<?php
|
|
if(!defined('QUASICMS') ) die("No quasi.");
|
|
|
|
if (!defined("LOGINMODULE.CLASS.PHP")){
|
|
define("LOGINMODULE.CLASS.PHP",1);
|
|
|
|
/**
|
|
* Class LoginModule - a login block
|
|
* This class provides a basic login module that may be assigned (once per page)
|
|
* to any content block. It validates that the fields are filled in, checks the account
|
|
* table for the username and performs a match on the password. It supports both
|
|
* Quasi native and OsCommerce encryption schemes (checking for both).
|
|
*
|
|
* On successful login the module will display the username and the length of time
|
|
* that they have been logged in as well as a shopping cart status if the shopping
|
|
* cart module is enabled. The user is redirected to a configurable landing page
|
|
* (defaulting to "AccountHome").On failure, the entry fields are redrawn and an
|
|
* error message is displayed.
|
|
*
|
|
* This module also provides a link to a registration page and a password retrieval
|
|
* page - these should exist in the page table and contain modules for each of these
|
|
* functions (CreateAccountModule and LostPasswordModule).
|
|
*
|
|
* The module stores an Account object in serialized form in $_SESSION['AccountLogin']
|
|
* if login succeeds. Session timeout as configured for PHP determines the idle timeout.
|
|
*
|
|
*@todo
|
|
* - more elegant error messages, its a bit messy ..
|
|
* - create an enable/disable interface that will ensure that the registration and lost
|
|
* password pages and modules exist.
|
|
* - allow disabling individual parts, esp. shopping cart status
|
|
* - when accepting an old oscommerce style password, transform to new style ..
|
|
*
|
|
*@author Erik Winn <erikwinnmail@yahoo.com>
|
|
*
|
|
* $Id: LoginModule.class.php 516 2009-03-19 20:14:17Z erikwinn $
|
|
*@version 0.1
|
|
*
|
|
*@copyright (C) 2008 by Erik Winn
|
|
*@license GPL v.2
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111 USA
|
|
|
|
*
|
|
*@package Quasi
|
|
* @subpackage Modules
|
|
*/
|
|
|
|
|
|
class LoginModule extends QPanel
|
|
{
|
|
// Our control block
|
|
protected $objControlBlock;
|
|
//Local reference to the Account object
|
|
protected $objAccount;
|
|
|
|
//shows "you are signed in as .."
|
|
public $lblSignedInAs;
|
|
//shows the login duration, just for fun ..
|
|
public $lblLoginSpan;
|
|
// Shopping cart status display ..
|
|
public $lblShoppingCartStatus;
|
|
|
|
//Input Controls
|
|
public $txtUsername;
|
|
public $txtPassword;
|
|
// Button Controls
|
|
public $btnLogin;
|
|
public $btnLogout;
|
|
|
|
/**
|
|
* LoginModule constructor
|
|
* NOTE: This module ignores the required extra parameters ..
|
|
*@param ContentBlockView - parent controller object.
