Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
sintonia/airtime_mvc/application/controllers/LoginController.php
Lucas Bickel 625f92fe44 Vendorize ZF1, fix PHPUnit and configure travis 
This a a rather large commit due to the nature of the stuff it is touching. To get PHPUnit up and running again I had to update some deps and I did so by vendorizing them. The vendorizing of zf1 makes sense since distros are already considering to drop it from their repos.

* [x] install vendorized zf1 with composer
* [x] load composer autoloader before zf1
* [x] Implement headAction for all Zend_Rest_Controller based controllers
* [x] switch to yml dataset to get around string only limitations of xml sets (also removed warning in readme)
* [x] use year 2044 as hardcoded date for tests since it is in the future and has the same days like previously used 2016
* [x] make tests easier to run when accessing phpunit directly
* [x] clean up test helper to always use airtime.conf
* [x] switch test dbname to libretime_test
* [x] test db username password switched to libretime/libretime
* [x] install phpunit with composer in a clear version (make tests easier to reproduce on other platforms)
* [x] remove local libs from airtime repo (most of airtime_mvc/library was not needed of in vendor already)
* [x] configure composer autoloading and use it (also removed requires that are not needed anymore)
* [x] add LibreTime prefix for FileNotFoundException (phing had a similar class and these are all pre-namespace style)
* [x] add .travis.yml file
* [x] make etc and logdir configurable with LIBRETIME_CONF_DIR and LIBRETIME_LOG_DIR env (so travis can change it)
* [x] slight cleanup in config for travis not to fail
* [x] add cloud_storage.conf for during test runs
* [x] rewrite mvc testing docs and move them to docs/ folder
* [x] don't use `static::class` in a class that does not have a parent class, use `__CLASS__` instead.
* [x] don't use `<ClassName>::class`, since we already know what class we want `"<ClassName>"` ist just fine.
* [x] fix "can't use method in write context" errors on 5.4 (also helps the optimizer)
* [x] add build status badge on main README.md

Fixes https://github.com/LibreTime/libretime/issues/4

The PHP parts of https://github.com/LibreTime/libretime/pull/10 get obsoleted by this change and it will need rebasing.

This also contains https://github.com/LibreTime/libretime/pull/8, the late static binding compat code was broken for no reason and until CentOS drops php 5.4 there is no reason I'm aware of not to support it. I inlined #8 since the test would be failing on php 5.4 without the change.

If you want to run tests you need to run `composer install` in the root directory and then `cd airtime_mvc/tests && ../../vendor/bin/phpunit`. For the tests to run the user `libretime` needs to be allowed to create the `libretime_test` database. See `docs/TESTING.md` for more info on getting set up.
2017-02-27 17:59:01 +01:00

