Overview

Namespaces

  • Alpha
    • Controller
      • Front
    • Exception
    • Model
      • Type
    • Task
    • Util
      • Backup
      • Cache
      • Code
        • Highlight
        • Metric
      • Config
      • Convertor
      • Email
      • Extension
      • Feed
      • File
      • Graph
      • Helper
      • Http
        • Filter
        • Session
      • Image
      • Logging
      • Search
      • Security
    • View
      • Renderer
        • Html
        • Json
      • Widget

Classes

  • ActiveRecordController
  • ArticleController
  • AttachmentController
  • CacheController
  • Controller
  • DEnumController
  • ExcelController
  • FeedController
  • GenSecureQueryStringController
  • ImageController
  • IndexController
  • InstallController
  • ListActiveRecordsController
  • LogController
  • LoginController
  • LogoutController
  • MetricController
  • PhpinfoController
  • RecordSelectorController
  • SearchController
  • SequenceController
  • TagController

Interfaces

  • ControllerInterface
  • Overview
  • Namespace
  • Class
  • Tree 
  1: <?php
  2: 
  3: namespace Alpha\Controller;
  4: 
  5: use Alpha\Util\Logging\Logger;
  6: use Alpha\Util\Config\ConfigProvider;
  7: use Alpha\Util\Http\Request;
  8: use Alpha\Util\Http\Response;
  9: use Alpha\Util\Http\Session\SessionProviderFactory;
 10: use Alpha\View\View;
 11: use Alpha\View\PersonView;
 12: use Alpha\Model\Person;
 13: use Alpha\Model\ActiveRecord;
 14: use Alpha\Exception\IllegalArguementException;
 15: use Alpha\Exception\SecurityException;
 16: use Alpha\Exception\ValidationException;
 17: use Alpha\Exception\RecordNotFoundException;
 18: use Alpha\Controller\Front\FrontController;
 19: 
 20: /**
 21:  * Login controller that adds the current user object to the session.
 22:  *
 23:  * @since 1.0
 24:  *
 25:  * @author John Collins <dev@alphaframework.org>
 26:  * @license http://www.opensource.org/licenses/bsd-license.php The BSD License
 27:  * @copyright Copyright (c) 2015, John Collins (founder of Alpha Framework).
 28:  * All rights reserved.
 29:  *
 30:  * <pre>
 31:  * Redistribution and use in source and binary forms, with or
 32:  * without modification, are permitted provided that the
 33:  * following conditions are met:
 34:  *
 35:  * * Redistributions of source code must retain the above
 36:  *   copyright notice, this list of conditions and the
 37:  *   following disclaimer.
 38:  * * Redistributions in binary form must reproduce the above
 39:  *   copyright notice, this list of conditions and the
 40:  *   following disclaimer in the documentation and/or other
 41:  *   materials provided with the distribution.
 42:  * * Neither the name of the Alpha Framework nor the names
 43:  *   of its contributors may be used to endorse or promote
 44:  *   products derived from this software without specific
 45:  *   prior written permission.
 46:  *
 47:  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
 48:  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
 49:  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 50:  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 51:  * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
 52:  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 53:  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 54:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 55:  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 56:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 57:  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
 58:  * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 59:  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 60:  * </pre>
 61:  */
 62: class LoginController extends Controller implements ControllerInterface
 63: {
 64:     /**
 65:      * The person to be logged in.
 66:      *
 67:      * @var Alpha\Model\Person
 68:      *
 69:      * @since 1.0
 70:      */
 71:     protected $personObject;
 72: 
 73:     /**
 74:      * The person view object.
 75:      *
 76:      * @var Alpha\View\PersonView
 77:      *
 78:      * @since 1.0
 79:      */
 80:     private $personView;
 81: 
 82:     /**
 83:      * Trace logger.
 84:      *
 85:      * @var Alpha\Util\Logging\Logger
 86:      *
 87:      * @since 1.0
 88:      */
 89:     private static $logger = null;
 90: 
 91:     /**
 92:      * constructor to set up the object.
 93:      *
 94:      * @since 1.0
 95:      */
 96:     public function __construct()
 97:     {
 98:         self::$logger = new Logger('LoginController');
 99:         self::$logger->debug('>>__construct()');
100: 
101:         $config = ConfigProvider::getInstance();
102: 
103:         // ensure that the super class constructor is called, indicating the rights group
104:         parent::__construct('Public');
105: 
106:         $this->personObject = new Person();
107:         $this->personView = View::getInstance($this->personObject);
108:         $this->setRecord($this->personObject);
109: 
110:         // set up the title and meta details
111:         $this->setTitle('Login to '.$config->get('app.title'));
112:         $this->setDescription('Login page.');
113:         $this->setKeywords('login,logon');
114: 
