Index: branches/5.1.x/core/units/users/users_event_handler.php
===================================================================
diff -u -r13470 -r13471
--- branches/5.1.x/core/units/users/users_event_handler.php (.../users_event_handler.php) (revision 13470)
+++ branches/5.1.x/core/units/users/users_event_handler.php (.../users_event_handler.php) (revision 13471)
@@ -1,6 +1,6 @@
Application->isAdmin ? 'u.current' : 'u'; // "u" used on front not to change theme
- $object =& $this->Application->recallObject($prefix_special, null, Array('skip_autoload' => true));
+ $email_as_login = $this->Application->ConfigValue('Email_As_Login');
+ $username = $this->Application->GetVar($email_as_login && !$this->Application->isAdmin ? 'email' : 'login');
$password = $this->Application->GetVar('password');
+ $rember_login = $this->Application->GetVar('cb_remember_login') == 1;
- $invalid_pseudo = $this->Application->isAdmin ? 'la_invalid_password' : 'lu_invalid_password';
- $remember_login_cookie = $this->Application->GetVar('remember_login');
+ $user_helper =& $this->Application->recallObject('UserHelper');
+ /* @var $user_helper UserHelper */
- if (!$password && !$remember_login_cookie) {
- $object->SetError('ValidateLogin', 'invalid_password', $invalid_pseudo);
- $event->status = erFAIL;
- return false;
- }
+ $user_helper->event =& $event;
+ $result = $user_helper->loginUser($username, $password, false, $rember_login);
- $email_as_login = $this->Application->ConfigValue('Email_As_Login');
- list ($login_field, $submit_field) = $email_as_login && !$this->Application->isAdmin ? Array('Email', 'email') : Array('Login', 'login');
- $login_value = $this->Application->GetVar($submit_field);
+ if ($result != LOGIN_RESULT_OK) {
+ $object =& $user_helper->getUserObject();
- // process "Save Username" checkbox
- if ($this->Application->isAdmin) {
- $save_username = $this->Application->GetVar('cb_save_username') ? $login_value : '';
- $this->Application->Session->SetCookie('save_username', $save_username, adodb_mktime() + 31104000); // 1 year expiration
- $this->Application->SetVar('save_username', $save_username); // cookie will be set on next refresh, but refresh won't occur if login error present, so duplicate cookie in HTTPQuery
- }
-
- $super_admin = ($login_value == 'super-root') && $this->verifySuperAdmin();
- if ($this->Application->isAdmin && ($login_value == 'root') || ($super_admin && $login_value == 'super-root')) {
- // logging in "root" (admin only)
-
- $login_value = 'root';
-
- $root_password = $this->Application->ConfigValue('RootPass');
- $password_formatter =& $this->Application->recallObject('kPasswordFormatter');
- $test = $password_formatter->EncryptPassword($password, 'b38');
- if ($root_password != $test) {
- $object->SetError('ValidateLogin', 'invalid_password', $invalid_pseudo);
- $event->status = erFAIL;
- return false;
+ if ($result == LOGIN_RESULT_NO_PERMISSION) {
+ $object->SetError('ValidateLogin', 'no_permission', 'lu_no_permissions');
}
- elseif ($this->checkLoginPermission($login_value)) {
- $user_id = -1;
- $object->Load($user_id);
- $object->SetDBField('Login', $login_value);
-
- $session =& $this->Application->recallObject('Session');
- $session->SetField('PortalUserId', $user_id);
-// $session->SetField('GroupList', implode(',', $groups) );
- $this->Application->SetVar('u.current_id', $user_id);
- $this->Application->StoreVar('user_id', $user_id);
-
- $this->Application->LoadPersistentVars();
-
- if ($super_admin) {
- $this->Application->StoreVar('super_admin', 1);
- }
-
- $this->Application->HandleEvent($dummy, 'session-log:OnStartSession');
- $this->processLoginRedirect($event, $password);
- $this->_processInterfaceLanguage($event);
- return true;
- }
else {
- $object->SetError('ValidateLogin', 'invalid_license', 'la_invalid_license');
- $event->status = erFAIL;
- return false;
+ $object->SetID(-2);
+ $object->SetError('ValidateLogin', 'invalid_password', 'la_invalid_password');
}
- }
- /*$sql = 'SELECT PortalUserId FROM '.$object->TableName.' WHERE (%s = %s) AND (Password = MD5(%s))';
- $user_id = $this->Conn->GetOne( sprintf($sql, $login_field, $this->Conn->qstr($login_value), $this->Conn->qstr($password) ) );*/
-
- if ($remember_login_cookie) {
- $user_info = explode('|', $remember_login_cookie); // 0 - username, 1 - md5(password)
-
- $sql = 'SELECT PortalUserId
- FROM '.$object->TableName.'
