1: <?php
2:
3:
4: if(!isset($config)) {
5: require_once '../util/AlphaConfig.inc';
6: $config = AlphaConfig::getInstance();
7:
8: require_once $config->get('app.root').'alpha/util/AlphaAutoLoader.inc';
9: }
10:
11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45: 46: 47: 48: 49: 50: 51: 52: 53: 54: 55:
56: class Login extends AlphaController implements AlphaControllerInterface {
57: 58: 59: 60: 61: 62:
63: protected $personObject;
64:
65: 66: 67: 68: 69: 70:
71: private $personView;
72:
73: 74: 75: 76: 77: 78:
79: private static $logger = null;
80:
81: 82: 83: 84:
85: public function __construct() {
86: self::$logger = new Logger('Login');
87: self::$logger->debug('>>__construct()');
88:
89: global $config;
90:
91:
92: parent::__construct('Public');
93:
94: $this->personObject = new PersonObject();
95: $this->personView = AlphaView::getInstance($this->personObject);
96: $this->setBO($this->personObject);
97:
98:
99: $this->setTitle('Login to '.$config->get('app.title'));
100: $this->setDescription('Login page.');
101: $this->setKeywords('login,logon');
102:
103: self::$logger->debug('<<__construct');
104: }
105:
106: 107: 108: 109: 110: 111: 112:
113: public function doGET($params) {
114: self::$logger->debug('>>doGET($params=['.var_export($params, true).'])');
115:
116: if(!is_array($params))
117: throw new IllegalArguementException('Bad $params ['.var_export($params, true).'] passed to doGET method!');
118:
119: echo AlphaView::displayPageHead($this);
120:
121: if (isset($params['reset']))
122: echo $this->personView->displayResetForm();
123: else
124: echo $this->personView->displayLoginForm();
125:
126: echo AlphaView::displayPageFoot($this);
127:
128: self::$logger->debug('<<doGET');
129: }
130:
131: 132: 133: 134: 135: 136: 137:
138: public function doPOST($params) {
139: self::$logger->debug('>>doPOST($params=['.var_export($params, true).'])');
140:
141: if(!is_array($params))
142: throw new IllegalArguementException('Bad $params ['.var_export($params, true).'] passed to doPOST method!');
143:
144: global $config;
145:
146: try {
147:
148: if(!$this->checkSecurityFields())
149: throw new SecurityException('This page cannot accept post data from remote servers!');
150:
151: if (isset($params['loginBut'])) {
152:
153: if(!AlphaDAO::isInstalled()) {
154: if ($params['email'] == $config->get('app.install.username') && crypt($params['password'], $config->get('app.install.password')) ==
155: crypt($config->get('app.install.password'), $config->get('app.install.password'))) {
156:
157: self::$logger->info('Logging in ['.$params['email'].'] at ['.date("Y-m-d H:i:s").']');
158: $admin = new PersonObject();
159: $admin->set('displayName', 'Admin');
160: $admin->set('email', $params['email']);
161: $admin->set('password', crypt($params['password'], $config->get('app.install.password')));
162: $admin->set('OID', '00000000001');
163: $_SESSION['currentUser'] = $admin;
164: if ($this->getNextJob() != '') {
165: $url = FrontController::generateSecureURL('act='.$this->getNextJob());
166: self::$logger->info('Redirecting to ['.$url.']');
167: header('Location: '.$url);
168: exit;
169: }else{
170: header('Location: '.$config->get('app.url').'alpha/controller/Install.php');
171: exit;
172: }
173: }else{
174: throw new ValidationException('Failed to login user '.$params['email'].', the password is incorrect!');
175: }
176: }else{
177:
178: $this->personObject->loadByAttribute('email', $params['email'], true);
179:
180: AlphaDAO::disconnect();
181:
182:
183: if (!$this->personObject->isTransient() && $this->personObject->get('state') == 'Disabled')
184: throw new SecurityException('Failed to login user '.$params['email'].', that account has been disabled!');
185:
186:
187: $this->doLoginAndRedirect($params['password']);
188: }
189:
190: echo AlphaView::displayPageHead($this);
191:
192: echo $this->personView->displayLoginForm();
193: }
194:
195: if (isset($params['resetBut'])) {
196:
197: $this->personObject->loadByAttribute('email', $params['email']);
198:
199: AlphaDAO::disconnect();
200:
201:
202: $new_password = $this->personObject->generatePassword();
203:
204:
205: $this->personObject->set('password', crypt($new_password));
206: $this->personObject->save();
207:
208: $message = 'The password for your account has been reset to '.$new_password.' as you requested. You can now login to the site using your '.
209: 'e-mail address and this new password as before.';
210: $subject = 'Password change request';
211:
212: $this->personObject->sendMail($message, $subject);
213:
214: echo AlphaView::displayUpdateMessage('The password for the user <strong>'.$params['email'].'</strong> has been reset, and the new password '.
215: 'has been sent to that e-mail address.');
216: echo '<a href="'.$config->get('app.url').'">Home Page</a>';
217: }
218: }catch(ValidationException $e) {
219: echo AlphaView::displayPageHead($this);
220:
221: echo AlphaView::displayErrorMessage($e->getMessage());
222:
223: echo $this->personView->displayLoginForm();
224:
225: self::$logger->warn($e->getMessage());
226: }catch(SecurityException $e) {
227: echo AlphaView::displayPageHead($this);
228:
229: echo AlphaView::displayErrorMessage($e->getMessage());
230:
231: self::$logger->warn($e->getMessage());
232: }catch(BONotFoundException $e) {
233: echo AlphaView::displayPageHead($this);
234:
235: echo AlphaView::displayErrorMessage('Failed to find the user \''.$params['email'].'\'');
236:
237: echo $this->personView->displayLoginForm();
238:
239: self::$logger->warn($e->getMessage());
240: }
241:
242: echo AlphaView::displayPageFoot($this);
243: self::$logger->debug('<<doPOST');
244: }
245:
246: 247: 248: 249: 250: 251: 252:
253: protected function doLoginAndRedirect($password) {
254: self::$logger->debug('>>doLoginAndRedirect(password=['.$password.'])');
255:
256: global $config;
257:
258: if (!$this->personObject->isTransient() && $this->personObject->get('state') == 'Active') {
259: if (crypt($password, $this->personObject->get('password')) == $this->personObject->get('password')) {
260:
261: self::$logger->info('Logging in ['.$this->personObject->get('email').'] at ['.date("Y-m-d H:i:s").']');
262:
263: $_SESSION['currentUser'] = $this->personObject;
264:
265: if ($this->getNextJob() != '') {
266: self::$logger->debug('<<doLoginAndRedirect');
267: $url = FrontController::generateSecureURL('act='.$this->getNextJob());
268: header('Location: '.$url);
269: exit;
270: }else{
271: self::$logger->debug('<<doLoginAndRedirect');
272: header('Location: '.$config->get('app.url'));
273: exit;
274: }
275: }else{
276: throw new ValidationException('Failed to login user '.$this->personObject->get('email').', the password is incorrect!');
277: self::$logger->debug('<<doLoginAndRedirect');
278: }
279: }
280: }
281:
282: 283: 284: 285: 286: 287:
288: public function () {
289: global $config;
290:
291: return '<p><em>Version '.$config->get('app.version').'</em></p>';
292: }
293: }
294:
295:
296: if ('Login.php' == basename($_SERVER['PHP_SELF'])) {
297: $controller = new Login();
298:
299: if(!empty($_POST)) {
300: $controller->doPOST($_POST);
301: }else{
302: $controller->doGET($_GET);
303: }
304: }
305:
306: ?>