本文整理汇总了PHP中Security::config方法的典型用法代码示例。如果您正苦于以下问题:PHP Security::config方法的具体用法?PHP Security::config怎么用?PHP Security::config使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类Security
的用法示例。
在下文中一共展示了Security::config方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: __construct
/**
* EmailVerificationLoginForm is the same as MemberLoginForm with the following changes:
* - The code has been cleaned up.
* - A form action for users who have lost their verification email has been added.
*
* We add fields in the constructor so the form is generated when instantiated.
*
* @param Controller $controller The parent controller, necessary to create the appropriate form action tag.
* @param string $name The method on the controller that will return this form object.
* @param FieldList|FormField $fields All of the fields in the form - a {@link FieldList} of {@link FormField} objects.
* @param FieldList|FormAction $actions All of the action buttons in the form - a {@link FieldList} of {@link FormAction} objects
* @param bool $checkCurrentUser If set to TRUE, it will be checked if a the user is currently logged in, and if so, only a logout button will be rendered
*/
function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
{
$email_field_label = singleton('Member')->fieldLabel(Member::config()->unique_identifier_field);
$email_field = TextField::create('Email', $email_field_label, null, null, $this)->setAttribute('autofocus', 'autofocus');
$password_field = PasswordField::create('Password', _t('Member.PASSWORD', 'Password'));
$authentication_method_field = HiddenField::create('AuthenticationMethod', null, $this->authenticator_class, $this);
$remember_me_field = CheckboxField::create('Remember', 'Remember me next time?', true);
if ($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) {
$fields = FieldList::create($authentication_method_field);
$actions = FieldList::create(FormAction::create('logout', _t('Member.BUTTONLOGINOTHER', "Log in as someone else")));
} else {
if (!$fields) {
$fields = FieldList::create($authentication_method_field, $email_field, $password_field);
if (Security::config()->remember_username) {
$email_field->setValue(Session::get('SessionForms.MemberLoginForm.Email'));
} else {
// Some browsers won't respect this attribute unless it's added to the form
$this->setAttribute('autocomplete', 'off');
$email_field->setAttribute('autocomplete', 'off');
}
}
if (!$actions) {
$actions = FieldList::create(FormAction::create('doLogin', _t('Member.BUTTONLOGIN', "Log in")), new LiteralField('forgotPassword', '<p id="ForgotPassword"><a href="Security/lostpassword">' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>'), new LiteralField('resendEmail', '<p id="ResendEmail"><a href="Security/verify-email">' . _t('MemberEmailVerification.BUTTONLOSTVERIFICATIONEMAIL', "I've lost my verification email") . '</a></p>'));
}
}
if (isset($_REQUEST['BackURL'])) {
$fields->push(HiddenField::create('BackURL', 'BackURL', $_REQUEST['BackURL']));
}
// Reduce attack surface by enforcing POST requests
$this->setFormMethod('POST', true);
parent::__construct($controller, $name, $fields, $actions);
$this->setValidator(RequiredFields::create('Email', 'Password'));
}
开发者ID:jordanmkoncz,项目名称:silverstripe-memberemailverification,代码行数:46,代码来源:EmailVerificationLoginForm.php
示例2: __construct
/**
* Constructor.
