;
// Try login by CB authentication trigger:
$_PLUGINS->trigger( 'onLoginAuthentication', array( &$username, &$password, &$row, $loginType, &$foundUser, &$stopLogin, &$resultError, &$messagesToUser, &$alertmessages, &$return ) );
if ( ! $foundUser ) {
if ( $loginType != 2 ) {
// login by username:
$foundUser = $row->loadByUsername( stripslashes( $username ) ) && ( ( $password === false ) || $row->verifyPassword( $password ) );
}
if ( ( ! $foundUser ) && ( $loginType >= 1 ) ) {
// login by email:
$foundUser = $row->loadByEmail( stripslashes( $username ) ) && ( ( $password === false ) || $row->verifyPassword( $password ) );
if ( $foundUser ) {
$username = $row->username;
}
}
if ( ( ! $foundUser ) && ( $loginType > 2 ) ) {
// If no result, try login by CMS authentication:
if ( $_CB_framework->login( $username, $password, $rememberMe ) ) {
$foundUser = $row->loadByUsername( stripslashes( $username ) );
cbSplitSingleName( $row );
$row->confirmed = 1;
$row->approved = 1;
$row->store(); // synchronizes with comprofiler table
$loggedIn = true;
}
}
}
if ( $foundUser ) {
$returnPluginsOverrides = null;
$pluginResults = $_PLUGINS->trigger( 'onDuringLogin', array( &$row, 1, &$returnPluginsOverrides ) );
if ( $returnPluginsOverrides ) {
$return = $returnPluginsOverrides;
}
if ( is_array( $pluginResults ) && count( $pluginResults ) ) {
foreach ( $pluginResults as $res ) {
if ( is_array( $res ) ) {
if ( isset( $res['messagesToUser'] ) ) {
$messagesToUser[] = $res['messagesToUser'];
}
if ( isset( $res['alertMessage'] ) ) {
$alertmessages[] = $res['alertMessage'];
}
if ( isset( $res['showSysMessage'] ) ) {
$showSysMessage = $showSysMessage && $res['showSysMessage'];
}
if ( isset( $res['stopLogin'] ) ) {
$stopLogin = $stopLogin || $res['stopLogin'];
}
}
}
}
if($_PLUGINS->is_errors()) {
$resultError = $_PLUGINS->getErrorMSG();
}
elseif ( $stopLogin ) {
// login stopped: don't even check for errors...
}
elseif ($row->approved == 2){
$resultError = _LOGIN_REJECTED;
}
elseif ($row->confirmed != 1){
if ( $row->cbactivation == '' ) {
$row->store(); // just in case the activation code was missing
}
$cbNotification = new cbNotification();
$cbNotification->sendFromSystem($row->id,getLangDefinition(stripslashes($ueConfig['reg_pend_appr_sub'])),getLangDefinition(stripslashes($ueConfig['reg_pend_appr_msg'])));
$resultError = _LOGIN_NOT_CONFIRMED;
}
elseif ($row->approved == 0){
$resultError = _LOGIN_NOT_APPROVED;
}
elseif ($row->block == 1) {
$resultError = _UE_LOGIN_BLOCKED;
}
elseif ($row->lastvisitDate == '0000-00-00 00:00:00') {
if (isset($ueConfig['reg_first_visit_url']) and ($ueConfig['reg_first_visit_url'] != "")) {
$return = $ueConfig['reg_first_visit_url'];
} else {
$return = $returnPluginsOverrides; // by default return to homepage on first login (or on page overridden by plugin).
}
$_PLUGINS->trigger( 'onBeforeFirstLogin', array( &$row, $username, $password, &$return ));
if ($_PLUGINS->is_errors()) {
$resultError = $_PLUGINS->getErrorMSG( "<br />" );
}
}
} else {
if ( $loginType < 2 ) {
$resultError = _LOGIN_INCORRECT;
} else {
$resultError = _UE_INCORRECT_EMAIL_OR_PASSWORD;
}
}
}
if ( $resultError ) {
if ( $showSysMessage ) {
$alertmessages[] = $resultError;
}
} elseif ( ! $stopLogin ) {
if ( ! $loggedIn ) {
$_PLUGINS->trigger( 'onDoLoginNow', array( $username, $password, $rememberMe, &$row, &$loggedIn, &$resultError, &$messagesToUser, &$alertmessages, &$return ) );
}
if ( ! $loggedIn ) {
$_CB_framework->login( $username, $password, $rememberMe );
$loggedIn = true;
}
$_PLUGINS->trigger( 'onAfterLogin', array( &$row, $loggedIn ) );
if ( $loggedIn && $message && $showSysMessage ) {
$alertmessages[] = _LOGIN_SUCCESS;
}
if ( ! $loggedIn ) {
$resultError = _LOGIN_INCORRECT;
}
// changing com_comprofiler to comprofiler is a quick-fix for SEF ON on return path...
if ( $return && !( strpos( $return, 'comprofiler' /* 'com_comprofiler' */ ) && ( strpos( $return, 'login') || strpos( $return, 'logout') || strpos( $return, 'registers' ) || strpos( strtolower( $return ), 'lostpassword' ) ) ) ) {
// checks for the presence of a return url
// and ensures that this url is not the registration or login pages
$returnURL = $return;
} elseif ( ! $returnURL ) {
$returnURL = 'index.php';
}
}
}
$return = $returnURL;
return $resultError;
}