1 | <?php |
||
2 | |||
3 | namespace Apps\Model\Front\User; |
||
4 | |||
5 | use Apps\ActiveRecord\User; |
||
6 | use Apps\ActiveRecord\UserLog; |
||
7 | use Ffcms\Core\App; |
||
8 | use Ffcms\Core\Arch\Model; |
||
9 | use Ffcms\Core\Helper\Crypt; |
||
10 | use Ffcms\Core\Interfaces\iUser; |
||
11 | |||
12 | /** |
||
13 | * Class FormLogin. User login business logic model |
||
14 | * @package Apps\Model\Front\User |
||
15 | */ |
||
16 | class FormLogin extends Model |
||
17 | { |
||
18 | public $login; |
||
19 | public $password; |
||
20 | public $captcha; |
||
21 | |||
22 | private $_captcha = false; |
||
23 | |||
24 | /** |
||
25 | * Construct FormLogin. Pass is captcha used inside |
||
26 | * @param bool $captcha |
||
27 | */ |
||
28 | public function __construct($captcha = false) |
||
29 | { |
||
30 | $this->_captcha = $captcha; |
||
31 | // tell that we shall use csrf protection |
||
32 | parent::__construct(true); |
||
33 | } |
||
34 | |||
35 | /** |
||
36 | * Login validation rules |
||
37 | * @return array |
||
38 | */ |
||
39 | public function rules(): array |
||
40 | { |
||
41 | $rules = [ |
||
42 | [['login', 'password'], 'required'], |
||
43 | ['login', 'length_min', '2'], |
||
44 | ['password', 'length_min', '3'], |
||
45 | ['captcha', 'used'] |
||
46 | ]; |
||
47 | if ($this->_captcha) { |
||
48 | $rules[] = ['captcha', 'App::$Captcha::validate']; |
||
49 | } |
||
50 | return $rules; |
||
51 | } |
||
52 | |||
53 | /** |
||
54 | * Form labels |
||
55 | * @return array |
||
56 | */ |
||
57 | public function labels(): array |
||
58 | { |
||
59 | return [ |
||
60 | 'login' => __('Login or email'), |
||
61 | 'password' => __('Password'), |
||
62 | 'captcha' => __('Captcha') |
||
63 | ]; |
||
64 | } |
||
65 | |||
66 | /** |
||
67 | * Try user auth after form validate |
||
68 | * @return bool |
||
69 | */ |
||
70 | public function tryAuth(): bool |
||
71 | { |
||
72 | /** @var User $user */ |
||
73 | $user = App::$User->where(function ($q) { |
||
74 | $q->where('login', $this->login) |
||
75 | ->orWhere('email', $this->login); |
||
76 | })->first(); |
||
77 | |||
78 | // login found, check if approved and compare password |
||
79 | if ($user && !$user->approve_token) { |
||
80 | // check if legacy password hash used (ffcms 3.0 or early) |
||
81 | if (Crypt::isOldPasswordHash($user->password) && App::$Security->password_hash($this->password) === $user->password) { |
||
0 ignored issues
–
show
Deprecated Code
introduced
by
Loading history...
|
|||
82 | // update password to new blowfish crypt hash |
||
83 | $user->password = Crypt::passwordHash($this->password); |
||
84 | $user->save(); |
||
85 | return $this->openSession($user); |
||
86 | } |
||
87 | |||
88 | // validate new password hash |
||
89 | if (Crypt::passwordVerify($this->password, $user->password)) { |
||
90 | return $this->openSession($user); |
||
91 | } |
||
92 | } |
||
93 | // auth failed |
||
94 | return false; |
||
95 | } |
||
96 | |||
97 | /** |
||
98 | * Open session and store data token to db |
||
99 | * @param iUser $userObject |
||
100 | * @return bool |
||
101 | */ |
||
102 | public function openSession(iUser $userObject): bool |
||
103 | { |
||
104 | if (!$userObject || $userObject->id < 1) { |
||
105 | return false; |
||
106 | } |
||
107 | |||
108 | // write session data |
||
109 | App::$Session->set('ff_user_id', $userObject->id); |
||
110 | |||
111 | // write user log |
||
112 | $log = new UserLog(); |
||
113 | $log->user_id = $userObject->id; |
||
114 | $log->type = 'AUTH'; |
||
115 | $log->message = __('Successful authorization from ip: %ip%', ['ip' => App::$Request->getClientIp()]); |
||
116 | $log->save(); |
||
117 | |||
118 | return true; |
||
119 | } |
||
120 | } |
||
121 |