1: <?php
2:
3:
4: if(!isset($config)) {
5: require_once '../util/AlphaConfig.inc';
6: $config = AlphaConfig::getInstance();
7:
8: require_once $config->get('app.root').'alpha/util/AlphaAutoLoader.inc';
9: }
10:
11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54:
55: class Login extends AlphaController implements AlphaControllerInterface {
56: 57: 58: 59: 60: 61:
62: protected $personObject;
63:
64: 65: 66: 67: 68: 69:
70: private $personView;
71:
72: 73: 74: 75: 76: 77:
78: private static $logger = null;
79:
80: 81: 82: 83:
84: public function __construct() {
85: self::$logger = new Logger('Login');
86: self::$logger->debug('>>__construct()');
87:
88: global $config;
89:
90:
91: parent::__construct('Public');
92:
93: $this->personObject = new PersonObject();
94: $this->personView = AlphaView::getInstance($this->personObject);
95: $this->setBO($this->personObject);
96:
97:
98: $this->setTitle('Login to '.$config->get('app.title'));
99: $this->setDescription('Login page.');
100: $this->setKeywords('login,logon');
101:
102: self::$logger->debug('<<__construct');
103: }
104:
105: 106: 107: 108: 109: 110: 111:
112: public function doGET($params) {
113: self::$logger->debug('>>doGET($params=['.var_export($params, true).'])');
114:
115: if(!is_array($params))
116: throw new IllegalArguementException('Bad $params ['.var_export($params, true).'] passed to doGET method!');
117:
118: echo AlphaView::displayPageHead($this);
119:
120: if (isset($params['reset']))
121: echo $this->personView->displayResetForm();
122: else
123: echo $this->personView->displayLoginForm();
124:
125: echo AlphaView::displayPageFoot($this);
126:
127: self::$logger->debug('<<doGET');
128: }
129:
130: 131: 132: 133: 134: 135: 136:
137: public function doPOST($params) {
138: self::$logger->debug('>>doPOST($params=['.var_export($params, true).'])');
139:
140: if(!is_array($params))
141: throw new IllegalArguementException('Bad $params ['.var_export($params, true).'] passed to doPOST method!');
142:
143: global $config;
144:
145: try {
146:
147: if(!$this->checkSecurityFields())
148: throw new SecurityException('This page cannot accept post data from remote servers!');
149:
150: if (isset($params['loginBut'])) {
151:
152: if(!AlphaDAO::isInstalled()) {
153: if ($params['email'] == $config->get('app.install.username') && crypt($params['password'], $config->get('app.install.password')) ==
154: crypt($config->get('app.install.password'), $config->get('app.install.password'))) {
155:
156: self::$logger->info('Logging in ['.$params['email'].'] at ['.date("Y-m-d H:i:s").']');
157: $admin = new PersonObject();
158: $admin->set('displayName', 'Admin');
159: $admin->set('email', $params['email']);
160: $admin->set('password', crypt($params['password'], $config->get('app.install.password')));
161: $admin->set('OID', '00000000001');
162: $_SESSION['currentUser'] = $admin;
163: if ($this->getNextJob() != '') {
164: $url = FrontController::generateSecureURL('act='.$this->getNextJob());
165: self::$logger->info('Redirecting to ['.$url.']');
166: header('Location: '.$url);
167: exit;
168: }else{
169: $url = FrontController::generateSecureURL('act=Install');
170: self::$logger->info('Redirecting to ['.$url.']');
171: header('Location: '.$url);
172: exit;
173: }
174: }else{
175: throw new ValidationException('Failed to login user '.$params['email'].', the password is incorrect!');
176: }
177: }else{
178:
179: $this->personObject->loadByAttribute('email', $params['email'], true);
180:
181: AlphaDAO::disconnect();
182:
183:
184: if (!$this->personObject->isTransient() && $this->personObject->get('state') == 'Disabled')
185: throw new SecurityException('Failed to login user '.$params['email'].', that account has been disabled!');
186:
187:
188: $this->doLoginAndRedirect($params['password']);
189: }
190:
191: echo AlphaView::displayPageHead($this);
192:
193: echo $this->personView->displayLoginForm();
194: }
195:
196: if (isset($params['resetBut'])) {
197:
198: $this->personObject->loadByAttribute('email', $params['email']);
199:
200: AlphaDAO::disconnect();
201:
202:
203: $new_password = $this->personObject->generatePassword();
204:
205:
206: $this->personObject->set('password', crypt($new_password));
207: $this->personObject->save();
208:
209: $message = 'The password for your account has been reset to '.$new_password.' as you requested. You can now login to the site using your '.