263 lines
11 KiB
PHP
Raw Blame History

<?php
class LoginController extends Zend_Controller_Action
{
public function init()
{
$CC_CONFIG = Config::getConfig();
$baseUrl = Application_Common_OsPath::getBaseDir();
$this->view->headLink(array('rel' => 'icon', 'href' => $baseUrl . 'favicon.ico?' . $CC_CONFIG['airtime_version'], 'type' => 'image/x-icon'), 'PREPEND')
->appendStylesheet($baseUrl . 'css/bootstrap.css?' . $CC_CONFIG['airtime_version'])
->appendStylesheet($baseUrl . 'css/redmond/jquery-ui-1.8.8.custom.css?' . $CC_CONFIG['airtime_version'])
->appendStylesheet($baseUrl . 'css/styles.css?' . $CC_CONFIG['airtime_version']);
}
public function indexAction()
{
$CC_CONFIG = Config::getConfig();
$request = $this->getRequest();
$response = $this->getResponse();
$stationLocale = Application_Model_Preference::GetDefaultLocale();
//Enable AJAX requests from www.airtime.pro for the sign-in process.
CORSHelper::enableATProCrossOriginRequests($request, $response);
Application_Model_Locale::configureLocalization($request->getcookie('airtime_locale', $stationLocale));
if (Zend_Session::isStarted()) {
//Open the session for writing, because we close it for writing by default in Bootstrap.php as an optimization.
SessionHelper::reopenSessionForWriting();
$auth = Zend_Auth::getInstance();
$auth->getStorage();
if ($auth->hasIdentity()) {
$this->_redirect('showbuilder');
}
}
//uses separate layout without a navigation.
$this->_helper->layout->setLayout('login');
$error = false;
$baseUrl = Application_Common_OsPath::getBaseDir();
$form = new Application_Form_Login();
$message = _("Please enter your username and password.");
if ($request->isPost()) {
//Open the session for writing, because we close it for writing by default in Bootstrap.php as an optimization.
//session_start();
// if the post contains recaptcha field, which means form had recaptcha field.
// Hence add the element for validation.
if (array_key_exists('recaptcha_response_field', $request->getPost())) {
$form->addRecaptcha();
}
if ($form->isValid($request->getPost())) {
//get the username and password from the form
$username = $form->getValue('username');
$password = $form->getValue('password');
$locale = $form->getValue('locale');
$authAdapter = Application_Model_Auth::getAuthAdapter();
//pass to the adapter the submitted username and password
$authAdapter->setIdentity($username)
->setCredential($password);
$result = $auth->authenticate($authAdapter);
if ($result->isValid()) {
Zend_Session::regenerateId();
//all info about this user from the login table omit only the password
$userInfo = $authAdapter->getResultRowObject(null, 'password');
//the default storage is a session with namespace Zend_Auth
$authStorage = $auth->getStorage();
$authStorage->write($userInfo);
Application_Model_LoginAttempts::resetAttempts($_SERVER['REMOTE_ADDR']);
Application_Model_Subjects::resetLoginAttempts($username);
//set the user locale in case user changed it in when logging in
Application_Model_Preference::SetUserLocale($locale);
$this->_redirect('showbuilder');
} else {
$email = $form->getValue('username');
$authAdapter = new WHMCS_Auth_Adapter("admin", $email, $password);
$auth = Zend_Auth::getInstance();
$result = $auth->authenticate($authAdapter);
if ($result->isValid()) {
Zend_Session::regenerateId();
//set the user locale in case user changed it in when logging in
Application_Model_Preference::SetUserLocale($locale);
$this->_redirect('showbuilder');
}
else {
$message = _("Wrong username or password provided. Please try again.");
Application_Model_Subjects::increaseLoginAttempts($username);
Application_Model_LoginAttempts::increaseAttempts($_SERVER['REMOTE_ADDR']);
$form = new Application_Form_Login();
$error = true;
//Only show the captcha if you get your login wrong 4 times in a row.
if (Application_Model_Subjects::getLoginAttempts($username) > 3)
{
$form->addRecaptcha();
}
}
}
}
}
$this->view->message = $message;
$this->view->error = $error;
$this->view->form = $form;
$this->view->airtimeVersion = Application_Model_Preference::GetAirtimeVersion();
$this->view->airtimeCopyright = AIRTIME_COPYRIGHT_DATE;
if (isset($CC_CONFIG['demo'])) {
$this->view->demo = $CC_CONFIG['demo'];
}
}
public function logoutAction()
{
//Open the session for writing, because we close it for writing by default in Bootstrap.php as an optimization.
SessionHelper::reopenSessionForWriting();
$auth = Zend_Auth::getInstance();
$auth->clearIdentity();
// Unset all session variables relating to CSRF prevention on logout
$csrf_namespace = new Zend_Session_Namespace('csrf_namespace');
$csrf_namespace->unsetAll();
$this->_redirect('showbuilder/index');
}
public function passwordRestoreAction()
{
$CC_CONFIG = Config::getConfig();
$baseUrl = Application_Common_OsPath::getBaseDir();
$this->view->headScript()->appendFile($baseUrl . 'js/airtime/login/password-restore.js?' . $CC_CONFIG['airtime_version'], 'text/javascript');
$request = $this->getRequest();
$stationLocale = Application_Model_Preference::GetDefaultLocale();
Application_Model_Locale::configureLocalization($request->getcookie('airtime_locale', $stationLocale));
//uses separate layout without a navigation.
$this->_helper->layout->setLayout('login');
$form = new Application_Form_PasswordRestore();
$request = $this->getRequest();
if ($request->isPost()) {
if ($form->isValid($request->getPost())) {
$query = CcSubjsQuery::create();
$username = $form->userName->getValue();
$email = $form->email->getValue();
if (empty($username)) {
$query->filterByDbEmail($email);
} else if (empty($email)) {
$query->filterByDbLogin($username);
} else {
$query->filterByDbEmail($email)
->filterByDbLogin($username);
}
$user = $query->findOne();
if (!empty($user)) {
$auth = new Application_Model_Auth();
$success = $auth->sendPasswordRestoreLink($user, $this->view);
if ($success) {
$this->_helper->redirector('password-restore-after', 'login');
} else {
$form->email->addError($this->view->translate(_("Email could not be sent. Check your mail server settings and ensure it has been configured properly.")));
}
} else {
$form->email->addError($this->view->translate(sprintf(_pro("That username or email address could not be found. If you are the station owner, you should <a href=\"%s\">reset your here</a>."), WHMCS_PASSWORD_RESET_URL)));
}
} else { //Form is not valid
$form->email->addError($this->view->translate(_("There was a problem with the username or email address you entered.")));
}
}
$this->view->form = $form;
}
public function passwordRestoreAfterAction()
{
$request = $this->getRequest();
$stationLocale = Application_Model_Preference::GetDefaultLocale();
Application_Model_Locale::configureLocalization($request->getcookie('airtime_locale', $stationLocale));
//uses separate layout without a navigation.
$this->_helper->layout->setLayout('login');
}
public function passwordChangeAction()
{
//uses separate layout without a navigation.
$this->_helper->layout->setLayout('login');
$request = $this->getRequest();
$token = $request->getParam("token", false);
$user_id = $request->getParam("user_id", 0);
$form = new Application_Form_PasswordChange();
$auth = new Application_Model_Auth();
$user = CcSubjsQuery::create()->findPK($user_id);
$stationLocale = Application_Model_Preference::GetDefaultLocale();
Application_Model_Locale::configureLocalization($request->getcookie('airtime_locale', $stationLocale));
//check validity of token
if (!$auth->checkToken($user_id, $token, 'password.restore')) {
Logging::debug("token not valid");
$this->_helper->redirector('index', 'login');
}
if ($request->isPost() && $form->isValid($request->getPost())) {
$user->setDbPass(md5($form->password->getValue()));
$user->save();
$auth->invalidateTokens($user, 'password.restore');
$zend_auth = Zend_Auth::getInstance();
$zend_auth->clearIdentity();
$authAdapter = Application_Model_Auth::getAuthAdapter();
$authAdapter->setIdentity($user->getDbLogin())
->setCredential($form->password->getValue());
$zend_auth->authenticate($authAdapter);
//all info about this user from the login table omit only the password
$userInfo = $authAdapter->getResultRowObject(null, 'password');
//the default storage is a session with namespace Zend_Auth
$authStorage = $zend_auth->getStorage();
$authStorage->write($userInfo);
$this->_helper->redirector('index', 'showbuilder');
}
$this->view->form = $form;
}
}
Reference in a new issue View git blame Copy permalink