|
|
*@param mixed - extra parameters, ignored
|
|
*/
|
|
public function __construct( ContentBlockView $objControlBlock, $mixParameters=null)
|
|
{
|
|
//Parent should always be a ContentBlockView
|
|
$this->objControlBlock =& $objControlBlock;
|
|
|
|
try {
|
|
parent::__construct($this->objControlBlock);
|
|
} catch (QCallerException $objExc) {
|
|
$objExc->IncrementOffset();
|
|
throw $objExc;
|
|
}
|
|
|
|
$this->HtmlEntities = false;
|
|
|
|
$this->strTemplate = __QUASI_CORE_TEMPLATES__ . '/LoginModule.tpl.php';
|
|
|
|
$this->objAccount =& IndexPage::$objAccount;
|
|
//if not logged in, set up the login fields
|
|
if( ! $this->objAccount )
|
|
{
|
|
$this->txtUsername = new QTextBox($this, 'username');
|
|
$this->txtUsername->Required = true;
|
|
$this->txtUsername->TabIndex = 1;
|
|
// $this->txtUsername->Name = 'Username: ';
|
|
$this->txtUsername->Text = 'username';
|
|
$this->txtUsername->AddAction(new QFocusEvent(), new QJavaScriptAction( 'clearText(this)'));
|
|
|
|
$this->txtPassword = new QTextBox($this, 'password');
|
|
$this->txtPassword->TextMode = QTextMode::Password;
|
|
$this->txtPassword->Required = true;
|
|
$this->txtPassword->Text = 'password';
|
|
$this->txtPassword->AddAction(new QFocusEvent(), new QJavaScriptAction( 'clearText(this)'));
|
|
if(IndexPage::$blnAjaxOk)
|
|
$this->txtPassword->AddAction(new QEnterKeyEvent(), new QAjaxControlAction($this, 'btnLogin_Click'));
|
|
else
|
|
$this->txtPassword->AddAction(new QEnterKeyEvent(), new QServerControlAction($this, 'btnLogin_Click'));
|
|
$this->txtPassword->CausesValidation = $this;
|
|
$this->txtPassword->TabIndex = 2;
|
|
|
|
// Create Buttons and Actions
|
|
$this->btnLogin = new QButton($this,"LoginButton");
|
|
$this->btnLogin->Text = Quasi::Translate('Login');
|
|
if(IndexPage::$blnAjaxOk)
|
|
$this->btnLogin->AddAction(new QClickEvent(), new QAjaxControlAction($this, 'btnLogin_Click'));
|
|
else
|
|
$this->btnLogin->AddAction(new QClickEvent(), new QServerControlAction($this, 'btnLogin_Click'));
|
|
if(IndexPage::$blnAjaxOk)
|
|
$this->btnLogin->AddAction(new QEnterKeyEvent(), new QAjaxControlAction($this, 'btnLogin_Click'));
|
|
else
|
|
$this->btnLogin->AddAction(new QEnterKeyEvent(), new QServerControlAction($this, 'btnLogin_Click'));
|
|
$this->btnLogin->CausesValidation = $this;
|
|
$this->btnLogin->TabIndex = 3;
|
|
|
|
}//otherwise, set up various logged in info ..
|
|
else
|
|
{
|
|
$this->btnLogout = new QButton($this, "LogoutButton");
|
|
$this->btnLogout->Text = Quasi::Translate('Logout');
|
|
/* eh, this may be causing a bug
|
|
if(IndexPage::$blnAjaxOk)
|
|
$this->btnLogout->AddAction(new QClickEvent(), new QAjaxControlAction($this, 'btnLogout_Click'));
|
|
else
|
|
*/
|
|
$this->btnLogout->AddAction(new QClickEvent(), new QServerControlAction($this, 'btnLogout_Click'));
|
|
$this->lblSignedInAs_Create();
|
|
$this->lblLoginSpan_Create();
|
|
$this->lblShoppingCartStatus_Create();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Quasi supports importing user accounts from OsCommerce - this function checks an OSC style
|
|
* encryption.
|
|
*@param string strInput - the input string
|
|
*@param string strStored - the stored encrypted string
|
|
*@return bool true if valid
|
|
*/
|
|
private function checkOSCPassword($strInput, $strStored)
|
|
{
|
|
// split apart the hash / salt
|
|
$aryStack = explode(':', $strStored);
|
|
|
|
if (sizeof($aryStack) != 2)
|
|
return false;
|
|
|
|
if (md5($aryStack[1] . $strInput) == $aryStack[0])
|
|
return true;
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Quasi native encrypted password check.
|
|
* @todo - improve the encryption scheme
|
|
*@param string strInput - the input string
|
|
*@param string strStored - the stored encrypted string
|
|
*@return bool true if valid
|
|
*/
|
|
private function checkQuasiPassword($strInput, $strStored)
|
|
{
|
|
if( sha1( $strInput ) == $strStored)
|
|
return true;
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* This Function is called when the login button is clicked - it checks the login data
|
|
* returning false if it fails. Failure results in redrawing the form with error messages.
