brennen
/
quasicms
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
A Qcodo based CMS/ecommerce framework
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
1 Branch
3.2 MiB
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
quasicms/core/modules/LoginModule.class.php

382 lines
16 KiB
Raw Permalink Blame History

<?php
if(!defined('QUASICMS') ) die("No quasi.");
if (!defined("LOGINMODULE.CLASS.PHP")){
define("LOGINMODULE.CLASS.PHP",1);
/**
* Class LoginModule - a login block
* This class provides a basic login module that may be assigned (once per page)
* to any content block. It validates that the fields are filled in, checks the account
* table for the username and performs a match on the password. It supports both
* Quasi native and OsCommerce encryption schemes (checking for both).
*
* On successful login the module will display the username and the length of time
* that they have been logged in as well as a shopping cart status if the shopping
* cart module is enabled. The user is redirected to a configurable landing page
* (defaulting to "AccountHome").On failure, the entry fields are redrawn and an
* error message is displayed.
*
* This module also provides a link to a registration page and a password retrieval
* page - these should exist in the page table and contain modules for each of these
* functions (CreateAccountModule and LostPasswordModule).
*
* The module stores an Account object in serialized form in $_SESSION['AccountLogin']
* if login succeeds. Session timeout as configured for PHP determines the idle timeout.
*
*@todo
* - more elegant error messages, its a bit messy ..
* - create an enable/disable interface that will ensure that the registration and lost
* password pages and modules exist.
* - allow disabling individual parts, esp. shopping cart status
* - when accepting an old oscommerce style password, transform to new style ..
*
*@author Erik Winn <erikwinnmail@yahoo.com>
*
* $Id: LoginModule.class.php 516 2009-03-19 20:14:17Z erikwinn $
*@version 0.1
*
*@copyright (C) 2008 by Erik Winn
*@license GPL v.2
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111 USA
*
*@package Quasi
* @subpackage Modules
*/
class LoginModule extends QPanel
{
// Our control block
protected $objControlBlock;
//Local reference to the Account object
protected $objAccount;
//shows "you are signed in as .."
public $lblSignedInAs;
//shows the login duration, just for fun ..
public $lblLoginSpan;
// Shopping cart status display ..
public $lblShoppingCartStatus;
//Input Controls
public $txtUsername;
public $txtPassword;
// Button Controls
public $btnLogin;
public $btnLogout;
/**
* LoginModule constructor
* NOTE: This module ignores the required extra parameters ..
*@param ContentBlockView - parent controller object.
*@param mixed - extra parameters, ignored
*/
public function __construct( ContentBlockView $objControlBlock, $mixParameters=null)
{
//Parent should always be a ContentBlockView
$this->objControlBlock =& $objControlBlock;
try {
parent::__construct($this->objControlBlock);
} catch (QCallerException $objExc) {
$objExc->IncrementOffset();
throw $objExc;
}
$this->HtmlEntities = false;
$this->strTemplate = __QUASI_CORE_TEMPLATES__ . '/LoginModule.tpl.php';
$this->objAccount =& IndexPage::$objAccount;
//if not logged in, set up the login fields
if( ! $this->objAccount )
{
$this->txtUsername = new QTextBox($this, 'username');
$this->txtUsername->Required = true;
$this->txtUsername->TabIndex = 1;
// $this->txtUsername->Name = 'Username: ';
$this->txtUsername->Text = 'username';
$this->txtUsername->AddAction(new QFocusEvent(), new QJavaScriptAction( 'clearText(this)'));
$this->txtPassword = new QTextBox($this, 'password');
$this->txtPassword->TextMode = QTextMode::Password;
$this->txtPassword->Required = true;
$this->txtPassword->Text = 'password';
$this->txtPassword->AddAction(new QFocusEvent(), new QJavaScriptAction( 'clearText(this)'));
if(IndexPage::$blnAjaxOk)
$this->txtPassword->AddAction(new QEnterKeyEvent(), new QAjaxControlAction($this, 'btnLogin_Click'));
else
$this->txtPassword->AddAction(new QEnterKeyEvent(), new QServerControlAction($this, 'btnLogin_Click'));
$this->txtPassword->CausesValidation = $this;
$this->txtPassword->TabIndex = 2;
// Create Buttons and Actions
$this->btnLogin = new QButton($this,"LoginButton");
$this->btnLogin->Text = Quasi::Translate('Login');
if(IndexPage::$blnAjaxOk)
$this->btnLogin->AddAction(new QClickEvent(), new QAjaxControlAction($this, 'btnLogin_Click'));
else
$this->btnLogin->AddAction(new QClickEvent(), new QServerControlAction($this, 'btnLogin_Click'));
if(IndexPage::$blnAjaxOk)
$this->btnLogin->AddAction(new QEnterKeyEvent(), new QAjaxControlAction($this, 'btnLogin_Click'));
else
$this->btnLogin->AddAction(new QEnterKeyEvent(), new QServerControlAction($this, 'btnLogin_Click'));
$this->btnLogin->CausesValidation = $this;
$this->btnLogin->TabIndex = 3;
}//otherwise, set up various logged in info ..
