Source for file Login.php
Documentation is available at Login.php
// include the config file
require_once '../util/AlphaConfig.inc';
require_once $config->get('sysRoot'). 'alpha/util/Logger.inc';
require_once $config->get('sysRoot'). 'alpha/view/PersonView.inc';
require_once $config->get('sysRoot'). 'alpha/controller/AlphaController.inc';
require_once $config->get('sysRoot'). 'alpha/controller/AlphaControllerInterface.inc';
* Login controller that adds the current user object to the session
* @package alpha::controller
* @author John Collins <dev@alphaframework.org>
* @version $Id: Login.php 1453 2011-12-04 15:12:54Z johnc $
* @license http://www.opensource.org/licenses/bsd-license.php The BSD License
* @copyright Copyright (c) 2011, John Collins (founder of Alpha Framework).
* Redistribution and use in source and binary forms, with or
* without modification, are permitted provided that the
* following conditions are met:
* * Redistributions of source code must retain the above
* copyright notice, this list of conditions and the
* * Redistributions in binary form must reproduce the above
* copyright notice, this list of conditions and the
* following disclaimer in the documentation and/or other
* materials provided with the distribution.
* * Neither the name of the Alpha Framework nor the names
* of its contributors may be used to endorse or promote
* products derived from this software without specific
* prior written permission.
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
* CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* The person to be logged in
private static $logger = null;
* constructor to set up the object
self::$logger = new Logger('Login');
self::$logger->debug('>>__construct()');
// ensure that the super class constructor is called, indicating the rights group
parent::__construct('Public');
// set up the title and meta details
$this->setTitle('Login to '. $config->get('sysTitle'));
self::$logger->debug('<<__construct');
* @throws IllegalArguementException
public function doGET($params) {
self::$logger->debug('>>doGET($params=['. var_export($params, true). '])');
if (isset ($params['reset']))
echo $this->personView->displayResetForm();
echo $this->personView->displayLoginForm();
self::$logger->debug('<<doGET');
* Handle POST requests (adds $currentUser PersonObject to the session)
* @throws IllegalArguementException
public function doPOST($params) {
self::$logger->debug('>>doPOST($params=['. var_export($params, true). '])');
// check the hidden security fields before accepting the form POST data
throw new SecurityException('This page cannot accept post data from remote servers!');
if (isset ($params['loginBut'])) {
// if the database has not been set up yet, accept a login from the config admin username/password
if ($params['email'] == $config->get('sysInstallUsername') && crypt($params['password'], $config->get('sysInstallPassword')) ==
crypt($config->get('sysInstallPassword'), $config->get('sysInstallPassword'))) {
self::$logger->info('Logging in ['. $params['email']. '] at ['. date("Y-m-d H:i:s"). ']');
$admin->set('displayName', 'Admin');
$admin->set('email', $params['email']);
$admin->set('password', crypt($params['password'], $config->get('sysInstallPassword')));
$admin->set('OID', '00000000001');
$_SESSION['currentUser'] = $admin;
self::$logger->info('Redirecting to ['. $url. ']');
header('Location: '. $url);
header('Location: '. $config->get('sysURL'). 'alpha/controller/Install.php');
throw new ValidationException('Failed to login user '. $params['email']. ', the password is incorrect!');
// here we are attempting to load the person from the email address
$this->personObject->loadByAttribute('email', $params['email'], true);
// checking to see if the account has been disabled
throw new SecurityException('Failed to login user '. $params['email']. ', that account has been disabled!');
echo $this->personView->displayLoginForm();
if (isset ($params['resetBut'])) {
// here we are attempting to load the person from the email address
$this->personObject->loadByAttribute('email', $params['email']);
// generate a new random password
// now encrypt and save the new password, then e-mail the user
$message = 'The password for your account has been reset to '. $new_password. ' as you requested. You can now login to the site using your '.
'e-mail address and this new password as before.';
$subject = 'Password change request';
'has been sent to that e-mail address.');
echo '<a href="'. $config->get('sysURL'). '">Home Page</a>';
echo $this->personView->displayLoginForm();
self::$logger->warn($e->getMessage());
}catch (SecurityException $e) {
self::$logger->warn($e->getMessage());
}catch (BONotFoundException $e) {
echo $this->personView->displayLoginForm();
self::$logger->warn($e->getMessage());
echo AlphaView::displayPageFoot($this);
self::$logger->debug('<<doPOST');
* Login the user and re-direct to the defined destination
* @param string $password The password supplied by the user logging in
* @throws ValidationException
self::$logger->debug('>>doLoginAndRedirect(password=['. $password. '])');
self::$logger->info('Logging in ['. $this->personObject->get('email'). '] at ['. date("Y-m-d H:i:s"). ']');
self::$logger->debug('<<doLoginAndRedirect');
$url = FrontController::generateSecureURL('act='. $this->getNextJob());
self::$logger->debug('<<doLoginAndRedirect');
header('Location: '. $config->get('sysURL'));
self::$logger->debug('<<doLoginAndRedirect');
* Displays the application version number on the login screen.
return '<p><em>Version '. $config->get('sysVersion'). '</em></p>';
// now build the new controller if this file is called directly
if ('Login.php' == basename($_SERVER['PHP_SELF'])) {
$controller = new Login();
$controller->doGET($_GET);
|