|
|
*/
|
|
public function Validate()
|
|
{
|
|
$blnPassed = false;
|
|
$blnValidPassword = true;
|
|
$this->objAccount = Account::LoadByUsername($this->txtUsername->Text);
|
|
|
|
if(! $this->objAccount || $this->objAccount->StatusId != AccountStatusType::Active)
|
|
{
|
|
$this->objAccount = null;
|
|
unset($_SESSION["AccountLogin"]);
|
|
$this->txtUsername->Warning = Quasi::Translate('Incorrect');
|
|
return $blnPassed;
|
|
}
|
|
|
|
$strInput = $this->txtPassword->Text;
|
|
$strStored = $this->objAccount->Password;
|
|
if(! $this->objAccount->ValidPassword)
|
|
$blnValidPassword = false;
|
|
elseif( $this->checkQuasiPassword($strInput, $strStored))
|
|
$blnPassed = true;
|
|
elseif($this->checkOSCPassword($strInput, $strStored))
|
|
$blnPassed = true;
|
|
|
|
if( ! $blnPassed)
|
|
{
|
|
$this->objAccount = null;
|
|
unset($_SESSION["AccountLogin"]);
|
|
if($blnValidPassword)
|
|
$this->txtPassword->Warning = Quasi::Translate('Incorrect');
|
|
else
|
|
$this->txtPassword->Warning .= Quasi::Translate('Not Valid');
|
|
}
|
|
return $blnPassed;
|
|
}
|
|
|
|
/**
|
|
* This function sets the SESSION['AccountLogin'] and updates the login state and count.
|
|
* If this is a onetime password, it sets valid_password false - the user must save a new
|
|
* password to reset this.
|
|
*/
|
|
public function btnLogin_Click($strFormId, $strControlId, $strParameter)
|
|
{
|
|
$this->objAccount->Online = true;
|
|
$this->objAccount->LoginCount += 1;
|
|
$this->objAccount->LastLogin = date("Y-m-d H:i:s");
|
|
$this->objAccount->UpdateLoginState();
|
|
$_SESSION["AccountLogin"] = serialize($this->objAccount);
|
|
|
|
if( $this->objAccount->OnetimePassword )
|
|
{
|
|
$this->objAccount->ValidPassword = false;
|
|
$this->objAccount->Save();
|
|
Quasi::Redirect( __QUASI_SUBDIRECTORY__ . '/index.php/AccountHome/Settings/Password' );
|
|
}
|
|
|
|
Quasi::Redirect( __QUASI_SUBDIRECTORY__ . LOGIN_REDIRECT );
|
|
/* header( 'Location: http://' . $_SERVER['SERVER_NAME'] . __QUASI_SUBDIRECTORY__ . LOGIN_REDIRECT );
|
|
exit;*/
|
|
}
|
|
/**
|
|
* This function logs out the user and unsets the session variable for the account.
|
|
* @todo - FIXME error on logout if session has timed out already ..
|
|
*/
|
|
public function btnLogout_Click($strFormId, $strControlId, $strParameter)
|
|
{
|
|
if( session_is_registered( 'AccountLogin' ) )
|
|
{
|
|
$this->objAccount = unserialize($_SESSION["AccountLogin"]);
|
|
if($this->objAccount instanceof Account)
|
|
{
|
|
$this->objAccount->Online = false;
|
|
$this->objAccount->UpdateLoginState();
|
|
$this->objAccount = null;
|
|
}
|
|
session_unregister( 'AccountLogin' );
|
|
}
|
|
Quasi::Redirect(__QUASI_SUBDIRECTORY__ . '/index.php/Home');
|
|
}
|
|
/**
|
|
* This a little label indicating who the user is logged it as
|
|
*/
|
|
public function lblSignedInAs_Create()
|
|
{
|
|
$this->lblSignedInAs = new QLabel($this, "SignedInAs");
|
|
$this->lblSignedInAs->HtmlEntities = false;
|
|
|
|
if($this->Account instanceof Account )
|
|
{
|
|
$txt = Quasi::Translate('You are signed in as') . ':<br> <strong>' . $this->objAccount->Username . '</strong>';
|
|
$this->lblSignedInAs->Text = $txt;
|
|
}
|
|
}
|
|
/**
|
|
* Here we create a little label indicating how long the user has been logged in.
