/** * ACTION - User login. * * @access public * @return View * @since 1.0.2, 2013-12-07 * @version 1.0.7-dev, 2015-05-04 */ public function actionLogin() { $this->setTitle(Core::getAppName() . ' - ' . __('Login form')); $this->addBreadCrumb(__('Login form')); $oLoggedUser = Model\User::getLoggedUser(); if ($oLoggedUser instanceof Model\User) { Route::factory('user_profile')->redirectTo(['id' => $oLoggedUser->getId()]); } $failedLogins = \User\LoginFail::getCachedData(); if ($failedLogins > 4) { return View::factory('base/alert')->set('sType', 'danger')->set('sMsg', __('to.many.incorrect.logins')); } $oLoginForm = Form::factory('login'); $oLoginForm->addField(Form\Field\Text::factory('login', $oLoginForm)); $oLoginForm->addField(Form\Field\Password::factory('password', $oLoginForm)); if ($oLoginForm->isSubmittedAndValid()) { $sUsername = $oLoginForm->get('login'); $sPassword = $oLoginForm->get('password'); $sEncryptedPassword = Helper\Encrypter::factory()->encrypt($sUsername, $sPassword); $oUser = DB::query("SELECT u FROM \\Model\\User u WHERE u.login = :login AND u.password = :pass")->param('login', $sUsername)->param('pass', $sEncryptedPassword)->single(); if ($oUser instanceof Model\User) { Session::set('username', $sUsername); Session::set('uid', (int) $oUser->getId()); $oUser->setLoginDateNOW(); DB::flush(); # Get role permissions for particular user and set them in session \UserPermissions::reset(); Route::factory(Router::getCurrentRouteName())->redirectTo(); } else { $currentUrl = Router::currentUrl(); $alert = __('You have entered wrong username or password. Try again.'); \User\LoginFail::addLoginFail(); Session::flash($currentUrl, $alert, 'danger'); } } $oLoginForm->addToSuffix(View::factory('user/frontend/login_links')->render()); return View::factory('base/form')->bind('oForm', $oLoginForm); }
/** * Set permissions to session. * * @static * @access public * @param array $aPermissions * @since 1.0.0, 2015-01-10 * @version 1.0.0, 2015-01-10 */ public static function setPerms(array $aPermissions) { static::$aPermissions = $aPermissions; Session::set('permissions', array_values($aPermissions)); }
/** * Get (generate) token for this form. * * @access public * @return string * @since 1.0.0-alpha * @version 1.0.0-alpha */ public function getFormToken() { $sFormID = $this->getFormID(); $aFormTokens = Session::get('form_tokens'); if (!isset($aFormTokens[$sFormID]) || !is_array($aFormTokens[$sFormID]) || $aFormTokens[$sFormID][1] < time()) { $sToken = base64_encode(openssl_random_pseudo_bytes(16)); $aFormTokens[$sFormID] = [$sToken, time() + 3600]; Session::set('form_tokens', $aFormTokens); } else { $sToken = $aFormTokens[$sFormID][0]; } return $sToken; }