else
{
$this->btnLogout = new QButton($this, "LogoutButton");
$this->btnLogout->Text = Quasi::Translate('Logout');
/* eh, this may be causing a bug
if(IndexPage::$blnAjaxOk)
$this->btnLogout->AddAction(new QClickEvent(), new QAjaxControlAction($this, 'btnLogout_Click'));
else
*/
$this->btnLogout->AddAction(new QClickEvent(), new QServerControlAction($this, 'btnLogout_Click'));
$this->lblSignedInAs_Create();
$this->lblLoginSpan_Create();
$this->lblShoppingCartStatus_Create();
}
}
/**
* Quasi supports importing user accounts from OsCommerce - this function checks an OSC style
* encryption.
*@param string strInput - the input string
*@param string strStored - the stored encrypted string
*@return bool true if valid
*/
private function checkOSCPassword($strInput, $strStored)
{
// split apart the hash / salt
$aryStack = explode(':', $strStored);
if (sizeof($aryStack) != 2)
return false;
if (md5($aryStack[1] . $strInput) == $aryStack[0])
return true;
return false;
}
/**
* Quasi native encrypted password check.
* @todo - improve the encryption scheme
*@param string strInput - the input string
*@param string strStored - the stored encrypted string
*@return bool true if valid
*/
private function checkQuasiPassword($strInput, $strStored)
{
if( sha1( $strInput ) == $strStored)
return true;
return false;
}
/**
* This Function is called when the login button is clicked - it checks the login data
* returning false if it fails. Failure results in redrawing the form with error messages.
*/
public function Validate()
{
$blnPassed = false;
$blnValidPassword = true;
$this->objAccount = Account::LoadByUsername($this->txtUsername->Text);
if(! $this->objAccount || $this->objAccount->StatusId != AccountStatusType::Active)
{
$this->objAccount = null;
unset($_SESSION["AccountLogin"]);
$this->txtUsername->Warning = Quasi::Translate('Incorrect');
return $blnPassed;
}
$strInput = $this->txtPassword->Text;
$strStored = $this->objAccount->Password;
if(! $this->objAccount->ValidPassword)
$blnValidPassword = false;
elseif( $this->checkQuasiPassword($strInput, $strStored))
$blnPassed = true;
elseif($this->checkOSCPassword($strInput, $strStored))
$blnPassed = true;
if( ! $blnPassed)
{
$this->objAccount = null;
unset($_SESSION["AccountLogin"]);
if($blnValidPassword)
$this->txtPassword->Warning = Quasi::Translate('Incorrect');
else
$this->txtPassword->Warning .= Quasi::Translate('Not Valid');
}
return $blnPassed;
}
/**
* This function sets the SESSION['AccountLogin'] and updates the login state and count.
* If this is a onetime password, it sets valid_password false - the user must save a new
* password to reset this.
*/
public function btnLogin_Click($strFormId, $strControlId, $strParameter)
{
$this->objAccount->Online = true;
$this->objAccount->LoginCount += 1;
$this->objAccount->LastLogin = date("Y-m-d H:i:s");
$this->objAccount->UpdateLoginState();
$_SESSION["AccountLogin"] = serialize($this->objAccount);
if( $this->objAccount->OnetimePassword )
{
$this->objAccount->ValidPassword = false;
$this->objAccount->Save();
Quasi::Redirect( __QUASI_SUBDIRECTORY__ . '/index.php/AccountHome/Settings/Password' );
}
Quasi::Redirect( __QUASI_SUBDIRECTORY__ . LOGIN_REDIRECT );
/* header( 'Location: http://' . $_SERVER['SERVER_NAME'] . __QUASI_SUBDIRECTORY__ . LOGIN_REDIRECT );
exit;*/
}
/**
* This function logs out the user and unsets the session variable for the account.
