Alpha Framework alpha--controller
[ class tree: alpha--controller ] [ index: alpha--controller ] [ all elements ]
alpha--controller
Packages:
alpha--controller
alpha--controller--front
alpha--exceptions
alpha--model
alpha--model--types
alpha--service
alpha--tests
alpha--util
alpha--util--convertors
alpha--util--feeds
alpha--util--filters
alpha--util--graphs
alpha--util--helpers
alpha--util--metrics
alpha--view
alpha--view--widgets

Source for file Login.php

Documentation is available at Login.php

  1. <?php
  2.  
  3. // include the config file
  4. if(!isset($config)) {
  5.     require_once '../util/AlphaConfig.inc';
  6.     $config AlphaConfig::getInstance();
  7. }
  8.  
  9. require_once $config->get('sysRoot').'alpha/util/Logger.inc';
  10. require_once $config->get('sysRoot').'alpha/view/PersonView.inc';
  11. require_once $config->get('sysRoot').'alpha/controller/AlphaController.inc';
  12. require_once $config->get('sysRoot').'alpha/controller/AlphaControllerInterface.inc';
  13.  
  14. /**
  15.  *
  16.  * Login controller that adds the current user object to the session
  17.  * 
  18.  * @package alpha::controller
  19.  * @since 1.0
  20.  * @author John Collins <dev@alphaframework.org>
  21.  * @version $Id: Login.php 1341 2011-03-17 15:02:02Z johnc $
  22.  * @license http://www.opensource.org/licenses/bsd-license.php The BSD License
  23.  * @copyright Copyright (c) 2011, John Collins (founder of Alpha Framework).
  24.  *  All rights reserved.
  25.  * 
  26.  *  <pre>
  27.  *  Redistribution and use in source and binary forms, with or
  28.  *  without modification, are permitted provided that the
  29.  *  following conditions are met:
  30.  * 
  31.  *  * Redistributions of source code must retain the above
  32.  *    copyright notice, this list of conditions and the
  33.  *    following disclaimer.
  34.  *  * Redistributions in binary form must reproduce the above
  35.  *    copyright notice, this list of conditions and the
  36.  *    following disclaimer in the documentation and/or other
  37.  *    materials provided with the distribution.
  38.  *  * Neither the name of the Alpha Framework nor the names
  39.  *    of its contributors may be used to endorse or promote
  40.  *    products derived from this software without specific
  41.  *    prior written permission.
  42.  *   
  43.  *  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
  44.  *  CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
  45.  *  INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  46.  *  MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  47.  *  DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
  48.  *  CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  49.  *  SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  50.  *  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  51.  *  LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  52.  *  HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  53.  *  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
  54.  *  OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  55.  *  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  56.  *  </pre>
  57.  *  
  58.  */
  59. class Login extends AlphaController implements AlphaControllerInterface {
  60.     /**
  61.      * The person to be logged in
  62.      * 
  63.      * @var PersonObject 
  64.      * @since 1.0
  65.      */
  66.     private $personObject;
  67.     
  68.     /**
  69.      * The person view object
  70.      * 
  71.      * @var PersonView 
  72.      * @since 1.0
  73.      */
  74.     private $personView;
  75.     
  76.     /**
  77.      * Trace logger
  78.      * 
  79.      * @var Logger 
  80.      * @since 1.0
  81.      */
  82.     private static $logger null;
  83.     
  84.     /**
  85.      * constructor to set up the object
  86.      * @since 1.0
  87.      */
  88.     public function __construct({
  89.         self::$logger new Logger('Login');
  90.         self::$logger->debug('>>__construct()');
  91.         
  92.         global $config;
  93.         
  94.         // ensure that the super class constructor is called, indicating the rights group
  95.         parent::__construct('Public');
  96.         
  97.         $this->personObject new PersonObject();
  98.         $this->personView AlphaView::getInstance($this->personObject);
  99.         $this->setBO($this->personObject);
  100.         
  101.         // set up the title and meta details
  102.         $this->setTitle('Login to '.$config->get('sysTitle'));
  103.         $this->setDescription('Login page.');
  104.         $this->setKeywords('login,logon');
  105.         
  106.         self::$logger->debug('<<__construct');
  107.     }    
  108.         