210: 'e-mail address and this new password as before.';
211: $subject = 'Password change request';
212:
213: $this->personObject->sendMail($message, $subject);
214:
215: echo AlphaView::displayUpdateMessage('The password for the user <strong>'.$params['email'].'</strong> has been reset, and the new password '.
216: 'has been sent to that e-mail address.');
217: echo '<a href="'.$config->get('app.url').'">Home Page</a>';
218: }
219: }catch(ValidationException $e) {
220: echo AlphaView::displayPageHead($this);
221:
222: echo AlphaView::displayErrorMessage($e->getMessage());
223:
224: if (isset($params['reset']))
225: echo $this->personView->displayResetForm();
226: else
227: echo $this->personView->displayLoginForm();
228:
229: self::$logger->warn($e->getMessage());
230: }catch(SecurityException $e) {
231: echo AlphaView::displayPageHead($this);
232:
233: echo AlphaView::displayErrorMessage($e->getMessage());
234:
235: self::$logger->warn($e->getMessage());
236: }catch(BONotFoundException $e) {
237: echo AlphaView::displayPageHead($this);
238:
239: echo AlphaView::displayErrorMessage('Failed to find the user \''.$params['email'].'\'');
240:
241: if (isset($params['reset']))
242: echo $this->personView->displayResetForm();
243: else
244: echo $this->personView->displayLoginForm();
245:
246: self::$logger->warn($e->getMessage());
247: }
248:
249: echo AlphaView::displayPageFoot($this);
250: self::$logger->debug('<<doPOST');
251: }
252:
253: 254: 255: 256: 257: 258: 259:
260: protected function doLoginAndRedirect($password) {
261: self::$logger->debug('>>doLoginAndRedirect(password=['.$password.'])');
262:
263: global $config;
264:
265: if (!$this->personObject->isTransient() && $this->personObject->get('state') == 'Active') {
266: if (crypt($password, $this->personObject->get('password')) == $this->personObject->get('password')) {
267:
268: $_SESSION['currentUser'] = $this->personObject;
269:
270: self::$logger->debug('Logging in ['.$this->personObject->get('email').'] at ['.date("Y-m-d H:i:s").']');
271: self::$logger->action('Login');
272:
273: if ($this->getNextJob() != '') {
274: self::$logger->debug('<<doLoginAndRedirect');
275: $url = FrontController::generateSecureURL('act='.$this->getNextJob());
276: header('Location: '.$url);
277: exit;
278: }else{
279: self::$logger->debug('<<doLoginAndRedirect');
280: header('Location: '.$config->get('app.url'));
281: exit;
282: }
283: }else{
284: throw new ValidationException('Failed to login user '.$this->personObject->get('email').', the password is incorrect!');
285: self::$logger->debug('<<doLoginAndRedirect');
286: }
287: }
288: }
289:
290: 291: 292: 293: 294: 295:
296: public function () {
297: global $config;
298:
299: return '<p><em>Version '.$config->get('app.version').'</em></p>';
300: }
301: }
302:
303:
304: if ('Login.php' == basename($_SERVER['PHP_SELF'])) {
305: $controller = new Login();
306:
307: if(!empty($_POST)) {
308: $controller->doPOST($_POST);
309: }else{
310: $controller->doGET($_GET);
311: }
312: }
313:
314: ?>