Open Monograph Press  1.1
 All Classes Namespaces Functions Variables Groups Pages
PKPLoginHandler.inc.php
1 <?php
2 
17 import('classes.handler.Handler');
18 
19 class PKPLoginHandler extends Handler {
23  function PKPLoginHandler() {
24  parent::Handler();
25  }
26 
31  function index($args, $request) {
32  $this->setupTemplate($request);
33  if (Validation::isLoggedIn()) {
34  $request->redirect(null, 'dashboard');
35  }
36 
37  if (Config::getVar('security', 'force_login_ssl') && $request->getProtocol() != 'https') {
38  // Force SSL connections for login
39  $request->redirectSSL();
40  }
41 
42  $sessionManager = SessionManager::getManager();
43  $session = $sessionManager->getUserSession();
44 
45  $templateMgr = TemplateManager::getManager($request);
46 
47  // If the user wasn't expecting a login page, i.e. if they're new to the
48  // site and want to submit a paper, it helps to explain why they need to
49  // register.
50  if($request->getUserVar('loginMessage'))
51  $templateMgr->assign('loginMessage', $request->getUserVar('loginMessage'));
52 
53  $templateMgr->assign('username', $session->getSessionVar('username'));
54  $templateMgr->assign('remember', $request->getUserVar('remember'));
55  $templateMgr->assign('source', $request->getUserVar('source'));
56  $templateMgr->assign('showRemember', Config::getVar('general', 'session_lifetime') > 0);
57 
58  // For force_login_ssl with base_url[...]: make sure SSL used for login form
59  $loginUrl = $this->_getLoginUrl($request);
60  if (Config::getVar('security', 'force_login_ssl')) {
61  $loginUrl = String::regexp_replace('/^http:/', 'https:', $loginUrl);
62  }
63  $templateMgr->assign('loginUrl', $loginUrl);
64 
65  $templateMgr->display('user/login.tpl');
66  }
67 
72  function implicitAuthLogin($args, $request) {
73  if ($request->getProtocol() != 'https')
74  $request->redirectSSL();
75 
76  $wayf_url = Config::getVar('security', 'implicit_auth_wayf_url');
77 
78  if ($wayf_url == '')
79  die('Error in implicit authentication. WAYF URL not set in config file.');
80 
81  $request->redirectUrl($wayf_url . '?target=' . urlencode($request->url('index', 'login', 'implicitAuthReturn')));
82  }
83 
87  function implicitAuthReturn($args, $request) {
88  if (Validation::isLoggedIn()) {
89  $request->redirect(null, 'dashboard');
90  }
91 
92  // Login - set remember to false
93  $user = Validation::login($request->getUserVar('username'), $request->getUserVar('password'), $reason, false);
94 
95  $request->redirect(null, 'dashboard');
96  }
97 
103  function _redirectAfterLogin($request) {
104  $request->redirectHome();
105  }
106 
110  function signIn($args, $request) {
111  $this->setupTemplate($request);
112  if (Validation::isLoggedIn()) {
113  $request->redirect(null, 'dashboard');
114  }
115 
116  if (Config::getVar('security', 'force_login_ssl') && $request->getProtocol() != 'https') {
117  // Force SSL connections for login
118  $request->redirectSSL();
119  }
120 
121  $user = Validation::login($request->getUserVar('username'), $request->getUserVar('password'), $reason, $request->getUserVar('remember') == null ? false : true);
122  if ($user !== false) {
123  if ($user->getMustChangePassword()) {
124  // User must change their password in order to log in
126  $request->redirect(null, null, 'changePassword', $user->getUsername());
127 
128  } else {
129  $source = $request->getUserVar('source');
130  $redirectNonSsl = Config::getVar('security', 'force_login_ssl') && !Config::getVar('security', 'force_ssl');
131  if (isset($source) && !empty($source)) {
132  $request->redirectUrl($source);
133  } elseif ($redirectNonSsl) {
134  $request->redirectNonSSL();
135  } else {
136  $this->_redirectAfterLogin($request);