  109.     /**
  110.      * Handle GET requests
  111.      * 
  112.      * @param array $params 
  113.      * @throws IllegalArguementException
  114.      * @since 1.0
  115.      */
  116.     public function doGET($params{
  117.         self::$logger->debug('>>doGET($params=['.var_export($paramstrue).'])');
  118.         
  119.         if(!is_array($params))
  120.             throw new IllegalArguementException('Bad $params ['.var_export($paramstrue).'] passed to doGET method!');
  121.         
  122.         echo AlphaView::displayPageHead($this);
  123.         
  124.         if (isset($params['reset']))
  125.             echo $this->personView->displayResetForm();
  126.         else
  127.             echo $this->personView->displayLoginForm();    
  128.         
  129.         echo AlphaView::displayPageFoot($this);
  130.         
  131.         self::$logger->debug('<<doGET');
  132.     }    
  133.     
  134.     /**
  135.      * Handle POST requests (adds $currentUser PersonObject to the session)
  136.      * 
  137.      * @param array $params 
  138.      * @throws IllegalArguementException
  139.      * @since 1.0
  140.      */
  141.     public function doPOST($params{
  142.         self::$logger->debug('>>doPOST($params=['.var_export($paramstrue).'])');
  143.         
  144.         if(!is_array($params))
  145.             throw new IllegalArguementException('Bad $params ['.var_export($paramstrue).'] passed to doPOST method!');
  146.                 
  147.         global $config;
  148.         
  149.         try {
  150.             // check the hidden security fields before accepting the form POST data
  151.             if(!$this->checkSecurityFields())
  152.                 throw new SecurityException('This page cannot accept post data from remote servers!');
  153.         
  154.             if (isset($params['loginBut'])) {
  155.                 // if the database has not been set up yet, accept a login from the config admin username/password
  156.                 if(!AlphaDAO::isInstalled()) {
  157.                     if ($params['email'== $config->get('sysInstallUsername'&& crypt($params['password']$config->get('sysInstallPassword')) == 
  158.                         crypt($config->get('sysInstallPassword')$config->get('sysInstallPassword'))) {
  159.                             
  160.                         self::$logger->info('Logging in ['.$params['email'].'] at ['.date("Y-m-d H:i:s").']');
  161.                         $admin new PersonObject();
  162.                         $admin->set('displayName''Admin');
  163.                         $admin->set('email'$params['email']);
  164.                         $admin->set('password'crypt($params['password']$config->get('sysInstallPassword')));
  165.                         $admin->set('OID''00000000001');
  166.                         $_SESSION['currentUser'$admin;
  167.                         if ($this->getNextJob(!= ''{
  168.                             $url FrontController::generateSecureURL('act='.$this->getNextJob());
  169.                             self::$logger->info('Redirecting to ['.$url.']');
  170.                             header('Location: '.$url);
  171.                             exit;
  172.                         }else{
  173.                             header('Location: '.$config->get('sysURL').'alpha/controller/Install.php');
  174.                             exit;
  175.                         }
  176.                     }else{
  177.                         throw new ValidationException('Failed to login user '.$params['email'].', the password is incorrect!');
  178.                     }
  179.                 }else{
  180.                     // here we are attempting to load the person from the email address
  181.                     $this->personObject->loadByAttribute('email'$params['email']true);
  182.                     
  183.                     AlphaDAO::disconnect();
  184.                     
  185.                     // checking to see if the account has been disabled
  186.                     if (!$this->personObject->isTransient(&& $this->personObject->get('state'== 'Disabled')
  187.                         throw new SecurityException('Failed to login user '.$params['email'].', that account has been disabled!');
  188.                     
  189.                     // check the password
  190.                     $this->doLoginAndRedirect($params['password']);
  191.                 }
  192.                 
  193.                 echo AlphaView::displayPageHead($this);
  194.                 
  195.                 echo $this->personView->displayLoginForm();
  196.             }
  197.             
  198.             if (isset($params['resetBut'])) {                
  199.                 // here we are attempting to load the person from the email address            
  200.                 $this->personObject->loadByAttribute('email'$params['email']);
  201.                 
  202.                 AlphaDAO::disconnect();
  203.                 
  204.                 // generate a new random password
  205.                 $new_password $this->personObject->generatePassword();
  206.                                     