- WHERE (Email = %1$s OR Login = %1$s) AND (Password = %2$s)';
- $user_id = $this->Conn->GetOne( sprintf($sql, $this->Conn->qstr($user_info[0]), $this->Conn->qstr($user_info[1]) ) );
- } else {
- $sql = 'SELECT PortalUserId
- FROM '.$object->TableName.'
- WHERE (Email = %1$s OR Login = %1$s) AND (Password = MD5(%2$s))';
- $user_id = $this->Conn->GetOne( sprintf($sql, $this->Conn->qstr($login_value), $this->Conn->qstr($password) ) );
- }
-
- if ($user_id) {
- $object->Load($user_id);
- if (!$this->checkBanRules($object)) {
- $event->status = erFAIL;
- return false;
- }
- if ($object->GetDBField('Status') == STATUS_ACTIVE) {
- $groups = $object->getMembershipGroups(true);
- if(!$groups) $groups = Array();
- array_push($groups, $this->Application->ConfigValue('User_LoggedInGroup') );
- $this->Application->StoreVar( 'UserGroups', implode(',', $groups) );
-
- if ($this->checkLoginPermission($login_value)) {
- $session =& $this->Application->recallObject('Session');
- $session->SetField('PortalUserId', $user_id);
- $session->SetField('GroupList', implode(',', $groups) );
- $this->Application->SetVar('u.current_id', $user_id);
- $this->Application->StoreVar('user_id', $user_id);
-
- $this->Application->LoadPersistentVars();
-
- if (!$remember_login_cookie) {
- // don't change last login time when auto-login is used
- $this_login = (int)$this->Application->RecallPersistentVar('ThisLogin');
- $this->Application->StorePersistentVar('LastLogin', $this_login);
- $this->Application->StorePersistentVar('ThisLogin', adodb_mktime());
- }
-
- if ($this->Application->GetVar('cb_remember_login') == 1) {
- // remember username & password when "Remember Login" checkbox us checked (when user is using login form on Front-End)
- $remember_login_cookie = $login_value . '|' . md5($password);
- $this->Application->Session->SetCookie('remember_login', $remember_login_cookie, adodb_mktime() + 2592000); // 30 days
- }
-
- $this->Application->HandleEvent($dummy, 'session-log:OnStartSession');
- }
- else {
- $object->Load(-2);
- $object->SetError('ValidateLogin', 'no_permission', 'lu_no_permissions');
- $event->status = erFAIL;
- }
-
- if (!$remember_login_cookie) {
- $this->processLoginRedirect($event, $password);
- $this->_processInterfaceLanguage($event);
- }
- }
- else {
- $event->redirect = $this->Application->GetVar('pending_disabled_template');
- }
- }
- else
- {
- $object->SetID(-2);
- $object->SetError('ValidateLogin', 'invalid_password', $invalid_pseudo);
$event->status = erFAIL;
}
-
- $event->SetRedirectParam('pass', 'all');
-// $event->SetRedirectParam('pass_category', 1); // to test
}
/**
- * Sets correct interface language after sucessful login, based on user settings
- *
- * @param kEvent $event
- */
- function _processInterfaceLanguage(&$event)
- {
- if (($event->status != erSUCCESS) || !$this->Application->isAdmin) {
- return ;
- }
-
- $is_root = $this->Application->RecallVar('user_id') == -1;
-
- $object =& $this->Application->recallObject('u.current');
- /* @var $object kDBItem */
-
- $user_language_id = $is_root ? $this->Application->RecallPersistentVar('AdminLanguage') : $object->GetDBField('AdminLanguage');
-
- $sql = 'SELECT LanguageId, IF(LanguageId = ' . (int)$user_language_id . ', 2, AdminInterfaceLang) AS SortKey
- FROM ' . TABLE_PREFIX . 'Language
- WHERE Enabled = 1
- HAVING SortKey <> 0
- ORDER BY SortKey DESC';
- $language_info = $this->Conn->GetRow($sql);
- $language_id = $language_info && $language_info['LanguageId'] ? $language_info['LanguageId'] : $user_language_id;
-
- if ($user_language_id != $language_id) {
- // first admin login OR language was delelted or disabled