*
* @param Controller $controller
* @param string $name method on the $controller
* @param FieldList $fields
* @param FieldList $actions
* @param bool $checkCurrentUser - show logout button if logged in
*/
public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
{
parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser);
// will be used to get correct Link()
$this->ldapSecController = Injector::inst()->create('LDAPSecurityController');
$usernameField = new TextField('Username', _t('Member.USERNAME', 'Username'), null, null, $this);
$this->Fields()->replaceField('Email', $usernameField);
$this->setValidator(new RequiredFields('Username', 'Password'));
if (Security::config()->remember_username) {
$usernameField->setValue(Session::get('SessionForms.MemberLoginForm.Email'));
} else {
// Some browsers won't respect this attribute unless it's added to the form
$this->setAttribute('autocomplete', 'off');
$usernameField->setAttribute('autocomplete', 'off');
}
// Users can't change passwords unless appropriate a LDAP user with write permissions is
// configured the LDAP connection binding
$this->Actions()->remove($this->Actions()->fieldByName('forgotPassword'));
$allowPasswordChange = Config::inst()->get('LDAPService', 'allow_password_change');
if ($allowPasswordChange && $name != 'LostPasswordForm' && !Member::currentUser()) {
$forgotPasswordLink = sprintf('<p id="ForgotPassword"><a href="%s">%s</a></p>', $this->ldapSecController->Link('lostpassword'), _t('Member.BUTTONLOSTPASSWORD', "I've lost my password"));
$forgotPassword = new LiteralField('forgotPassword', $forgotPasswordLink);
$this->Actions()->add($forgotPassword);
}
// Focus on the Username field when the page is loaded
Requirements::block('MemberLoginFormFieldFocus');
$js = <<<JS
\t\t\t(function() {
\t\t\t\tvar el = document.getElementById("Username");
\t\t\t\tif(el && el.focus && (typeof jQuery == 'undefined' || jQuery(el).is(':visible'))) el.focus();
\t\t\t})();
JS;
Requirements::customScript($js, 'LDAPLoginFormFieldFocus');
}
示例3: run
public function run($request)
{
$algo = Security::config()->password_encryption_algorithm;
if ($algo == 'none') {
$this->debugMessage('Password encryption disabled');
return;
}
// Are there members with a clear text password?
$members = DataObject::get("Member")->where(array('"Member"."PasswordEncryption"' => 'none', '"Member"."Password" IS NOT NULL'));
if (!$members) {
$this->debugMessage('No passwords to encrypt');
return;
}
// Encrypt the passwords...
$this->debugMessage('Encrypting all passwords');
$this->debugMessage(sprintf('The passwords will be encrypted using the %s algorithm', $algo));
foreach ($members as $member) {
// Force the update of the member record, as new passwords get
// automatically encrypted according to the settings, this will do all
// the work for us
$member->PasswordEncryption = $algo;
$member->forceChange();
$member->write();
$this->debugMessage(sprintf('Encrypted credentials for member #%d;', $member->ID));
}
}
示例4: testCleartextPasswordsAreHashedWithDefaultAlgo
public function testCleartextPasswordsAreHashedWithDefaultAlgo()
{
$loader = new MemberCsvBulkLoader();
$results = $loader->load($this->getCurrentRelativePath() . '/MemberCsvBulkLoaderTest_cleartextpws.csv');
$member = $results->Created()->First();
$memberID = $member->ID;
DataObject::flush_and_destroy_cache();
$member = DataObject::get_by_id('Member', $memberID);
// TODO Direct getter doesn't work, wtf!
$this->assertEquals(Security::config()->password_encryption_algorithm, $member->getField('PasswordEncryption'));
$result = $member->checkPassword('mypassword');
$this->assertTrue($result->valid());
}
示例5: __construct
public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
{
// This is now set on the class directly to make it easier to create subclasses
// $this->authenticator_class = $authenticatorClassName;
$customCSS = project() . '/css/member_login.css';
if (Director::fileExists($customCSS)) {
Requirements::css($customCSS);
}
if (isset($_REQUEST['BackURL'])) {
$backURL = $_REQUEST['BackURL'];
} else {
$backURL = Session::get('BackURL');
}
if ($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) {
