1: <?php
2:
3:
4: if(!isset($config)) {
5: require_once '../util/AlphaConfig.inc';
6: $config = AlphaConfig::getInstance();
7:
8: require_once $config->get('app.root').'alpha/util/AlphaAutoLoader.inc';
9: }
10:
11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54:
55: class Login extends AlphaController implements AlphaControllerInterface {
56: 57: 58: 59: 60: 61:
62: protected $personObject;
63:
64: 65: 66: 67: 68: 69:
70: private $personView;
71:
72: 73: 74: 75: 76: 77:
78: private static $logger = null;
79:
80: 81: 82: 83:
84: public function __construct() {
85: self::$logger = new Logger('Login');
86: self::$logger->debug('>>__construct()');
87:
88: global $config;
89:
90:
91: parent::__construct('Public');
92:
93: $this->personObject = new PersonObject();
94: $this->personView = AlphaView::getInstance($this->personObject);
95: $this->setBO($this->personObject);
96:
97:
98: $this->setTitle('Login to '.$config->get('app.title'));
99: $this->setDescription('Login page.');
100: $this->setKeywords('login,logon');
101:
102: self::$logger->debug('<<__construct');
103: }
104:
105: 106: 107: 108: 109: 110: 111:
112: public function doGET($params) {
113: self::$logger->debug('>>doGET($params=['.var_export($params, true).'])');
114:
115: if(!is_array($params))
116: throw new IllegalArguementException('Bad $params ['.var_export($params, true).'] passed to doGET method!');
117:
118: echo AlphaView::displayPageHead($this);
119:
120: if (isset($params['reset']))
121: echo $this->personView->displayResetForm();
122: else
123: echo $this->personView->displayLoginForm();
124:
125: echo AlphaView::displayPageFoot($this);
126:
127: self::$logger->debug('<<doGET');
128: }
129:
130: 131: 132: 133: 134: 135: 136:
137: public function doPOST($params) {
138: self::$logger->debug('>>doPOST($params=['.var_export($params, true).'])');
139:
140: if(!is_array($params))
141: throw new IllegalArguementException('Bad $params ['.var_export($params, true).'] passed to doPOST method!');
142:
143: global $config;
144:
145: try {
146:
147: if(!$this->checkSecurityFields())
148: throw new SecurityException('This page cannot accept post data from remote servers!');
149:
150: if (isset($params['loginBut'])) {
151:
152: if(!AlphaDAO::isInstalled()) {
153: if ($params['email'] == $config->get('app.install.username') && crypt($params['password'], $config->get('app.install.password')) ==
154: crypt($config->get('app.install.password'), $config->get('app.install.password'))) {
155:
156: self::$logger->info('Logging in ['.$params['email'].'] at ['.date("Y-m-d H:i:s").']');
157: $admin = new PersonObject();
158: $admin->set('displayName', 'Admin');
159: $admin->set('email', $params['email']);
160: $admin->set('password', crypt($params['password'], $config->get('app.install.password')));
161: $admin->set('OID', '00000000001');
162: $_SESSION['currentUser'] = $admin;
163: if ($this->getNextJob() != '') {
164: $url = FrontController::generateSecureURL('act='.$this->getNextJob());
165: self::$logger->info('Redirecting to ['.$url.']');
166: header('Location: '.$url);
167: exit;
168: }else{
169: header('Location: '.$config->get('app.url').'alpha/controller/Install.php');
170: exit;
171: }
172: }else{
173: throw new ValidationException('Failed to login user '.$params['email'].', the password is incorrect!');
174: }
175: }else{
176:
177: $this->personObject->loadByAttribute('email', $params['email'], true);
178:
179: AlphaDAO::disconnect();
180:
181:
182: if (!$this->personObject->isTransient() && $this->personObject->get('state') == 'Disabled')
183: throw new SecurityException('Failed to login user '.$params['email'].', that account has been disabled!');
184:
185:
186: $this->doLoginAndRedirect($params['password']);
187: }
188:
189: echo AlphaView::displayPageHead($this);
190:
191: echo $this->personView->displayLoginForm();
192: }
193:
194: if (isset($params['resetBut'])) {
195:
196: $this->personObject->loadByAttribute('email', $params['email']);
197:
198: AlphaDAO::disconnect();
199:
200:
201: $new_password = $this->personObject->generatePassword();
202:
203:
204: $this->personObject->set('password', crypt($new_password));
205: $this->personObject->save();
206:
207: $message = 'The password for your account has been reset to '.$new_password.' as you requested. You can now login to the site using your '.
208: 'e-mail address and this new password as before.';
209: $subject = 'Password change request';
210:
211: $this->personObject->sendMail($message, $subject);
212:
213: echo AlphaView::displayUpdateMessage('The password for the user <strong>'.$params['email'].'</strong> has been reset, and the new password '.
214: 'has been sent to that e-mail address.');
215: echo '<a href="'.$config->get('app.url').'">Home Page</a>';
216: }
217: }catch(ValidationException $e) {
218: echo AlphaView::displayPageHead($this);
219:
220: echo AlphaView::displayErrorMessage($e->getMessage());
221:
222: echo $this->personView->displayLoginForm();
223:
224: self::$logger->warn($e->getMessage());
225: }catch(SecurityException $e) {
226: echo AlphaView::displayPageHead($this);
227:
228: echo AlphaView::displayErrorMessage($e->getMessage());
229:
230: self::$logger->warn($e->getMessage());
231: }catch(BONotFoundException $e) {
232: echo AlphaView::displayPageHead($this);
233:
234: echo AlphaView::displayErrorMessage('Failed to find the user \''.$params['email'].'\'');
235:
236: echo $this->personView->displayLoginForm();
237:
238: self::$logger->warn($e->getMessage());
239: }
240:
241: echo AlphaView::displayPageFoot($this);
242: self::$logger->debug('<<doPOST');
243: }
244:
245: 246: 247: 248: 249: 250: 251:
252: protected function doLoginAndRedirect($password) {
253: self::$logger->debug('>>doLoginAndRedirect(password=['.$password.'])');
254:
255: global $config;
256:
257: if (!$this->personObject->isTransient() && $this->personObject->get('state') == 'Active') {
258: if (crypt($password, $this->personObject->get('password')) == $this->personObject->get('password')) {
259:
260: $_SESSION['currentUser'] = $this->personObject;
261:
262: self::$logger->debug('Logging in ['.$this->personObject->get('email').'] at ['.date("Y-m-d H:i:s").']');
263: self::$logger->action('Login');
264:
265: if ($this->getNextJob() != '') {
266: self::$logger->debug('<<doLoginAndRedirect');
267: $url = FrontController::generateSecureURL('act='.$this->getNextJob());
268: header('Location: '.$url);
269: exit;
270: }else{
271: self::$logger->debug('<<doLoginAndRedirect');
272: header('Location: '.$config->get('app.url'));
273: exit;
274: }
275: }else{
276: throw new ValidationException('Failed to login user '.$this->personObject->get('email').', the password is incorrect!');
277: self::$logger->debug('<<doLoginAndRedirect');
278: }
279: }
280: }
281:
282: 283: 284: 285: 286: 287:
288: public function () {
289: global $config;
290:
291: return '<p><em>Version '.$config->get('app.version').'</em></p>';
292: }
293: }
294:
295:
296: if ('Login.php' == basename($_SERVER['PHP_SELF'])) {
297: $controller = new Login();
298:
299: if(!empty($_POST)) {
300: $controller->doPOST($_POST);
301: }else{
302: $controller->doGET($_GET);
303: }
304: }
305:
306: ?>