136 lines
4.5 KiB
PHP
136 lines
4.5 KiB
PHP
<?php
|
|
|
|
class Application_Form_Login extends Zend_Form
|
|
{
|
|
|
|
public function init()
|
|
{
|
|
$CC_CONFIG = Config::getConfig();
|
|
|
|
// Set the method for the display form to POST
|
|
$this->setMethod('post');
|
|
|
|
//If the request comes from an origin we consider safe, we disable the CSRF
|
|
//token checking ONLY for the login page. We do this to allow logins from WHMCS to work.
|
|
$request = Zend_Controller_Front::getInstance()->getRequest();
|
|
if ($request) {
|
|
$refererUrl = $request->getHeader('referer');
|
|
$originIsSafe = false;
|
|
foreach (CORSHelper::getAllowedOrigins() as $safeOrigin) {
|
|
if ($this->startsWith($safeOrigin, $refererUrl)) {
|
|
$originIsSafe = true;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (!$originIsSafe) {
|
|
$this->addElement('hash', 'csrf', array(
|
|
'salt' => 'unique'
|
|
));
|
|
}
|
|
|
|
$this->setDecorators(array(
|
|
array('ViewScript', array('viewScript' => 'form/login.phtml'))
|
|
));
|
|
|
|
// Add username element
|
|
$username = new Zend_Form_Element_Text("username");
|
|
$username->setLabel(_('Username:'))
|
|
->setAttribs(array(
|
|
'autofocus' => 'true',
|
|
'class' => 'input_text',
|
|
'required' => 'true'))
|
|
->setValue((isset($CC_CONFIG['demo']) && $CC_CONFIG['demo'] == 1)?'admin':'')
|
|
->addFilter('StringTrim')
|
|
->setDecorators(array('ViewHelper'))
|
|
->setValidators(array('NotEmpty'));
|
|
$this->addElement($username);
|
|
|
|
// Add password element
|
|
$this->addElement('password', 'password', array(
|
|
'label' => _('Password:'),
|
|
'class' => 'input_text',
|
|
'required' => true,
|
|
'value' => (isset($CC_CONFIG['demo']) && $CC_CONFIG['demo'] == 1)?'admin':'',
|
|
'filters' => array('StringTrim'),
|
|
'validators' => array(
|
|
'NotEmpty',
|
|
),
|
|
'decorators' => array(
|
|
'ViewHelper'
|
|
)
|
|
));
|
|
|
|
$locale = new Zend_Form_Element_Select("locale");
|
|
$locale->setLabel(_("Language:"));
|
|
$locale->setMultiOptions(Application_Model_Locale::getLocales());
|
|
$locale->setDecorators(array('ViewHelper'));
|
|
$this->addElement($locale);
|
|
$this->setDefaults(array(
|
|
"locale" => Application_Model_Locale::getUserLocale()
|
|
));
|
|
|
|
if (Application_Model_LoginAttempts::getAttempts($_SERVER['REMOTE_ADDR']) >= 3) {
|
|
$this->addRecaptcha();
|
|
}
|
|
|
|
// Add the submit button
|
|
$this->addElement('submit', 'submit', array(
|
|
'ignore' => true,
|
|
'label' => _('Login'),
|
|
'class' => 'ui-button ui-widget ui-state-default ui-button-text-only center',
|
|
'decorators' => array(
|
|
'ViewHelper'
|
|
)
|
|
));
|
|
|
|
}
|
|
|
|
public function addRecaptcha()
|
|
{
|
|
$pubKey = '6Ld4JsISAAAAAIxUKT4IjjOGi3DHqdoH2zk6WkYG';
|
|
$privKey = '6Ld4JsISAAAAAJynYlXdrE4hfTReTSxYFe5szdyv';
|
|
|
|
$params= array('ssl' => true);
|
|
$recaptcha = new Zend_Service_ReCaptcha($pubKey, $privKey, $params);
|
|
|
|
$captcha = new Zend_Form_Element_Captcha('captcha',
|
|
array(
|
|
'label' => _('Type the characters you see in the picture below.'),
|
|
'captcha' => 'ReCaptcha',
|
|
'captchaOptions' => array(
|
|
'captcha' => 'ReCaptcha',
|
|
'service' => $recaptcha
|
|
)
|
|
)
|
|
);
|
|
$this->addElement($captcha);
|
|
}
|
|
|
|
/**
|
|
* tests if a string starts with a given string
|
|
*
|
|
* This method was pinched as is from phing since it was the only line of code
|
|
* actually used from phing. I'm not 100% convinced why it was deemed necessary
|
|
* in the first place as it is a rather simple method in the first place.
|
|
*
|
|
* For now it's here as a copy and we can refactor it away completely later.
|
|
*
|
|
* @see <https://github.com/phingofficial/phing/blob/41b2f54108018cf69aaa73904fade23e5adfd0cc/classes/phing/util/StringHelper.php>
|
|
*
|
|
* @param $check
|
|
* @param $string
|
|
*
|
|
* @return bool
|
|
*/
|
|
private function startsWith($check, $string)
|
|
{
|
|
if ($check === "" || $check === $string) {
|
|
return true;
|
|
} else {
|
|
return (strpos($string, $check) === 0) ? true : false;
|
|
}
|
|
}
|
|
}
|