1<?php 2/* 3 * Gallery - a web based photo album viewer and editor 4 * Copyright (C) 2000-2008 Bharat Mediratta 5 * 6 * This program is free software; you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation; either version 2 of the License, or (at 9 * your option) any later version. 10 * 11 * This program is distributed in the hope that it will be useful, but 12 * WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * General Public License for more details. 15 * 16 * You should have received a copy of the GNU General Public License 17 * along with this program; if not, write to the Free Software 18 * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. 19 */ 20 21/** 22 * This controller will handle a user logging in to Gallery 23 * @package GalleryCore 24 * @subpackage UserInterface 25 * @author Bharat Mediratta <bharat@menalto.com> 26 * @version $Revision: 17924 $ 27 */ 28class UserLoginController extends GalleryController { 29 30 /** 31 * ValidationPlugin instances to use when handling this request. Only used by test code. 32 * 33 * @var array $_plugins (array of GalleryValidationPlugin) 34 * @access private 35 */ 36 var $_pluginInstances; 37 38 /** 39 * Tests can use this method to hardwire a specific set of plugin instances to use. 40 * This avoids situations where some of the option instances will do unpredictable 41 * things and derail the tests. 42 * 43 * @param array $pluginInstances of GalleryValidationPlugin 44 */ 45 function setPluginInstances($pluginInstances) { 46 $this->_pluginInstances = $pluginInstances; 47 } 48 49 /** 50 * @see GalleryController::isAllowedInMaintenance 51 */ 52 function isAllowedInMaintenance() { 53 return true; 54 } 55 56 /** 57 * @see GalleryController::handleRequest 58 */ 59 function handleRequest($form) { 60 global $gallery; 61 62 $results = array(); 63 $error = array(); 64 if (isset($form['action']['login'])) { 65 if (empty($form['username'])) { 66 $error[] = 'form[error][username][missing]'; 67 } 68 69 if (empty($form['password'])) { 70 $error[] = 'form[error][password][missing]'; 71 } 72 73 if (empty($error)) { 74 list ($ret, $isDisabled) = GalleryCoreApi::isDisabledUsername($form['username']); 75 if ($ret) { 76 return array($ret, null); 77 } 78 if ($isDisabled) { 79 $error[] = 'form[error][username][disabled]'; 80 } 81 } 82 83 if (empty($error)) { 84 list ($ret, $user) = GalleryCoreApi::fetchUserByUsername($form['username']); 85 if ($ret && !($ret->getErrorCode() & ERROR_MISSING_OBJECT)) { 86 return array($ret, null); 87 } 88 GalleryUtilities::unsanitizeInputValues($form['password'], false); 89 $isCorrect = (isset($user) && $user->isCorrectPassword($form['password'])); 90 91 /* Prepare for validation */ 92 $options = array('pass' => $isCorrect); 93 list ($ret, $options['level']) = 94 GalleryCoreApi::getPluginParameter('module', 'core', 'validation.level'); 95 if ($ret) { 96 return array($ret, null); 97 } 98 if ($options['level'] == 'MEDIUM') { 99 $options['key'] = 'core.UserLogin.' . $form['username']; 100 } 101 if ($options['level'] == 'OFF') { 102 $pluginInstances = array(); 103 } else if (isset($this->_pluginInstances)) { 104 $pluginInstances = $this->_pluginInstances; 105 } else { 106 list ($ret, $pluginInstances) = 107 GalleryCoreApi::getAllFactoryImplementationIds('GalleryValidationPlugin'); 108 if ($ret) { 109 return array($ret, null); 110 } 111 112 foreach (array_keys($pluginInstances) as $pluginId) { 113 list ($ret, $pluginInstances[$pluginId]) = 114 GalleryCoreApi::newFactoryInstanceById('GalleryValidationPlugin', 115 $pluginId); 116 if ($ret) { 117 return array($ret, null); 118 } 119 } 120 } 121 122 /* Let each plugin do its verification */ 123 foreach ($pluginInstances as $plugin) { 124 list ($ret, $pluginErrors, $continue) = 125 $plugin->performValidation($form, $options); 126 if ($ret) { 127 return array($ret, null); 128 } 129 130 $error = array_merge($error, $pluginErrors); 131 if (!