1<?php
2/*
3 * Gallery - a web based photo album viewer and editor
4 * Copyright (C) 2000-2008 Bharat Mediratta
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or (at
9 * your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
19 */
20
21/**
22 * This controller will handle a user logging in to Gallery
23 * @package GalleryCore
24 * @subpackage UserInterface
25 * @author Bharat Mediratta <bharat@menalto.com>
26 * @version $Revision: 17924 $
27 */
28class UserLoginController extends GalleryController {
29
30    /**
31     * ValidationPlugin instances to use when handling this request.  Only used by test code.
32     *
33     * @var array $_plugins (array of GalleryValidationPlugin)
34     * @access private
35     */
36    var $_pluginInstances;
37
38    /**
39     * Tests can use this method to hardwire a specific set of plugin instances to use.
40     * This avoids situations where some of the option instances will do unpredictable
41     * things and derail the tests.
42     *
43     * @param array $pluginInstances of GalleryValidationPlugin
44     */
45    function setPluginInstances($pluginInstances) {
46	$this->_pluginInstances = $pluginInstances;
47    }
48
49    /**
50     * @see GalleryController::isAllowedInMaintenance
51     */
52    function isAllowedInMaintenance() {
53	return true;
54    }
55
56    /**
57     * @see GalleryController::handleRequest
58     */
59    function handleRequest($form) {
60	global $gallery;
61
62	$results = array();
63	$error = array();
64	if (isset($form['action']['login'])) {
65	    if (empty($form['username'])) {
66		$error[] = 'form[error][username][missing]';
67	    }
68
69	    if (empty($form['password'])) {
70		$error[] = 'form[error][password][missing]';
71	    }
72
73	    if (empty($error)) {
74		list ($ret, $isDisabled) = GalleryCoreApi::isDisabledUsername($form['username']);
75		if ($ret) {
76		    return array($ret, null);
77		}
78		if ($isDisabled) {
79		    $error[] = 'form[error][username][disabled]';
80		}
81	    }
82
83	    if (empty($error)) {
84		list ($ret, $user) = GalleryCoreApi::fetchUserByUsername($form['username']);
85		if ($ret && !($ret->getErrorCode() & ERROR_MISSING_OBJECT)) {
86		    return array($ret, null);
87		}
88		GalleryUtilities::unsanitizeInputValues($form['password'], false);
89		$isCorrect = (isset($user) && $user->isCorrectPassword($form['password']));
90
91		/* Prepare for validation */
92		$options = array('pass' => $isCorrect);
93		list ($ret, $options['level']) =
94		    GalleryCoreApi::getPluginParameter('module', 'core', 'validation.level');
95		if ($ret) {
96		    return array($ret, null);
97		}
98		if ($options['level'] == 'MEDIUM') {
99		    $options['key'] = 'core.UserLogin.' . $form['username'];
100		}
101		if ($options['level'] == 'OFF') {
102		    $pluginInstances = array();
103		} else if (isset($this->_pluginInstances)) {
104		    $pluginInstances = $this->_pluginInstances;
105		} else {
106		    list ($ret, $pluginInstances) =
107			GalleryCoreApi::getAllFactoryImplementationIds('GalleryValidationPlugin');
108		    if ($ret) {
109			return array($ret, null);
110		    }
111
112		    foreach (array_keys($pluginInstances) as $pluginId) {
113			list ($ret, $pluginInstances[$pluginId]) =
114			    GalleryCoreApi::newFactoryInstanceById('GalleryValidationPlugin',
115								   $pluginId);
116			if ($ret) {
117			    return array($ret, null);
118			}
119		    }
120		}
121
122		/* Let each plugin do its verification */
123		foreach ($pluginInstances as $plugin) {
124		    list ($ret, $pluginErrors, $continue) =
125			$plugin->performValidation($form, $options);
126		    if ($ret) {
127			return array($ret, null);
128		    }
129
130		    $error = array_merge($error, $pluginErrors);
131		    if (!$continue) {
132			break;
133		    }
134		}
135	    }
136
137	    if (empty($error)) {
138		if ($isCorrect) {
139		    $gallery->setActiveUser($user);
140
141		    $event = GalleryCoreApi::newEvent('Gallery::Login');
142		    $event->setEntity($user);
143		    list ($ret, $redirect) = GalleryCoreApi::postEvent($event);
144		    if ($ret) {
145			return array($ret, null);
146		    }
147
148		    /* Redirect if requested by event listener, otherwise return */
149		    if (!empty($redirect)) {
150			$results['redirect'] = array_shift($redirect);
151		    } else {
152			$results['return'] = 1;
153		    }
154		} else {
155		    $error[] = 'form[error][invalidPassword]';
156		}
157	    }
158
159	    if (!empty($error)) {
160		if (!empty($form['username'])) {
161		    $event = GalleryCoreApi::newEvent('Gallery::FailedLogin');
162		    $event->setData(array('userName' => $form['username']));
163		    list ($ret, $ignored) = GalleryCoreApi::postEvent($event);
164		    if ($ret) {
165			return array($ret, null);
166		    }
167		}
168	    }
169
170	} else if (isset($form['action']['cancel'])) {
171	    $results['return'] = 1;
172	}
173
174	if (!empty($error)) {
175	    $results['delegate']['view'] = 'core.UserAdmin';
176	    $results['delegate']['subView'] = 'core.UserLogin';
177	}
178	$results['status'] = array();
179	$results['error'] = $error;
180
181	return array(null, $results);
182    }
183
184}
185
186/**
187 * This view prompts for login information
188 */
189class UserLoginView extends GalleryView {
190
191    /**
192     * @see GalleryView::loadTemplate
193     */
194    function loadTemplate(&$template, &$form) {
195	global $gallery;
196	$session =& $gallery->getSession();
197
198	/* Check if the default login view URL has been overridden and redirect appropriately */
199	$loginRedirect = $gallery->getConfig('loginRedirect');
200	if (!(isset($loginRedirect['subView']) && $loginRedirect['subView'] == 'core.UserLogin')
201		&& !empty($loginRedirect)) {
202	    /* Do not redirect if we are logged in already */
203	    list ($ret, $isGuest) = GalleryCoreApi::isAnonymousUser();
204	    if ($ret) {
205		return array($ret, null);
206	    }
207
208	    $phpVm = $gallery->getPhpVm();
209	    $urlGenerator =& $gallery->getUrlGenerator();
210	    if ($isGuest && !$phpVm->headers_sent()) {
211		$redirectUrl = $urlGenerator->generateUrl($loginRedirect,
212							  array('forceSessionId' => false,
213							  	'forceFullUrl' => true));
214		$redirectUrl = rtrim(str_replace('&amp;', '&', $redirectUrl), '&? ');
215		$phpVm->header("Location: $redirectUrl");
216		$phpVm->exit_();
217	    }
218	}
219
220	if ($form['formName'] != 'UserLogin') {
221	    $form['formName'] = 'UserLogin';
222	    $form['username'] = '';
223	}
224
225	$reauthenticate = false;
226	list ($ret, $isAdmin) = GalleryCoreApi::isUserInSiteAdminGroup();
227	if ($ret) {
228    	    return array($ret, null);
229	}
230	if ($isAdmin) {
231	    list ($ret, $reauthenticate) = $session->hasSiteAdminSessionExpired();
232	    if ($ret) {
233		return array($ret, null);
234    	    }
235	}
236
237	$template->setVariable('reauthenticate', $reauthenticate);
238	$template->setVariable('controller', 'core.UserLogin');
239	return array(null, array('body' => 'modules/core/templates/UserLogin.tpl'));
240    }
241}
242?>
243