  207.                 // now encrypt and save the new password, then e-mail the user
  208.                 $this->personObject->set('password'crypt($new_password));                
  209.                 $this->personObject->save();
  210.                     
  211.                 $message 'The password for your account has been reset to '.$new_password.' as you requested.  You can now login to the site using your '.
  212.                     'e-mail address and this new password as before.';
  213.                 $subject 'Password change request';
  214.                     
  215.                 $this->personObject->sendMail($message$subject);                
  216.                     
  217.                 echo AlphaView::displayUpdateMessage('The password for the user <strong>'.$params['email'].'</strong> has been reset, and the new password '.
  218.                     'has been sent to that e-mail address.');
  219.                 echo '<a href="'.$config->get('sysURL').'">Home Page</a>';
  220.             }
  221.         }catch(ValidationException $e{
  222.             echo AlphaView::displayPageHead($this);
  223.             
  224.             echo AlphaView::displayErrorMessage($e->getMessage());
  225.             
  226.             echo $this->personView->displayLoginForm();
  227.                                             
  228.             self::$logger->warn($e->getMessage());
  229.         }catch(SecurityException $e{
  230.             echo AlphaView::displayPageHead($this);
  231.             
  232.             echo AlphaView::displayErrorMessage($e->getMessage());
  233.                                             
  234.             self::$logger->warn($e->getMessage());
  235.         }catch(BONotFoundException $e{
  236.             echo AlphaView::displayPageHead($this);
  237.             
  238.             echo AlphaView::displayErrorMessage('Failed to find the user \''.$params['email'].'\'');
  239.             
  240.             echo $this->personView->displayLoginForm();
  241.             
  242.             self::$logger->warn($e->getMessage());
  243.         }
  244.         
  245.         echo AlphaView::displayPageFoot($this);
  246.         self::$logger->debug('<<doPOST');
  247.     }
  248.     
  249.     /**
  250.      * Login the user and re-direct to the defined destination
  251.      * 
  252.      * @param string $password The password supplied by the user logging in
  253.      * @throws ValidationException
  254.      * @since 1.0
  255.      */
  256.     private function doLoginAndRedirect($password{
  257.         self::$logger->debug('>>doLoginAndRedirect(password=['.$password.'])');
  258.         
  259.         global $config;
  260.         
  261.         if (!$this->personObject->isTransient(&& $this->personObject->get('state'== 'Active'{
  262.             if (crypt($password$this->personObject->get('password')) == $this->personObject->get('password')) {
  263.                                 
  264.                 self::$logger->info('Logging in ['.$this->personObject->get('email').'] at ['.date("Y-m-d H:i:s").']');
  265.                 
  266.                 $_SESSION['currentUser'$this->personObject;
  267.                 
  268.                 if ($this->getNextJob(!= ''{
  269.                     self::$logger->debug('<<doLoginAndRedirect');
  270.                     $url FrontController::generateSecureURL('act='.$this->getNextJob());
  271.                     header('Location: '.$url);
  272.                     exit;
  273.                 }else{
  274.                     self::$logger->debug('<<doLoginAndRedirect');
  275.                     header('Location: '.$config->get('sysURL'));
  276.                     exit;
  277.                 }
  278.             }else{
  279.                 throw new ValidationException('Failed to login user '.$this->personObject->get('email').', the password is incorrect!');
  280.                 self::$logger->debug('<<doLoginAndRedirect');
  281.             }
  282.         }
  283.     }
  284.     
  285.     /**
  286.      * Displays the application version number on the login screen.
  287.      * 
  288.      * @return string 
  289.      * @since 1.0
  290.      */
  291.     public function before_displayPageFoot_callback({
  292.         global $config;
  293.         
  294.         return '<p><em>Version '.$config->get('sysVersion').'</em></p>';
  295.     }
  296. }
  297.  
  298. // now build the new controller if this file is called directly
  299. if ('Login.php' == basename($_SERVER['PHP_SELF'])) {
  300.     $controller new Login();
  301.     
  302.     if(!empty($_POST)) {            
  303.         $controller->doPOST($_POST);
  304.     }else{
  305.         $controller->doGET($_GET);
  306.     }
  307. }
  308.  
  309. ?>
Documentation generated on Thu, 17 Mar 2011 16:44:34 +0000 by phpDocumentor 1.4.3