$fields = new FieldList(new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this));
$actions = new FieldList(new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else")));
} else {
if (!$fields) {
$label = singleton('Member')->fieldLabel(Member::config()->unique_identifier_field);
$fields = new FieldList(new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this), $emailField = new TextField("Email", $label, null, null, $this), new PasswordField("Password", _t('Member.PASSWORD', 'Password')));
if (Security::config()->remember_username) {
$emailField->setValue(Session::get('SessionForms.MemberLoginForm.Email'));
} else {
// Some browsers won't respect this attribute unless it's added to the form
$this->setAttribute('autocomplete', 'off');
$emailField->setAttribute('autocomplete', 'off');
}
if (Security::config()->autologin_enabled) {
$fields->push(new CheckboxField("Remember", _t('Member.REMEMBERME', "Remember me next time?")));
}
}
if (!$actions) {
$actions = new FieldList(new FormAction('dologin', _t('Member.BUTTONLOGIN', "Log in")), new LiteralField('forgotPassword', '<p id="ForgotPassword"><a href="Security/lostpassword">' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>'));
}
}
if (isset($backURL)) {
$fields->push(new HiddenField('BackURL', 'BackURL', $backURL));
}
// Reduce attack surface by enforcing POST requests
$this->setFormMethod('POST', true);
parent::__construct($controller, $name, $fields, $actions);
$this->setValidator(new RequiredFields());
// Focus on the email input when the page is loaded
$js = <<<JS
\t\t\t(function() {
\t\t\t\tvar el = document.getElementById("MemberLoginForm_LoginForm_Email");
\t\t\t\tif(el && el.focus && (typeof jQuery == 'undefined' || jQuery(el).is(':visible'))) el.focus();
\t\t\t})();
JS;
Requirements::customScript($js, 'MemberLoginFormFieldFocus');
}
示例6: __construct
public function __construct(Controller $controller, $name)
{
// Set default fields
$fields = new FieldList(HiddenField::create("AuthenticationMethod", null, $this->authenticator_class, $this), HiddenField::create('tempid', null, $controller->getRequest()->requestVar('tempid')), PasswordField::create("Password", _t('Member.PASSWORD', 'Password')), LiteralField::create('forgotPassword', sprintf('<p id="ForgotPassword"><a href="%s" target="_top">%s</a></p>', $this->getExternalLink('lostpassword'), _t('CMSMemberLoginForm.BUTTONFORGOTPASSWORD', "Forgot password?"))));
if (Security::config()->autologin_enabled) {
$fields->push(new CheckboxField("Remember", _t('Member.REMEMBERME', "Remember me next time?")));
}
// Determine returnurl to redirect to parent page
$logoutLink = $this->getExternalLink('logout');
if ($returnURL = $controller->getRequest()->requestVar('BackURL')) {
$logoutLink = Controller::join_links($logoutLink, '?BackURL=' . urlencode($returnURL));
}
// Make actions
$actions = new FieldList(FormAction::create('dologin', _t('CMSMemberLoginForm.BUTTONLOGIN', "Log back in")), LiteralField::create('doLogout', sprintf('<p id="doLogout"><a href="%s" target="_top">%s</a></p>', $logoutLink, _t('CMSMemberLoginForm.BUTTONLOGOUT', "Log out"))));
parent::__construct($controller, $name, $fields, $actions);
}
示例7: callback
public function callback()
{
$redirectUri = 'http' . (isset($_SERVER['HTTPS']) ? $_SERVER['HTTPS'] ? 's' : '' : '') . '://' . $_SERVER['HTTP_HOST'] . '/GoogleAuthenticatorController/callback';
$client = new Google_Client();
$client->setClientId(GOOGLE_AUTHENTICATOR_CLIENT_ID);
$client->setClientSecret(GOOGLE_AUTHENTICATOR_CLIENT_SECRET);
$client->setRedirectUri($redirectUri);
$client->addScope("email");
if (isset($_GET['code'])) {
$client->authenticate($_GET['code']);
$_SESSION['google_accesstoken'] = $client->getAccessToken();
header('Location: ' . filter_var($redirectUri, FILTER_SANITIZE_URL));
}
if (isset($_SESSION['google_accesstoken']) && $_SESSION['google_accesstoken']) {
$client->setAccessToken($_SESSION['google_accesstoken']);
}
$form = new GoogleAuthenticatorLoginForm($this, 'LoginForm');
if ($client->getAccessToken() && !$client->isAccessTokenExpired()) {
$_SESSION['google_accesstoken'] = $client->getAccessToken();