$continue) { 132 break; 133 } 134 } 135 } 136 137 if (empty($error)) { 138 if ($isCorrect) { 139 $gallery->setActiveUser($user); 140 141 $event = GalleryCoreApi::newEvent('Gallery::Login'); 142 $event->setEntity($user); 143 list ($ret, $redirect) = GalleryCoreApi::postEvent($event); 144 if ($ret) { 145 return array($ret, null); 146 } 147 148 /* Redirect if requested by event listener, otherwise return */ 149 if (!empty($redirect)) { 150 $results['redirect'] = array_shift($redirect); 151 } else { 152 $results['return'] = 1; 153 } 154 } else { 155 $error[] = 'form[error][invalidPassword]'; 156 } 157 } 158 159 if (!empty($error)) { 160 if (!empty($form['username'])) { 161 $event = GalleryCoreApi::newEvent('Gallery::FailedLogin'); 162 $event->setData(array('userName' => $form['username'])); 163 list ($ret, $ignored) = GalleryCoreApi::postEvent($event); 164 if ($ret) { 165 return array($ret, null); 166 } 167 } 168 } 169 170 } else if (isset($form['action']['cancel'])) { 171 $results['return'] = 1; 172 } 173 174 if (!empty($error)) { 175 $results['delegate']['view'] = 'core.UserAdmin'; 176 $results['delegate']['subView'] = 'core.UserLogin'; 177 } 178 $results['status'] = array(); 179 $results['error'] = $error; 180 181 return array(null, $results); 182 } 183 184} 185 186/** 187 * This view prompts for login information 188 */ 189class UserLoginView extends GalleryView { 190 191 /** 192 * @see GalleryView::loadTemplate 193 */ 194 function loadTemplate(&$template, &$form) { 195 global $gallery; 196 $session =& $gallery->getSession(); 197 198 /* Check if the default login view URL has been overridden and redirect appropriately */ 199 $loginRedirect = $gallery->getConfig('loginRedirect'); 200 if (!(isset($loginRedirect['subView']) && $loginRedirect['subView'] == 'core.UserLogin') 201 && !empty($loginRedirect)) { 202 /* Do not redirect if we are logged in already */ 203 list ($ret, $isGuest) = GalleryCoreApi::isAnonymousUser(); 204 if ($ret) { 205 return array($ret, null); 206 } 207 208 $phpVm = $gallery->getPhpVm(); 209 $urlGenerator =& $gallery->getUrlGenerator(); 210 if ($isGuest && !$phpVm->headers_sent()) { 211 $redirectUrl = $urlGenerator->generateUrl($loginRedirect, 212 array('forceSessionId' => false, 213 'forceFullUrl' => true)); 214 $redirectUrl = rtrim(str_replace('&', '&', $redirectUrl), '&? '); 215 $phpVm->header("Location: $redirectUrl"); 216 $phpVm->exit_(); 217 } 218 } 219 220 if ($form['formName'] != 'UserLogin') { 221 $form['formName'] = 'UserLogin'; 222 $form['username'] = ''; 223 } 224 225 $reauthenticate = false; 226 list ($ret, $isAdmin) = GalleryCoreApi::isUserInSiteAdminGroup(); 227 if ($ret) { 228 return array($ret, null); 229 } 230 if ($isAdmin) { 231 list ($ret, $reauthenticate) = $session->hasSiteAdminSessionExpired(); 232 if ($ret) { 233 return array($ret, null); 234 } 235 } 236 237 $template->setVariable('reauthenticate', $reauthenticate); 238 $template->setVariable('controller', 'core.UserLogin'); 239 return array(null, array('body' => 'modules/core/templates/UserLogin.tpl')); 240 } 241} 242?> 243