* @copyright Copyright (C) 2010-2013 Uwe Steinmann * @version Release: @package_version@ */ /** * Class which does the busines logic when logging in * * @category DMS * @package SeedDMS * @author Uwe Steinmann * @copyright Copyright (C) 2010-2013 Uwe Steinmann * @version Release: @package_version@ */ class SeedDMS_Controller_Login extends SeedDMS_Controller_Common { /** * @var array $user set if user could be logged in * @access protected */ static protected $user; public function getUser() { /* {{{ */ return self::$user; } /* }}} */ public function run() { /* {{{ */ $dms = $this->params['dms']; $settings = $this->params['settings']; $session = $this->params['session']; $sesstheme = $this->params['sesstheme']; $lang = $this->params['lang']; $login = $this->params['login']; $pwd = $this->params['pwd']; self::$user = null; /* The preLogin hook may set self::$user which will prevent any further * authentication process. */ if($this->callHook('preLogin')) { } $user = self::$user; /* The password may only be empty if the guest user tries to log in. * There is just one guest account with id $settings->_guestID which * is allowed to log in without a password. All other guest accounts * are treated like regular logins */ if(!$user && $settings->_enableGuestLogin && (int) $settings->_guestID) { $guestUser = $dms->getUser((int) $settings->_guestID); if(($login != $guestUser->getLogin())) { if ((!isset($pwd) || strlen($pwd)==0)) { $this->setErrorMsg("login_error_text"); return false; } } else { $user = $guestUser; } } /* Run any additional authentication method. The hook must return a * valid user, if the authentication succeeded. If it fails, it must * return false and if the hook doesn't care at all, if must return null. */ $user = $this->callHook('authenticate'); if(false === $user) { if(empty($this->errormsg)) $this->setErrorMsg("authentication_failed"); return false; } /* Deprecated: Run any additional authentication implemented in a hook */ if(!$user && isset($GLOBALS['SEEDDMS_HOOKS']['authentication'])) { foreach($GLOBALS['SEEDDMS_HOOKS']['authentication'] as $authObj) { if(!$user && method_exists($authObj, 'authenticate')) { $user = $authObj->authenticate($dms, $settings, $login, $pwd); } } } /* Authenticate against LDAP server {{{ */ if (!$user && isset($settings->_ldapHost) && strlen($settings->_ldapHost)>0) { require_once("../inc/inc.ClassLdapAuthentication.php"); $authobj = new SeedDMS_LdapAuthentication($dms, $settings); $user = $authobj->authenticate($login, $pwd); } /* }}} */ /* Authenticate against SeedDMS database {{{ */ if(!$user) { require_once("../inc/inc.ClassDbAuthentication.php"); $authobj = new SeedDMS_DbAuthentication($dms, $settings); $user = $authobj->authenticate($login, $pwd); } /* }}} */ /* If the user is still not authenticated, then exit with an error */ if(!$user) { $this->callHook('loginFailed'); $this->setErrorMsg("login_error_text"); return false; } self::$user = $user; /* Check for other restrictions which prevent the user from login, though * the authentication was successfull. */ $userid = $user->getID(); if (($userid == $settings->_guestID) && (!$settings->_enableGuestLogin)) { $this->setErrorMsg("guest_login_disabled"); return false; } // Check if account is disabled if($user->isDisabled()) { $this->setErrorMsg("login_disabled_text"); return false; } // control admin IP address if required if ($user->isAdmin() && ($_SERVER['REMOTE_ADDR'] != $settings->_adminIP ) && ( $settings->_adminIP != "") ){ $this->setErrorMsg("invalid_user_id"); return false; } /* Run any additional checks which may prevent login */ if(false === $this->callHook('restrictLogin', $user)) { if(empty($this->errormsg)) $this->setErrorMsg("login_restrictions_apply"); return false; } /* Clear login failures if login was successful */ $user->clearLoginFailures(); // Capture the user's language and theme settings. if (isset($_REQUEST["lang"]) && strlen($_REQUEST["lang"])>0 && is_numeric(array_search($_REQUEST["lang"],getLanguages())) ) { $lang = $_REQUEST["lang"]; $user->setLanguage($lang); } else { $lang = $user->getLanguage(); if (strlen($lang)==0) { $lang = $settings->_language; $user->setLanguage($lang); } } if ($sesstheme) { $user->setTheme($sesstheme); } else { $sesstheme = $user->getTheme(); if (strlen($sesstheme)==0) { $sesstheme = $settings->_theme; // $user->setTheme($sesstheme); } } // Delete all sessions that are more than 1 week or the configured // cookie lifetime old. Probably not the most // reliable place to put this check -- move to inc.Authentication.php? if($settings->_cookieLifetime) $lifetime = intval($settings->_cookieLifetime); else $lifetime = 7*86400; if(!$session->deleteByTime($lifetime)) { $this->setErrorMsg("error_occured"); return false; } if (isset($_COOKIE["mydms_session"])) { /* This part will never be reached unless the session cookie is kept, * but op.Logout.php deletes it. Keeping a session could be a good idea * for retaining the clipboard data, but the user id in the session should * be set to 0 which is not possible due to foreign key constraints. * So for now op.Logout.php will delete the cookie as always */ /* Load session */ $dms_session = $_COOKIE["mydms_session"]; if(!$resArr = $session->load($dms_session)) { /* Turn off http only cookies if jumploader is enabled */ setcookie("mydms_session", $dms_session, time()-3600, $settings->_httpRoot, null, null, !$settings->_enableLargeFileUpload); //delete cookie header("Location: " . $settings->_httpRoot . "out/out.Login.php?referuri=".$refer); exit; } else { $session->updateAccess($dms_session); $session->setUser($userid); } } else { // Create new session in database if(!$id = $session->create(array('userid'=>$userid, 'theme'=>$sesstheme, 'lang'=>$lang))) { $this->setErrorMsg("error_occured"); return false; } // Set the session cookie. if($settings->_cookieLifetime) $lifetime = time() + intval($settings->_cookieLifetime); else $lifetime = 0; setcookie("mydms_session", $id, $lifetime, $settings->_httpRoot, null, null, !$settings->_enableLargeFileUpload); } if($this->callHook('postLogin', $user)) { } return true; } /* }}} */ }