$token_data = $client->verifyIdToken()->getAttributes();
$email = $token_data['payload']['email'];
$member = Member::get()->filter(array('Email' => $email))->first();
if (isset($_SESSION['BackURL']) && $_SESSION['BackURL'] && Director::is_site_url($_SESSION['BackURL'])) {
$backURL = $_SESSION['BackURL'];
}
if ($member) {
$member->logIn();
if ($backURL) {
return $this->redirect($backURL);
}
if (Security::config()->default_login_dest) {
return $this->redirect(Director::absoluteBaseURL() . Security::config()->default_login_dest);
}
return Controller::curr()->redirectBack();
} else {
$form->sessionMessage("The Google account {$email} is not authorised to access the system.", 'bad');
}
} else {
$form->sessionMessage("There is an error authenticating with Google. Please try again.", 'bad');
}
$loginLink = Director::absoluteURL('/Security/login');
if ($backURL) {
$loginLink .= '?BackURL=' . urlencode($backURL);
}
$loginLink .= '#GoogleAuthenticatorLoginForm_LoginForm_tab';
return $this->redirect($loginLink);
}
示例8: logInUserAndRedirect
protected function logInUserAndRedirect($data)
{
Session::clear('SessionForms.MemberLoginForm.Email');
Session::clear('SessionForms.MemberLoginForm.Remember');
if (Member::currentUser()->isPasswordExpired()) {
if (isset($_REQUEST['BackURL']) && ($backURL = $_REQUEST['BackURL'])) {
Session::set('BackURL', $backURL);
}
$cp = new ChangePasswordForm($this->controller, 'ChangePasswordForm');
$cp->sessionMessage(_t('Member.PASSWORDEXPIRED', 'Your password has expired. Please choose a new one.'), 'good');
return $this->controller->redirect('Security/changepassword');
}
// Absolute redirection URLs may cause spoofing
if (!empty($_REQUEST['BackURL'])) {
$url = $_REQUEST['BackURL'];
if (Director::is_site_url($url)) {
$url = Director::absoluteURL($url);
} else {
// Spoofing attack, redirect to homepage instead of spoofing url
$url = Director::absoluteBaseURL();
}
return $this->controller->redirect($url);
}
// If a default login dest has been set, redirect to that.
if ($url = Security::config()->default_login_dest) {
$url = Controller::join_links(Director::absoluteBaseURL(), $url);
return $this->controller->redirect($url);
}
// Redirect the user to the page where they came from
$member = Member::currentUser();
if ($member) {
$firstname = Convert::raw2xml($member->FirstName);
if (!empty($data['Remember'])) {
Session::set('SessionForms.MemberLoginForm.Remember', '1');
$member->logIn(true);
} else {
$member->logIn();
}
Session::set('Security.Message.message', _t('Member.WELCOMEBACK', "Welcome Back, {firstname}", array('firstname' => $firstname)));
Session::set("Security.Message.type", "good");
}
// Do checks of pagetypes to see where we were and where to go then for the rest redirect to baseurl
// $url = "/resources/";
$url = "/resources/";
$url = Controller::join_links(Director::absoluteBaseURL(), $url);
return $this->controller->redirect($url);
}
示例9: __construct
public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
{
$form_action_url = Controller::join_links(BASE_URL, "Security", $name);
$lost_password_url = Controller::join_links(BASE_URL, "Security", "lostpassword");
if (isset($_REQUEST['BackURL'])) {
$backURL = $_REQUEST['BackURL'];
} else {
$backURL = Session::get('BackURL');
}
$fields = new FieldList(HiddenField::create("AuthenticationMethod", null, $this->authenticator_class, $this), TextField::create('Identity', 'Username or Email'), PasswordField::create("Password", _t('Member.PASSWORD', 'Password')));
if (Security::config()->autologin_enabled) {
$fields->push(new CheckboxField("Remember", _t('Member.REMEMBERME', "Remember me?")));
}
$actions = new FieldList(FormAction::create('dologin', 'Login'), LiteralField::create('forgotPassword', '<p id="ForgotPassword"><a href="' . $lost_password_url . '">' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>'));
// LoginForm does its magic
parent::__construct($controller, $name, $fields, $actions);
$this->setAttribute("action", $form_action_url);
}
开发者ID:helpfulrobot,项目名称:burnbright-silverstripe-auth-username,代码行数:18,代码来源:UsernameOrEmailLoginForm.php
示例10: onBeforeWrite
/**
* Event handler called before writing to the database.