- if ($is_root) {
- $this->Application->StorePersistentVar('AdminLanguage', $language_id);
- }
- else {
- $object->SetDBField('AdminLanguage', $language_id);
- $object->Update();
- }
- }
-
- $event->SetRedirectParam('m_lang', $language_id); // data
- $this->Application->Session->SetField('Language', $language_id); // interface
- }
-
- /**
* [HOOK] Auto-Logins Front-End user when "Remember Login" cookie is found
*
* @param kEvent $event
@@ -412,85 +247,13 @@
return ;
}
- $event->CallSubEvent('OnLogin');
- }
+ $user_helper =& $this->Application->recallObject('UserHelper');
+ /* @var $user_helper UserHelper */
- /**
- * Checks that user is allowed to use super admin mode
- *
- * @return bool
- */
- function verifySuperAdmin()
- {
- $sa_mode = ipMatch(defined('SA_IP') ? SA_IP : '');
- return $sa_mode || $this->Application->isDebugMode();
+ $user_helper->loginUser('', '', false, false, $remember_login_cookie);
}
/**
- * Enter description here...
- *
- * @param string $user_name
- * @return bool
- */
- function checkLoginPermission($user_name)
- {
- $ret = true;
- if ($this->Application->isAdmin) {
- $modules_helper =& $this->Application->recallObject('ModulesHelper');
-
- if ($user_name != 'root') {
- // root is virtual user, so allow him to login to admin in any case
- $ret = $this->Application->CheckPermission('ADMIN', 1);
- }
- }
- else {
- $ret = $this->Application->CheckPermission('LOGIN', 1);
- }
-
- return $ret;
- }
-
- /**
- * Process all required data and redirect logged-in user
- *
- * @param kEvent $event
- */
- function processLoginRedirect(&$event, $password)
- {
- $prefix_special = $this->Application->isAdmin ? 'u.current' : 'u'; // "u" used on front not to change theme
- $object =& $this->Application->recallObject($prefix_special, null, Array('skip_autoload' => true));
-
- $next_template = $this->Application->GetVar('next_template');
- if ($next_template == '_ses_redirect') {
- $location = $this->Application->BaseURL().$this->Application->RecallVar($next_template);
- if( $this->Application->isDebugMode() && constOn('DBG_REDIRECT') )
- {
- $this->Application->Debugger->appendTrace();
- echo "Debug output above!!! Proceed to redirect: $location
";
- }
- else {
- header('Location: '.$location);
- }
-
- $session =& $this->Application->recallObject('Session');
- $session->SaveData();
- exit;
- }
-
- if ($next_template) {
- $event->redirect = $next_template;
- }
-
- if ($this->Application->ConfigValue('UseJSRedirect')) {
- $event->SetRedirectParam('js_redirect', 1);
- }
-
- $sync_manager =& $this->Application->recallObjectP('UsersSyncronizeManager', null, Array(), 'InPortalSyncronize');
- $sync_manager->performAction('LoginUser', $object->GetDBField('Login'), $password);
- $this->Application->resetCounters('UserSession');
- }
-
- /**
* Called when user logs in using old in-portal
*
* @param kEvent $event
@@ -519,35 +282,11 @@
function OnLogout(&$event)
{
- $sync_manager =& $this->Application->recallObjectP('UsersSyncronizeManager', null, Array(), 'InPortalSyncronize');
- $sync_manager->performAction('LogoutUser');
+ $user_helper =& $this->Application->recallObject('UserHelper');
+ /* @var $user_helper UserHelper */
- $this->Application->HandleEvent($dummy, 'session-log:OnEndSession');
-
- $this->Application->SetVar('u.current_id', -2);
- $object =& $this->Application->recallObject('u.current', null, Array('skip_autoload' => true));
- $object->Load(-2);
-
- $this->Application->DestroySession();
-
- $session =& $this->Application->recallObject('Session');
- /* @var $session Session */
-
- $group_list = $this->Application->ConfigValue('User_GuestGroup') . ',' . $this->Application->ConfigValue('User_LoggedInGroup');
