move much of code after success full auth in __finalize()

controllers/class.Login.php

@@ -31,110 +31,12 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common {
 		return self::$user;
 	} /* }}} */
 
-	public function run() { /* {{{ */
-		$dms = $this->params['dms'];
+	protected function _finalize($user) { /* {{{ */
 		$settings = $this->params['settings'];
 		$session = $this->params['session'];
-		$authenticator = $this->params['authenticator'];
+		$sesstheme = $this->params['sesstheme'];
 		$source = isset($this->params['source']) ? $this->params['source'] : '';
-		$sesstheme = $this->getParam('sesstheme');
-		$referuri = $this->getParam('referuri');
-		$lang = $this->getParam('lang');
-		$login = $this->params['login'];
-		$pwd = $this->params['pwd'];
-
-		self::$user = null;
-
-		/* The preLogin hook may set self::$user which will prevent any further
-		 * authentication process.
-		 */
-		if($this->callHook('preLogin')) {
-		}
-
-		$user = self::$user;
-
-		/* The password may only be empty if the guest user tries to log in.
-		 * There is just one guest account with id $settings->_guestID which
-		 * is allowed to log in without a password. All other guest accounts
-		 * are treated like regular logins
-		 */
-		if(!$user && $settings->_enableGuestLogin && (int) $settings->_guestID) {
-			$guestUser = $dms->getUser((int) $settings->_guestID);
-			if($guestUser) {
-				if(($login != $guestUser->getLogin())) {
-					if ((!isset($pwd) || strlen($pwd)==0)) {
-						$this->setErrorMsg("login_error_text");
-						return false;
-					}
-				} else {
-					$user = $guestUser;
-				}
-			}
-		}
-
-		/* Run any additional authentication method. The hook must return a
-		 * valid user, if the authentication succeeded. If it fails, it must
-		 * return false and if the hook doesn't care at all, if must return null.
-		 */
-		if(!$user) {
-			$user = $this->callHook('authenticate', $source);
-			if(false === $user) {
-				if(empty($this->errormsg))
-					$this->setErrorMsg("authentication_failed");
-				return false;
-			}
-		}
-
-		/* Deprecated: Run any additional authentication implemented in a hook */
-		if(!is_object($user) && isset($GLOBALS['SEEDDMS_HOOKS']['authentication'])) {
-			foreach($GLOBALS['SEEDDMS_HOOKS']['authentication'] as $authObj) {
-				if(!$user && method_exists($authObj, 'authenticate')) {
-					$user = $authObj->authenticate($dms, $settings, $login, $pwd);
-					if(false === $user) {
-						if(empty($this->errormsg))
-							$this->setErrorMsg("authentication_failed");
-						return false;
-					}
-				}
-			}
-		}
-
-		$user = $authenticator->authenticate($login, $pwd);
-
-		if(0) {
-		/* Authenticate against LDAP server {{{ */
-		if (!is_object($user) && isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
-			require_once("../inc/inc.ClassLdapAuthentication.php");
-			$authobj = new SeedDMS_LdapAuthentication($dms, $settings);
-			$user = $authobj->authenticate($login, $pwd);
-			if(!$user) {
-				add_log_line('Authentication against LDAP failed for user '.$login);
-			}
-		} /* }}} */
-
-		/* Authenticate against SeedDMS database {{{ */
-		if(!is_object($user)) {
-			require_once("../inc/inc.ClassDbAuthentication.php");
-			$authobj = new SeedDMS_DbAuthentication($dms, $settings);
-			$user = $authobj->authenticate($login, $pwd);
-		} /* }}} */
-		}
-
-		/* If the user is still not authenticated, then exit with an error */
-		if(!is_object($user)) {
-			/* if counting of login failures is turned on, then increment its value */
-			if($settings->_loginFailure) {
-				$user = $dms->getUserByLogin($login);
-				if($user) {
-					$failures = $user->addLoginFailure();
-					if($failures >= $settings->_loginFailure)
-						$user->setDisabled(true);
-				}
-			}
-			$this->callHook('loginFailed');
-			$this->setErrorMsg("login_error_text");
-			return false;
-		}
+		$lang = $this->params['lang'];
 
 		self::$user = $user;
 