|
|
* Note: This is only updated on a full page load.
|
|
*/
|
|
public function lblLoginSpan_Create()
|
|
{
|
|
$this->lblLoginSpan = new QLabel($this, "LoginSpan");
|
|
if($this->Account instanceof Account )
|
|
{
|
|
// $dttLoginTime = QDateTime::FromTimestamp(strtotime( $this->Account->LastLogin) );
|
|
$dttLoginTime = new QDateTime( $this->Account->LastLogin );
|
|
// exit(var_dump($dttLoginTime));
|
|
$txt = 'Logged in ' . $dttLoginTime->Age;
|
|
$this->lblLoginSpan->Text = $txt;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* This creates a small display of the shopping cart status
|
|
* Note: This is only updated on a full page load.
|
|
*/
|
|
public function lblShoppingCartStatus_Create()
|
|
{
|
|
$this->lblShoppingCartStatus = new QLabel($this, 'ShoppingCartStatus');
|
|
$this->lblShoppingCartStatus->HtmlEntities = false;
|
|
$strText = '<img src="' . __QUASI_CORE_IMAGES__ . '/default_shopping_cart_icon.gif"> ';
|
|
if(IndexPage::$objShoppingCart instanceof ShoppingCart )
|
|
{
|
|
// $strText .= Quasi::Translate('You have ');
|
|
$intItemCount = ShoppingCartItem::CountByShoppingCartId(IndexPage::$objShoppingCart->Id);
|
|
if($intItemCount > 0)
|
|
{
|
|
$strText .= $intItemCount . ' ';
|
|
if($intItemCount > 1)
|
|
$strText .= Quasi::Translate('items') . ' ';
|
|
else
|
|
$strText .= Quasi::Translate('item') . ' ';
|
|
}
|
|
else
|
|
$strText .= Quasi::Translate('No items') . ' ';
|
|
|
|
$strText .= Quasi::Translate('in your') . ' ';
|
|
|
|
if($intItemCount)
|
|
$strText .= '<a href="http://' . Quasi::$ServerName . __QUASI_SUBDIRECTORY__ . '/index.php/ShoppingCart' . '">'
|
|
. Quasi::Translate('cart') . '</a>' . '.';
|
|
else
|
|
$strText .= Quasi::Translate('cart') . '.';
|
|
}
|
|
|
|
$this->lblShoppingCartStatus->Text = $strText;
|
|
}
|
|
|
|
public function __get($strName)
|
|
{
|
|
switch ($strName)
|
|
{
|
|
case 'Account':
|
|
return $this->objAccount ;
|
|
default:
|
|
try {
|
|
return parent::__get($strName);
|
|
} catch (QCallerException $objExc) {
|
|
$objExc->IncrementOffset();
|
|
throw $objExc;
|
|
}
|
|
}
|
|
}
|
|
|
|
public function __set($strName, $mixValue)
|
|
{
|
|
switch ($strName)
|
|
{
|
|
case 'Account':
|
|
try {
|
|
return ($this->objAccount = QType::Cast($mixValue, 'Account' ));
|
|
} catch (QInvalidCastException $objExc) {
|
|
$objExc->IncrementOffset();
|
|
throw $objExc;
|
|
}
|
|
|
|
default:
|
|
try {
|
|
return (parent::__set($strName, $mixValue));
|
|
} catch (QCallerException $objExc) {
|
|
$objExc->IncrementOffset();
|
|
throw $objExc;
|
|
}
|
|
}
|
|
}
|
|
|
|
}//end class
|
|
}//end define
|
|
?>
|