-
- $session->SetField('PortalUserId', -2);
- $session->SetField('GroupList', $group_list);
- $this->Application->StoreVar('user_id', -2, true);
- $this->Application->StoreVar('UserGroups', $group_list, true);
-
- if ($this->Application->ConfigValue('UseJSRedirect')) {
- $event->SetRedirectParam('js_redirect', 1);
- }
-
- $this->Application->resetCounters('UserSession');
- $this->Application->Session->SetCookie('remember_login', '', adodb_mktime() - 3600);
-
- $event->SetRedirectParam('pass', 'all');
+ $user_helper->event =& $event;
+ $user_helper->logoutUser();
}
/**
@@ -610,17 +349,13 @@
function autoLoginUser(&$event)
{
$object =& $event->getObject();
- $this->Application->SetVar('u.current_id', $object->GetID() );
+ $this->Application->SetVar('u.current_id', $object->GetID());
- if($object->GetDBField('Status') == STATUS_ACTIVE && !$this->Application->ConfigValue('User_Password_Auto'))
- {
- $email_as_login = $this->Application->ConfigValue('Email_As_Login');
- list($login_field, $submit_field) = $email_as_login ? Array('Email', 'email') : Array('Login', 'login');
+ if ($object->GetDBField('Status') == STATUS_ACTIVE && !$this->Application->ConfigValue('User_Password_Auto')) {
+ $user_helper =& $this->Application->recallObject('UserHelper');
+ /* @var $user_helper UserHelper */
- $this->Application->SetVar($submit_field, $object->GetDBField($login_field) );
- $this->Application->SetVar('password', $object->GetDBField('Password_plain') );
-
- $event->CallSubEvent('OnLogin');
+ $user_helper->loginUser($object->GetDBField('Login'), $object->GetDBField('Password_plain'));
}
}
@@ -795,7 +530,10 @@
$object->setLogin();
- if (!$this->checkBanRules($object)) {
+ $user_helper =& $this->Application->recallObject('UserHelper');
+ /* @var $user_helper UserHelper */
+
+ if (!$user_helper->checkBanRules($object)) {
$event->status = erFAIL;
return ;
}
@@ -1849,96 +1587,6 @@
}
/**
- * Checks, if given user fields matches at least one of defined ban rules
- *
- * @param kDBItem $object
- * @return bool
- */
- function checkBanRules(&$object)
- {
- $table = $this->Application->getUnitOption('ban-rule', 'TableName');
- if (!$this->Conn->TableFound($table)) {
- // when ban table not found -> assume user is ok by default
- return true;
- }
-
- $sql = 'SELECT *
- FROM '.$table.'
- WHERE ItemType = 6 AND Status = ' . STATUS_ACTIVE . '
- ORDER BY Priority DESC';
- $rules = $this->Conn->Query($sql);
-
- $found = false;
- foreach ($rules as $rule) {
- $field = $rule['ItemField'];
-
- $this_value = strtolower( $object->GetDBField($field) );
- $test_value = strtolower( $rule['ItemValue'] );
-
- switch ($rule['ItemVerb']) {
- /*case 0: // any
- $found = true;
- break;*/
-
- case 1: // is
- if ($this_value == $test_value) {
- $found = true;
- }
- break;
-
- /*case 2: // is not
- if ($this_value != $test_value) {
- $found = true;
- }
- break;*/
-
- case 3: // contains
- if (strstr($this_value, $test_value)) {
- $found = true;
- }
- break;
-
-
- /*case 4: // not contains
- if (!strstr($this_value, $test_value)) {
- $found = true;
- }
- break;
-
- case 5: // Greater Than
- if ($test_value > $this_value) {
- $found = true;
- }
- break;
-
- case 6: // Less Than
- if ($test_value < $this_value) {
- $found = true;
- }
- break;
-
- case 7: // exists
- if (strlen($this_value) > 0) {
- $found = true;
- }
- break;
-
- case 8: // unique
- if ($this->ValueExists($field, $this_value)) {
- $found = true;
- }
- break;*/
- }
-
- if ($found) {
- break;
- }
- }
-
- return !$found;
- }
-
- /**
* Makes password required for new users
*
* @param kEvent $event