/** * Dispatches the processed request. * * @param Request $request Router Request object. * @param Routes $routes Router Routes object. * * @access public * @throws \InvalidArgumentException Request token does not match. * * @return void */ public function dispatch(Request &$request, Routes &$routes) { $this->routes = $routes; $this->request = $request; $this->response = new Response(); if (Core\Session()->get('_token')) { $this->request->setToken(Core\Session()->get('_token')); } else { $this->request->regenerateToken(); Core\Session()->set('_token', $this->request->token()); } if (!$request->isValid()) { $this->response->setHttpResponseCode(403); throw new \InvalidArgumentException('Request token does not match.'); } $namespace = $request->mode('namespace'); $controller = "\\{$namespace}\\Controllers\\" . $request->controller(); if (class_exists($controller)) { $controller = new $controller(); $action = $request->action(); /* Check if there is such action implemented and filter for magic methods like __construct, etc. */ if (is_callable(array($controller, $action)) && false === strpos($action, '__')) { $controller->__executeAction($action, $request); } else { $controller->__executeAction('actionNotFound', $request); } $this->response->setContent($controller->renderer->getOutput()); $this->response->addHeader('Content-Type: ' . $controller->renderer->getOutputContentType()); } else { Core\Base\Controller::resourceNotFound($request); } }
/** * Login action. * * Updates the user login time. * * @param Request $request Current router request. * * @return void */ public function login(Request $request) { if ($request->is('post')) { if ($this->captcha) { if (!Helpers\Captcha::isValid($this->captcha)) { Helpers\FlashMessage::set($this->labels['captcha']['error'], 'danger'); return; } } $user = Models\CMSUser::find()->where('email = ?', array($request->post('email')))->first(); if ($user && Crypt::hashCompare($user->password, $request->post('password'))) { $user->save(array('login_on' => gmdate('Y-m-d H:i:s')), true); /* Regenerate Session key for prevent session id fixation. */ Core\Session()->regenerateKey(); Core\Session()->set('cms_user_info', rawurlencode(serialize($user))); Core\Session()->set('cms_user_logged', 1); Core\Session()->remove('authentication_error'); Core\Session()->remove('captcha'); /* Regenerate CSRF token for prevent token fixation. */ Core\Session()->remove('_token'); $request->regenerateToken(); if ($request->get('redirect')) { $request->redirectTo($request->get('redirect')); } else { $request->redirectTo(array('controller' => 'account')); } } else { Helpers\FlashMessage::set($this->labels['login']['error'], 'danger'); Core\Session()->set('authentication_error', true); if (Core\Config()->CAPTCHA['enabled']) { $this->loadCaptcha(Core\Config()->CAPTCHA); } } } else { if (Core\Session()->get('cms_user_logged') === 1) { $request->redirectTo(array('controller' => 'account')); } } }