115:         self::$logger->debug('<<__construct');
116:     }
117: 
118:     /**
119:      * Handle GET requests.
120:      *
121:      * @param Alpha\Util\Http\Request $request
122:      *
123:      * @return Alpha\Util\Http\Response
124:      *
125:      * @throws Alpha\Exception\IllegalArguementException
126:      *
127:      * @since 1.0
128:      */
129:     public function doGET($request)
130:     {
131:         self::$logger->debug('>>doGET($request=['.var_export($request, true).'])');
132: 
133:         $params = $request->getParams();
134: 
135:         if (!is_array($params)) {
136:             throw new IllegalArguementException('Bad $params ['.var_export($params, true).'] passed to doGET method!');
137:         }
138: 
139:         $body = View::displayPageHead($this);
140: 
141:         if (isset($params['reset'])) {
142:             $body .= $this->personView->displayResetForm();
143:         } else {
144:             $body .= $this->personView->displayLoginForm();
145:         }
146: 
147:         $body .= View::displayPageFoot($this);
148: 
149:         self::$logger->debug('<<doGET');
150: 
151:         return new Response(200, $body, array('Content-Type' => 'text/html'));
152:     }
153: 
154:     /**
155:      * Handle POST requests (adds $currentUser Person to the session).
156:      *
157:      * @param Alpha\Util\Http\Request $request
158:      *
159:      * @return Alpha\Util\Http\Response
160:      *
161:      * @throws Alpha\Exception\IllegalArguementException
162:      *
163:      * @since 1.0
164:      */
165:     public function doPOST($request)
166:     {
167:         self::$logger->debug('>>doPOST($request=['.var_export($request, true).'])');
168: 
169:         $params = $request->getParams();
170: 
171:         if (!is_array($params)) {
172:             throw new IllegalArguementException('Bad $params ['.var_export($params, true).'] passed to doPOST method!');
173:         }
174: 
175:         $config = ConfigProvider::getInstance();
176: 
177:         $body = '';
178: 
179:         try {
180:             // check the hidden security fields before accepting the form POST data
181:             if (!$this->checkSecurityFields()) {
182:                 throw new SecurityException('This page cannot accept post data from remote servers!');
183:             }
184: 
185:             if (isset($params['loginBut'])) {
186:                 // if the database has not been set up yet, accept a login from the config admin username/password
187:                 if (!ActiveRecord::isInstalled()) {
188:                     if ($params['email'] == $config->get('app.install.username') && password_verify($params['password'], password_hash($config->get('app.install.password'), PASSWORD_DEFAULT, ['cost' => 12]))) {
189:                         self::$logger->info('Logging in ['.$params['email'].'] at ['.date('Y-m-d H:i:s').']');
190:                         $admin = new Person();
191:                         $admin->set('displayName', 'Admin');
192:                         $admin->set('email', $params['email']);
193:                         $admin->set('password', password_hash($params['password'], PASSWORD_DEFAULT, ['cost' => 12]));
194:                         $admin->set('OID', '00000000001');
195: 
196:                         $sessionProvider = $config->get('session.provider.name');
197:                         $session = SessionProviderFactory::getInstance($sessionProvider);
198:                         $session->set('currentUser', $admin);
199: 
200:                         $response = new Response(301);
201:                         if ($this->getNextJob() != '') {
202:                             $response->redirect(FrontController::generateSecureURL('act='.$this->getNextJob()));
203:                             $this->clearUnitOfWorkAttributes();
204:                         } else {
205:                             $response->redirect(FrontController::generateSecureURL('act=InstallController'));
206:                         }
207: 
208:                         return $response;
209:                     } else {
210:                         throw new ValidationException('Failed to login user '.$params['email'].', the password is incorrect!');
211:                     }
212:                 } else {
213:                     // here we are attempting to load the person from the email address
214:                     $this->personObject->loadByAttribute('email', $params['email'], true);
215: 
216:                     ActiveRecord::disconnect();
217: 
218:                     // checking to see if the account has been disabled
219:                     if (!$this->personObject->isTransient() && $this->personObject->get('state') == 'Disabled') {
220:                         throw new SecurityException('Failed to login user '.$params['email'].', that account has been disabled!');
221:                     }
222: 
223:                     // check the password
224:                     return $this->doLoginAndRedirect($params['password']);
225:                 }
226: 
227:                 $body .= View::displayPageHead($this);
228: 
229:                 $body .= $this->personView->displayLoginForm();
230:             }
231: 
232:             if (isset($params['resetBut'])) {