137  }
138  }
139 
140  } else {
141  $sessionManager = SessionManager::getManager();
142  $session = $sessionManager->getUserSession();
143 
144  $templateMgr = TemplateManager::getManager($request);
145  $templateMgr->assign('username', $request->getUserVar('username'));
146  $templateMgr->assign('remember', $request->getUserVar('remember'));
147  $templateMgr->assign('source', $request->getUserVar('source'));
148  $templateMgr->assign('showRemember', Config::getVar('general', 'session_lifetime') > 0);
149  $templateMgr->assign('error', $reason===null?'user.login.loginError':($reason===''?'user.login.accountDisabled':'user.login.accountDisabledWithReason'));
150  $templateMgr->assign('reason', $reason);
151  $templateMgr->display('user/login.tpl');
152  }
153  }
154 
158  function signOut($args, $request) {
159  $this->setupTemplate($request);
160  if (Validation::isLoggedIn()) {
162  }
163 
164  $source = $request->getUserVar('source');
165  if (isset($source) && !empty($source)) {
166  $request->redirectUrl($request->getProtocol() . '://' . $request->getServerHost() . $source, false);
167  } else {
168  $request->redirect(null, $request->getRequestedPage());
169  }
170  }
171 
175  function lostPassword($args, $request) {
176  $this->setupTemplate($request);
177  $templateMgr = TemplateManager::getManager($request);
178  $templateMgr->display('user/lostPassword.tpl');
179  }
180 
184  function requestResetPassword($args, $request) {
185  $this->setupTemplate($request);
186  $templateMgr = TemplateManager::getManager($request);
187 
188  $email = $request->getUserVar('email');
189  $userDao = DAORegistry::getDAO('UserDAO');
190  $user = $userDao->getUserByEmail($email);
191 
192  if ($user == null || ($hash = Validation::generatePasswordResetHash($user->getId())) == false) {
193  $templateMgr->assign('error', 'user.login.lostPassword.invalidUser');
194  $templateMgr->display('user/lostPassword.tpl');
195 
196  } else {
197  $site = $request->getSite();
198 
199  // Send email confirming password reset
200  import('lib.pkp.classes.mail.MailTemplate');
201  $mail = new MailTemplate('PASSWORD_RESET_CONFIRM');
202  $this->_setMailFrom($request, $mail, $site);
203  $mail->assignParams(array(
204  'url' => $request->url(null, 'login', 'resetPassword', $user->getUsername(), array('confirm' => $hash)),
205  'siteTitle' => $site->getLocalizedTitle()
206  ));
207  $mail->addRecipient($user->getEmail(), $user->getFullName());
208  $mail->send();
209  $templateMgr->assign('pageTitle', 'user.login.resetPassword');
210  $templateMgr->assign('message', 'user.login.lostPassword.confirmationSent');
211  $templateMgr->assign('backLink', $request->url(null, $request->getRequestedPage()));
212  $templateMgr->assign('backLinkLabel', 'user.login');
213  $templateMgr->display('common/message.tpl');
214  }
215  }
216 
221  function resetPassword($args, $request) {
222  $this->setupTemplate($request);
223 
224  $username = isset($args[0]) ? $args[0] : null;
225  $userDao = DAORegistry::getDAO('UserDAO');
226  $confirmHash = $request->getUserVar('confirm');
227 
228  if ($username == null || ($user = $userDao->getByUsername($username)) == null) {
229  $request->redirect(null, null, 'lostPassword');
230  }
231 
232  $templateMgr = TemplateManager::getManager($request);
233 
234  $hash = Validation::generatePasswordResetHash($user->getId());
235  if ($hash == false || $confirmHash != $hash) {
236  $templateMgr->assign('errorMsg', 'user.login.lostPassword.invalidHash');
237  $templateMgr->assign('backLink', $request->url(null, null, 'lostPassword'));
238  $templateMgr->assign('backLinkLabel', 'user.login.resetPassword');
239  $templateMgr->display('common/error.tpl');
