view->headLink(['rel' => 'icon', 'href' => $baseUrl . 'favicon.ico', 'type' => 'image/x-icon'], 'PREPEND') ->appendStylesheet(Assets::url('css/bootstrap.css')) ->appendStylesheet(Assets::url('css/redmond/jquery-ui-1.8.8.custom.css')) ->appendStylesheet(Assets::url('css/styles.css')); } public function indexAction() { $CC_CONFIG = Config::getConfig(); $request = $this->getRequest(); $response = $this->getResponse(); $stationLocale = Application_Model_Preference::GetDefaultLocale(); // Enable AJAX requests from www.airtime.pro for the sign-in process. CORSHelper::enableCrossOriginRequests($request, $response); Application_Model_Locale::configureLocalization($request->getcookie('airtime_locale', $stationLocale)); if (Zend_Session::isStarted()) { // Open the session for writing, because we close it for writing by default in Bootstrap.php as an optimization. SessionHelper::reopenSessionForWriting(); $auth = Zend_Auth::getInstance(); $auth->getStorage(); if ($auth->hasIdentity()) { $this->_redirect('showbuilder'); } } // uses separate layout without a navigation. $this->_helper->layout->setLayout('login'); $this->view->error = false; $form = new Application_Form_Login(); $message = _('Please enter your username and password.'); if ($request->isPost()) { // Open the session for writing, because we close it for writing by default in Bootstrap.php as an optimization. // session_start(); if ($form->isValid($request->getPost())) { // get the username and password from the form $username = $form->getValue('username'); $password = $form->getValue('password'); $locale = $form->getValue('locale'); $authAdapter = Application_Model_Auth::getAuthAdapter(); // pass to the adapter the submitted username and password $authAdapter->setIdentity($username) ->setCredential($password); $result = $auth->authenticate($authAdapter); if ($result->isValid()) { Zend_Session::regenerateId(); // all info about this user from the login table omit only the password $userInfo = $authAdapter->getResultRowObject(null, 'password'); // the default storage is a session with namespace Zend_Auth $authStorage = $auth->getStorage(); $authStorage->write($userInfo); Application_Model_LoginAttempts::resetAttempts($_SERVER['REMOTE_ADDR']); Application_Model_Subjects::resetLoginAttempts($username); // set the user locale in case user changed it in when logging in Application_Model_Preference::SetUserLocale($locale); $this->_redirect('showbuilder'); } else { $form = $this->loginError($username); } } } $this->view->form = $form; $this->view->airtimeVersion = $CC_CONFIG['airtime_version']; $this->view->airtimeCopyright = AIRTIME_COPYRIGHT_DATE; if (isset($CC_CONFIG['demo'])) { $this->view->demo = $CC_CONFIG['demo']; } } public function logoutAction() { // Open the session for writing, because we close it for writing by default in Bootstrap.php as an optimization. SessionHelper::reopenSessionForWriting(); $auth = Zend_Auth::getInstance(); $auth->clearIdentity(); // Unset all session variables relating to CSRF prevention on logout $csrf_namespace = new Zend_Session_Namespace('csrf_namespace'); $csrf_namespace->unsetAll(); $this->_redirect('showbuilder/index'); } public function passwordRestoreAction() { $request = $this->getRequest(); $stationLocale = Application_Model_Preference::GetDefaultLocale(); Application_Model_Locale::configureLocalization($request->getcookie('airtime_locale', $stationLocale)); // uses separate layout without a navigation. $this->_helper->layout->setLayout('login'); $form = new Application_Form_PasswordRestore(); $request = $this->getRequest(); if ($request->isPost()) { if ($form->isValid($request->getPost())) { $query = CcSubjsQuery::create(); $username = $form->username->getValue(); $email = $form->email->getValue(); if (empty($username)) { $query->filterByDbEmail($email); } elseif (empty($email)) { $query->filterByDbLogin($username); } else { $query->filterByDbEmail($email) ->filterByDbLogin($username); } $user = $query->findOne(); if (!empty($user)) { $auth = new Application_Model_Auth(); $success = $auth->sendPasswordRestoreLink($user, $this->view); if ($success) { $this->_helper->redirector('password-restore-after', 'login'); } else { $form->email->addError($this->view->translate(_('Email could not be sent. Check your mail server settings and ensure it has been configured properly.'))); } } else { $form->email->addError($this->view->translate(_('That username or email address could not be found.'))); } } else { // Form is not valid $form->email->addError($this->view->translate(_('There was a problem with the username or email address you entered.'))); } } $this->view->form = $form; } public function passwordRestoreAfterAction() { $request = $this->getRequest(); $stationLocale = Application_Model_Preference::GetDefaultLocale(); Application_Model_Locale::configureLocalization($request->getcookie('airtime_locale', $stationLocale)); // uses separate layout without a navigation. $this->_helper->layout->setLayout('login'); } public function passwordChangeAction() { // uses separate layout without a navigation. $this->_helper->layout->setLayout('login'); $request = $this->getRequest(); $token = $request->getParam('token', false); $user_id = $request->getParam('user_id', 0); $form = new Application_Form_PasswordChange(); $auth = new Application_Model_Auth(); $user = CcSubjsQuery::create()->findPK($user_id); $stationLocale = Application_Model_Preference::GetDefaultLocale(); Application_Model_Locale::configureLocalization($request->getcookie('airtime_locale', $stationLocale)); // check validity of token if (!$auth->checkToken($user_id, $token, 'password.restore')) { Logging::debug('token not valid'); $this->_helper->redirector('index', 'login'); } if ($request->isPost() && $form->isValid($request->getPost())) { $user->setDbPass(md5($form->password->getValue())); $user->save(); $auth->invalidateTokens($user, 'password.restore'); $zend_auth = Zend_Auth::getInstance(); $zend_auth->clearIdentity(); $authAdapter = Application_Model_Auth::getAuthAdapter(); $authAdapter->setIdentity($user->getDbLogin()) ->setCredential($form->password->getValue()); $zend_auth->authenticate($authAdapter); // all info about this user from the login table omit only the password $userInfo = $authAdapter->getResultRowObject(null, 'password'); // the default storage is a session with namespace Zend_Auth $authStorage = $zend_auth->getStorage(); $authStorage->write($userInfo); $this->_helper->redirector('index', 'showbuilder'); } $this->view->form = $form; } /** * populates view with results from a login error and adds a new form. * * @param string $username user that failed to login * * @return new form */ private function loginError($username) { $this->view->message = _('Wrong username or password provided. Please try again.'); Application_Model_Subjects::increaseLoginAttempts($username); Application_Model_LoginAttempts::increaseAttempts($_SERVER['REMOTE_ADDR']); $form = new Application_Form_Login(); $this->view->error = true; return $form; } }