* @todo - FIXME error on logout if session has timed out already ..
*/
public function btnLogout_Click($strFormId, $strControlId, $strParameter)
{
if( session_is_registered( 'AccountLogin' ) )
{
$this->objAccount = unserialize($_SESSION["AccountLogin"]);
if($this->objAccount instanceof Account)
{
$this->objAccount->Online = false;
$this->objAccount->UpdateLoginState();
$this->objAccount = null;
}
session_unregister( 'AccountLogin' );
}
Quasi::Redirect(__QUASI_SUBDIRECTORY__ . '/index.php/Home');
}
/**
* This a little label indicating who the user is logged it as
*/
public function lblSignedInAs_Create()
{
$this->lblSignedInAs = new QLabel($this, "SignedInAs");
$this->lblSignedInAs->HtmlEntities = false;
if($this->Account instanceof Account )
{
$txt = Quasi::Translate('You are signed in as') . ':<br>&nbsp;&nbsp;<strong>' . $this->objAccount->Username . '</strong>';
$this->lblSignedInAs->Text = $txt;
}
}
/**
* Here we create a little label indicating how long the user has been logged in.
* Note: This is only updated on a full page load.
*/
public function lblLoginSpan_Create()
{
$this->lblLoginSpan = new QLabel($this, "LoginSpan");
if($this->Account instanceof Account )
{
// $dttLoginTime = QDateTime::FromTimestamp(strtotime( $this->Account->LastLogin) );
$dttLoginTime = new QDateTime( $this->Account->LastLogin );
// exit(var_dump($dttLoginTime));
$txt = 'Logged in ' . $dttLoginTime->Age;
$this->lblLoginSpan->Text = $txt;
}
}
/**
* This creates a small display of the shopping cart status
* Note: This is only updated on a full page load.
*/
public function lblShoppingCartStatus_Create()
{
$this->lblShoppingCartStatus = new QLabel($this, 'ShoppingCartStatus');
$this->lblShoppingCartStatus->HtmlEntities = false;
$strText = '<img src="' . __QUASI_CORE_IMAGES__ . '/default_shopping_cart_icon.gif"> &nbsp;&nbsp;';
if(IndexPage::$objShoppingCart instanceof ShoppingCart )
{
// $strText .= Quasi::Translate('You have ');
$intItemCount = ShoppingCartItem::CountByShoppingCartId(IndexPage::$objShoppingCart->Id);
if($intItemCount > 0)
{
$strText .= $intItemCount . ' ';
if($intItemCount > 1)
$strText .= Quasi::Translate('items') . ' ';
else
$strText .= Quasi::Translate('item') . ' ';
}
else
$strText .= Quasi::Translate('No items') . ' ';
$strText .= Quasi::Translate('in your') . ' ';
if($intItemCount)
$strText .= '<a href="http://' . Quasi::$ServerName . __QUASI_SUBDIRECTORY__ . '/index.php/ShoppingCart' . '">'
. Quasi::Translate('cart') . '</a>' . '.';
else
$strText .= Quasi::Translate('cart') . '.';
}
$this->lblShoppingCartStatus->Text = $strText;
}
public function __get($strName)
{
switch ($strName)
{
case 'Account':
return $this->objAccount ;
default:
try {
return parent::__get($strName);
} catch (QCallerException $objExc) {
$objExc->IncrementOffset();
throw $objExc;
}
}
}
public function __set($strName, $mixValue)
{
switch ($strName)
{
case 'Account':
try {
return ($this->objAccount = QType::Cast($mixValue, 'Account' ));
} catch (QInvalidCastException $objExc) {
$objExc->IncrementOffset();
throw $objExc;
}
default:
try {
return (parent::__set($strName, $mixValue));
} catch (QCallerException $objExc) {
$objExc->IncrementOffset();
throw $objExc;
}
}
}
}//end class
}//end define
?>