*/
public function onBeforeWrite()
{
if ($this->SetPassword) {
$this->Password = $this->SetPassword;
}
// If a member with the same "unique identifier" already exists with a different ID, don't allow merging.
// Note: This does not a full replacement for safeguards in the controller layer (e.g. in a registration form),
// but rather a last line of defense against data inconsistencies.
$identifierField = Member::config()->unique_identifier_field;
if ($this->{$identifierField}) {
// Note: Same logic as Member_Validator class
$idClause = $this->ID ? sprintf(" AND \"Member\".\"ID\" <> %d", (int) $this->ID) : '';
$existingRecord = DataObject::get_one('Member', sprintf("\"%s\" = '%s' %s", $identifierField, Convert::raw2sql($this->{$identifierField}), $idClause));
if ($existingRecord) {
throw new ValidationException(new ValidationResult(false, _t('Member.ValidationIdentifierFailed', 'Can\'t overwrite existing member #{id} with identical identifier ({name} = {value}))', 'Values in brackets show "fieldname = value", usually denoting an existing email address', array('id' => $existingRecord->ID, 'name' => $identifierField, 'value' => $this->{$identifierField}))));
}
}
// We don't send emails out on dev/tests sites to prevent accidentally spamming users.
// However, if TestMailer is in use this isn't a risk.
if ((Director::isLive() || Email::mailer() instanceof TestMailer) && $this->isChanged('Password') && $this->record['Password'] && $this->config()->notify_password_change) {
$e = Member_ChangePasswordEmail::create();
$e->populateTemplate($this);
$e->setTo($this->Email);
$e->send();
}
// The test on $this->ID is used for when records are initially created.
// Note that this only works with cleartext passwords, as we can't rehash
// existing passwords.
if (!$this->ID && $this->Password || $this->isChanged('Password')) {
// Password was changed: encrypt the password according the settings
$encryption_details = Security::encrypt_password($this->Password, $this->Salt, $this->PasswordEncryption ? $this->PasswordEncryption : Security::config()->password_encryption_algorithm, $this);
// Overwrite the Password property with the hashed value
$this->Password = $encryption_details['password'];
$this->Salt = $encryption_details['salt'];
$this->PasswordEncryption = $encryption_details['algorithm'];
// If we haven't manually set a password expiry
if (!$this->isChanged('PasswordExpiry')) {
// then set it for us
if (self::config()->password_expiry_days) {
$this->PasswordExpiry = date('Y-m-d', time() + 86400 * self::config()->password_expiry_days);
} else {
$this->PasswordExpiry = null;
}
}
}
// save locale
if (!$this->Locale) {
$this->Locale = i18n::get_locale();
}
parent::onBeforeWrite();
}
示例11: getRedirect
/**
* @return SS_HTTPResponse
*/
protected function getRedirect()
{
// Absolute redirection URLs may cause spoofing
if (Session::get('BackURL') && Director::is_site_url(Session::get('BackURL'))) {
return $this->redirect(Session::get('BackURL'));
}
// Spoofing attack, redirect to homepage instead of spoofing url
if (Session::get('BackURL') && !Director::is_site_url(Session::get('BackURL'))) {
return $this->redirect(Director::absoluteBaseURL());
}
// If a default login dest has been set, redirect to that.