@@ -251,4 +153,113 @@ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common {
 
 		return true;
 	} /* }}} */
+
+	public function run() { /* {{{ */
+		$dms = $this->params['dms'];
+		$settings = $this->params['settings'];
+		$session = $this->params['session'];
+		$authenticator = $this->params['authenticator'];
+		$source = isset($this->params['source']) ? $this->params['source'] : '';
+		$sesstheme = $this->getParam('sesstheme');
+		$referuri = $this->getParam('referuri');
+		$lang = $this->getParam('lang');
+		$login = $this->params['login'];
+		$pwd = $this->params['pwd'];
+
+		self::$user = null;
+
+		/* The preLogin hook may set self::$user which will prevent any further
+		 * authentication process.
+		 */
+		if($this->callHook('preLogin')) {
+		}
+
+		$user = self::$user;
+
+		/* The password may only be empty if the guest user tries to log in.
+		 * There is just one guest account with id $settings->_guestID which
+		 * is allowed to log in without a password. All other guest accounts
+		 * are treated like regular logins
+		 */
+		if(!$user && $settings->_enableGuestLogin && (int) $settings->_guestID) {
+			$guestUser = $dms->getUser((int) $settings->_guestID);
+			if($guestUser) {
+				if(($login != $guestUser->getLogin())) {
+					if ((!isset($pwd) || strlen($pwd)==0)) {
+						$this->setErrorMsg("login_error_text");
+						return false;
+					}
+				} else {
+					$user = $guestUser;
+				}
+			}
+		}
+
+		/* Run any additional authentication method. The hook must return a
+		 * valid user, if the authentication succeeded. If it fails, it must
+		 * return false and if the hook doesn't care at all, if must return null.
+		 */
+		if(!$user) {
+			$user = $this->callHook('authenticate', $source);
+			if(false === $user) {
+				if(empty($this->errormsg))
+					$this->setErrorMsg("authentication_failed");
+				return false;
+			}
+		}
+
+		/* Deprecated: Run any additional authentication implemented in a hook */
+		if(!is_object($user) && isset($GLOBALS['SEEDDMS_HOOKS']['authentication'])) {
+			foreach($GLOBALS['SEEDDMS_HOOKS']['authentication'] as $authObj) {
+				if(!$user && method_exists($authObj, 'authenticate')) {
+					$user = $authObj->authenticate($dms, $settings, $login, $pwd);
+					if(false === $user) {
+						if(empty($this->errormsg))
+							$this->setErrorMsg("authentication_failed");
+						return false;
+					}
+				}
+			}
+		}
+
+		$user = $authenticator->authenticate($login, $pwd);
+
+		if(0) {
+		/* Authenticate against LDAP server {{{ */
+		if (!is_object($user) && isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) {
+			require_once("../inc/inc.ClassLdapAuthentication.php");
+			$authobj = new SeedDMS_LdapAuthentication($dms, $settings);
+			$user = $authobj->authenticate($login, $pwd);
+			if(!$user) {
+				add_log_line('Authentication against LDAP failed for user '.$login);
+			}
+		} /* }}} */
+
+		/* Authenticate against SeedDMS database {{{ */
+		if(!is_object($user)) {
+			require_once("../inc/inc.ClassDbAuthentication.php");
+			$authobj = new SeedDMS_DbAuthentication($dms, $settings);
+			$user = $authobj->authenticate($login, $pwd);
+		} /* }}} */
+		}
+
+		/* If the user is still not authenticated, then exit with an error */
+		if(!is_object($user)) {
+			/* if counting of login failures is turned on, then increment its value */
+			if($settings->_loginFailure) {
+				$user = $dms->getUserByLogin($login);
+				if($user) {
+					$failures = $user->addLoginFailure();
+					if($failures >= $settings->_loginFailure)
+						$user->setDisabled(true);
+				}
+			}
+			$this->callHook('loginFailed');
+			$this->setErrorMsg("login_error_text");
+			return false;
+		}
+
+		return self::_finalize($user);
+
+	} /* }}} */
 }