233:                 // here we are attempting to load the person from the email address
234:                 $this->personObject->loadByAttribute('email', $params['email']);
235: 
236:                 ActiveRecord::disconnect();
237: 
238:                 // generate a new random password
239:                 $newPassword = $this->personObject->generatePassword();
240: 
241:                 // now encrypt and save the new password, then e-mail the user
242:                 $this->personObject->set('password', password_hash($newPassword, PASSWORD_DEFAULT, ['cost' => 12]));
243:                 $this->personObject->save();
244: 
245:                 $message = 'The password for your account has been reset to '.$newPassword.' as you requested.  You can now login to the site using your '.
246:                     'e-mail address and this new password as before.';
247:                 $subject = 'Password change request';
248: 
249:                 $this->personObject->sendMail($message, $subject);
250: 
251:                 $body .= View::displayUpdateMessage('The password for the user <strong>'.$params['email'].'</strong> has been reset, and the new password '.
252:                     'has been sent to that e-mail address.');
253:                 $body .= '<a href="'.$config->get('app.url').'">Home Page</a>';
254:             }
255:         } catch (ValidationException $e) {
256:             $body .= View::displayPageHead($this);
257: 
258:             $body .= View::displayErrorMessage($e->getMessage());
259: 
260:             if (isset($params['reset'])) {
261:                 $body .= $this->personView->displayResetForm();
262:             } else {
263:                 $body .= $this->personView->displayLoginForm();
264:             }
265: 
266:             self::$logger->warn($e->getMessage());
267:         } catch (SecurityException $e) {
268:             $body .= View::displayPageHead($this);
269: 
270:             $body .= View::displayErrorMessage($e->getMessage());
271: 
272:             self::$logger->warn($e->getMessage());
273:         } catch (RecordNotFoundException $e) {
274:             $body .= View::displayPageHead($this);
275: 
276:             $body .= View::displayErrorMessage('Failed to find the user \''.$params['email'].'\'');
277: 
278:             if (isset($params['reset'])) {
279:                 $body .= $this->personView->displayResetForm();
280:             } else {
281:                 $body .= $this->personView->displayLoginForm();
282:             }
283: 
284:             self::$logger->warn($e->getMessage());
285:         }
286: 
287:         $body .= View::displayPageFoot($this);
288: 
289:         self::$logger->debug('<<doPOST');
290: 
291:         return new Response(200, $body, array('Content-Type' => 'text/html'));
292:     }
293: 
294:     /**
295:      * Login the user and re-direct to the defined destination.
296:      *
297:      * @param string $password The password supplied by the user logging in
298:      *
299:      * @throws Alpha\Exception\ValidationException
300:      *
301:      * @return Alpha\Util\Http\Response
302:      *
303:      * @since 1.0
304:      */
305:     protected function doLoginAndRedirect($password)
306:     {
307:         self::$logger->debug('>>doLoginAndRedirect(password=['.$password.'])');
308: 
309:         $config = ConfigProvider::getInstance();
310: 
311:         if (!$this->personObject->isTransient() && $this->personObject->get('state') == 'Active') {
312:             if (password_verify($password, $this->personObject->get('password'))) {
313:                 $sessionProvider = $config->get('session.provider.name');
314:                 $session = SessionProviderFactory::getInstance($sessionProvider);
315:                 $session->set('currentUser', $this->personObject);
316: 
317:                 self::$logger->debug('Logging in ['.$this->personObject->get('email').'] at ['.date('Y-m-d H:i:s').']');
318:                 self::$logger->action('Login');
319: 
320:                 $response = new Response(301);
321:                 if ($this->getNextJob() != '') {
322:                     $response->redirect(FrontController::generateSecureURL('act='.$this->getNextJob()));
323:                     $this->clearUnitOfWorkAttributes();
324:                 } else {
325:                     $response->redirect($config->get('app.url'));
326:                 }
327: 
328:                 return $response;
329:             } else {
330:                 throw new ValidationException('Failed to login user '.$this->personObject->get('email').', the password is incorrect!');
331:                 self::$logger->debug('<<doLoginAndRedirect');
332:             }
333:         }
334:     }
335: 
336:     /**
337:      * Displays the application version number on the login screen.
338:      *
339:      * @return string
340:      *
341:      * @since 1.0
342:      */
343:     public function before_displayPageFoot_callback()
344:     {
345:         $config = ConfigProvider::getInstance();
346: 
347:         return '<p><em>Version '.$config->get('app.version').'</em></p>';
348:     }
349: }
350:
Alpha Framework 2.0.4 API Documentation API documentation generated by ApiGen 2.8.0