240 
241  } else {
242  // Reset password
243  $newPassword = Validation::generatePassword();
244 
245  if ($user->getAuthId()) {
246  $authDao = DAORegistry::getDAO('AuthSourceDAO');
247  $auth = $authDao->getPlugin($user->getAuthId());
248  }
249 
250  if (isset($auth)) {
251  $auth->doSetUserPassword($user->getUsername(), $newPassword);
252  $user->setPassword(Validation::encryptCredentials($user->getId(), Validation::generatePassword())); // Used for PW reset hash only
253  } else {
254  $user->setPassword(Validation::encryptCredentials($user->getUsername(), $newPassword));
255  }
256 
257  $user->setMustChangePassword(1);
258  $userDao->updateObject($user);
259 
260  // Send email with new password
261  $site = $request->getSite();
262  import('lib.pkp.classes.mail.MailTemplate');
263  $mail = new MailTemplate('PASSWORD_RESET');
264  $this->_setMailFrom($request, $mail, $site);
265  $mail->assignParams(array(
266  'username' => $user->getUsername(),
267  'password' => $newPassword,
268  'siteTitle' => $site->getLocalizedTitle()
269  ));
270  $mail->addRecipient($user->getEmail(), $user->getFullName());
271  $mail->send();
272  $templateMgr->assign('pageTitle', 'user.login.resetPassword');
273  $templateMgr->assign('message', 'user.login.lostPassword.passwordSent');
274  $templateMgr->assign('backLink', $request->url(null, $request->getRequestedPage()));
275  $templateMgr->assign('backLinkLabel', 'user.login');
276  $templateMgr->display('common/message.tpl');
277  }
278  }
279 
284  function changePassword($args, $request) {
285  $this->setupTemplate($request);
286 
287  import('lib.pkp.classes.user.form.LoginChangePasswordForm');
288 
289  $passwordForm = new LoginChangePasswordForm($request->getSite());
290  $passwordForm->initData();
291  if (isset($args[0])) {
292  $passwordForm->setData('username', $args[0]);
293  }
294  $passwordForm->display($request);
295  }
296 
300  function savePassword($args, $request) {
301  $this->setupTemplate($request);
302 
303  import('lib.pkp.classes.user.form.LoginChangePasswordForm');
304 
305  $passwordForm = new LoginChangePasswordForm($request->getSite());
306  $passwordForm->readInputData();
307 
308  if ($passwordForm->validate()) {
309  if ($passwordForm->execute()) {
310  $user = Validation::login($passwordForm->getData('username'), $passwordForm->getData('password'), $reason);
311  }
312  $request->redirect(null, 'dashboard');
313 
314  } else {
315  $passwordForm->display($request);
316  }
317  }
318 
326  function _setMailFrom($request, $mail, $site) {
327  $mail->setReplyTo($site->getLocalizedContactEmail(), $site->getLocalizedContactName());
328  return true;
329  }
330 }
331 
332 ?>
static & getDAO($name, $dbconn=null)
static & login($username, $password, &$reason, $remember=false)
static regexp_replace($pattern, $replacement, $subject, $limit=-1)
Definition: String.inc.php:377
static generatePasswordResetHash($userId)
signIn($args, $request)
setupTemplate($request)
savePassword($args, $request)
initData()
Definition: Form.inc.php:227
changePassword($args, $request)
implicitAuthReturn($args, $request)
static generatePassword($length=8)
signOut($args, $request)
static getVar($section, $key, $default=null)
Definition: Config.inc.php:35
lostPassword($args, $request)
Base request handler application class.
Definition: Handler.inc.php:20
Form to change a user&#39;s password in order to login.
_setMailFrom($request, $mail, $site)
requestResetPassword($args, $request)
resetPassword($args, $request)
implicitAuthLogin($args, $request)
static encryptCredentials($username, $password, $encryption=false)
index($args, $request)
Subclass of Mail for mailing a template email.
Handle login/logout requests.