if (Security::config()->default_login_dest) {
return $this->redirect(Director::absoluteBaseURL() . Security::config()->default_login_dest);
}
// fallback to redirect back to home page
return $this->redirect(Director::absoluteBaseURL());
}
示例12: install
public function install($config)
{
?>
<html>
<head>
<meta charset="utf-8"/>
<title>Installing SilverStripe...</title>
<link rel="stylesheet" type="text/css" href="<?php
echo FRAMEWORK_NAME;
?>
/dev/install/css/install.css"/>
<script src="<?php
echo FRAMEWORK_NAME;
?>
/thirdparty/jquery/jquery.js"></script>
</head>
<body>
<div class="install-header">
<div class="inner">
<div class="brand">
<span class="logo"></span>
<h1>SilverStripe</h1>
</div>
</div>
</div>
<div id="Navigation"> </div>
<div class="clear"><!-- --></div>
<div class="main">
<div class="inner">
<h2>Installing SilverStripe...</h2>
<p>I am now running through the installation steps (this should take about 30 seconds)</p>
<p>If you receive a fatal error, refresh this page to continue the installation</p>
<ul>
<?php
$webserver = $this->findWebserver();
$isIIS = $this->isIIS();
$isApache = $this->isApache();
flush();
if (isset($config['stats'])) {
if (file_exists(FRAMEWORK_NAME . '/silverstripe_version')) {
$silverstripe_version = file_get_contents(FRAMEWORK_NAME . '/silverstripe_version');
} else {
$silverstripe_version = "unknown";
}
$phpVersion = urlencode(phpversion());
$encWebserver = urlencode($webserver);
$dbType = $config['db']['type'];
// Try to determine the database version from the helper
$databaseVersion = $config['db']['type'];
$helper = $this->getDatabaseConfigurationHelper($dbType);
if ($helper && method_exists($helper, 'getDatabaseVersion')) {
$versionConfig = $config['db'][$dbType];
$versionConfig['type'] = $dbType;
$databaseVersion = urlencode($dbType . ': ' . $helper->getDatabaseVersion($versionConfig));
}
$url = "http://ss2stat.silverstripe.com/Installation/add?SilverStripe={$silverstripe_version}&PHP={$phpVersion}&Database={$databaseVersion}&WebServer={$encWebserver}";
if (isset($_SESSION['StatsID']) && $_SESSION['StatsID']) {
$url .= '&ID=' . $_SESSION['StatsID'];
}
@($_SESSION['StatsID'] = file_get_contents($url));
}
if (file_exists('mysite/_config.php')) {
// Truncate the contents of _config instead of deleting it - we can't re-create it because Windows handles permissions slightly
// differently to UNIX based filesystems - it takes the permissions from the parent directory instead of retaining them
$fh = fopen('mysite/_config.php', 'wb');
fclose($fh);
}
// Escape user input for safe insertion into PHP file
$theme = isset($_POST['template']) ? addcslashes($_POST['template'], "\\'") : 'simple';
$locale = isset($_POST['locale']) ? addcslashes($_POST['locale'], "\\'") : 'en_US';
$type = addcslashes($config['db']['type'], "\\'");
$dbConfig = $config['db'][$type];
$dbConfig = array_map(create_function('$v', 'return addcslashes($v, "\\\'");'), $dbConfig);
if (!isset($dbConfig['path'])) {
$dbConfig['path'] = '';
}
if (!$dbConfig) {
echo "<p style=\"color: red\">Bad config submitted</p><pre>";
print_r($config);
echo "</pre>";
die;
}
// Write the config file
global $usingEnv;
if ($usingEnv) {
$this->statusMessage("Setting up 'mysite/_config.php' for use with _ss_environment.php...");
$this->writeToFile("mysite/_config.php", <<<PHP
<?php
global \$project;
\$project = 'mysite';
global \$database;
\$database = '{$dbConfig['database']}';
//.........这里部分代码省略.........
示例13: logInUserAndRedirect
/**
* Login in the user and figure out where to redirect the browser.
*
* The $data has this format
* array(
* 'AuthenticationMethod' => 'MemberAuthenticator',
* 'Email' => 'sam@silverstripe.com',
* 'Password' => '1nitialPassword',
* 'BackURL' => 'test/link',
* [Optional: 'Remember' => 1 ]
* )
*
* @param array $data
* @return void
*/
protected function logInUserAndRedirect($data)
{
Session::clear('SessionForms.MemberLoginForm.Email');
Session::clear('SessionForms.MemberLoginForm.Remember');
if (Member::currentUser()->isPasswordExpired()) {
if (isset($_REQUEST['BackURL']) && ($backURL = $_REQUEST['BackURL'])) {
Session::set('BackURL', $backURL);
}
$cp = new ChangePasswordForm($this->controller, 'ChangePasswordForm');
$cp->sessionMessage('Your password has expired. Please choose a new one.', 'good');
return $this->controller->redirect('Security/changepassword');
}
// Absolute redirection URLs may cause spoofing
if (isset($_REQUEST['BackURL']) && $_REQUEST['BackURL'] && Director::is_site_url($_REQUEST['BackURL'])) {
return $this->controller->redirect($_REQUEST['BackURL']);
}
// Spoofing attack, redirect to homepage instead of spoofing url
if (isset($_REQUEST['BackURL']) && $_REQUEST['BackURL'] && !Director::is_site_url($_REQUEST['BackURL'])) {
return $this->controller->redirect(Director::absoluteBaseURL());
}
// If a default login dest has been set, redirect to that.
if (Security::config()->default_login_dest) {
return $this->controller->redirect(Director::absoluteBaseURL() . Security::config()->default_login_dest);
}
// Redirect the user to the page where he came from
$member = Member::currentUser();
if ($member) {
$firstname = Convert::raw2xml($member->FirstName);
if (!empty($data['Remember'])) {
Session::set('SessionForms.MemberLoginForm.Remember', '1');
$member->logIn(true);
} else {
$member->logIn();
}
Session::set('Security.Message.message', _t('Member.WELCOMEBACK', "Welcome Back, {firstname}", array('firstname' => $firstname)));
Session::set("Security.Message.type", "good");
}
Controller::curr()->redirectBack();
}
示例14: testSuccessfulLoginAttempts
public function testSuccessfulLoginAttempts()
{
Security::config()->login_recording = true;
/* SUCCESSFUL ATTEMPTS ARE LOGGED */
$this->doTestLoginForm('sam@silverstripe.com', '1nitialPassword');
$attempt = DataObject::get_one('LoginAttempt', array('"LoginAttempt"."Email"' => 'sam@silverstripe.com'));
$member = DataObject::get_one('Member', array('"Member"."Email"' => 'sam@silverstripe.com'));
$this->assertTrue(is_object($attempt));
$this->assertEquals($attempt->Status, 'Success');
$this->assertEquals($attempt->Email, 'sam@silverstripe.com');
$this->assertEquals($attempt->Member(), $member);
}
示例15: record_login_attempt
/**
* Log login attempt
* TODO We could handle this with an extension
*
* @param array $data
* @param Member $member
* @param bool $success
*/
protected static function record_login_attempt($data, $member, $success)
{
if (!Security::config()->login_recording) {
return;
}
// Check email is valid
$email = isset($data['Email']) ? $data['Email'] : null;
if (is_array($email)) {
throw new InvalidArgumentException("Bad email passed to MemberAuthenticator::authenticate(): {$email}");
}
$attempt = new LoginAttempt();
if ($success) {
// successful login (member is existing with matching password)
$attempt->MemberID = $member->ID;
$attempt->Status = 'Success';
// Audit logging hook
$member->extend('authenticated');
} else {
// Failed login - we're trying to see if a user exists with this email (disregarding wrong passwords)
$attempt->Status = 'Failure';
if ($member) {
// Audit logging hook
$attempt->MemberID = $member->ID;
$member->extend('authenticationFailed');
} else {
// Audit logging hook
singleton('Member')->extend('authenticationFailedUnknownUser', $data);
}
}
$attempt->Email = $email;
$attempt->IP = Controller::curr()->getRequest()->getIP();
$attempt->write();
}