1*d403609dSGreg Roach<?php 2*d403609dSGreg Roach 3*d403609dSGreg Roach/** 4*d403609dSGreg Roach * webtrees: online genealogy 5*d403609dSGreg Roach * Copyright (C) 2019 webtrees development team 6*d403609dSGreg Roach * This program is free software: you can redistribute it and/or modify 7*d403609dSGreg Roach * it under the terms of the GNU General Public License as published by 8*d403609dSGreg Roach * the Free Software Foundation, either version 3 of the License, or 9*d403609dSGreg Roach * (at your option) any later version. 10*d403609dSGreg Roach * This program is distributed in the hope that it will be useful, 11*d403609dSGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of 12*d403609dSGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13*d403609dSGreg Roach * GNU General Public License for more details. 14*d403609dSGreg Roach * You should have received a copy of the GNU General Public License 15*d403609dSGreg Roach * along with this program. If not, see <http://www.gnu.org/licenses/>. 16*d403609dSGreg Roach */ 17*d403609dSGreg Roachdeclare(strict_types=1); 18*d403609dSGreg Roach 19*d403609dSGreg Roachnamespace Fisharebest\Webtrees\Http\RequestHandlers; 20*d403609dSGreg Roach 21*d403609dSGreg Roachuse Exception; 22*d403609dSGreg Roachuse Fisharebest\Webtrees\Auth; 23*d403609dSGreg Roachuse Fisharebest\Webtrees\Carbon; 24*d403609dSGreg Roachuse Fisharebest\Webtrees\FlashMessages; 25*d403609dSGreg Roachuse Fisharebest\Webtrees\Http\Controllers\AbstractBaseController; 26*d403609dSGreg Roachuse Fisharebest\Webtrees\I18N; 27*d403609dSGreg Roachuse Fisharebest\Webtrees\Log; 28*d403609dSGreg Roachuse Fisharebest\Webtrees\Services\UpgradeService; 29*d403609dSGreg Roachuse Fisharebest\Webtrees\Services\UserService; 30*d403609dSGreg Roachuse Fisharebest\Webtrees\Session; 31*d403609dSGreg Roachuse Illuminate\Database\Capsule\Manager as DB; 32*d403609dSGreg Roachuse Psr\Http\Message\ResponseInterface; 33*d403609dSGreg Roachuse Psr\Http\Message\ServerRequestInterface; 34*d403609dSGreg Roach 35*d403609dSGreg Roach/** 36*d403609dSGreg Roach * Perform a login. 37*d403609dSGreg Roach */ 38*d403609dSGreg Roachclass LoginAction extends AbstractBaseController 39*d403609dSGreg Roach{ 40*d403609dSGreg Roach /** @var UpgradeService */ 41*d403609dSGreg Roach private $upgrade_service; 42*d403609dSGreg Roach 43*d403609dSGreg Roach /** @var UserService */ 44*d403609dSGreg Roach private $user_service; 45*d403609dSGreg Roach 46*d403609dSGreg Roach /** 47*d403609dSGreg Roach * LoginController constructor. 48*d403609dSGreg Roach * 49*d403609dSGreg Roach * @param UpgradeService $upgrade_service 50*d403609dSGreg Roach * @param UserService $user_service 51*d403609dSGreg Roach */ 52*d403609dSGreg Roach public function __construct(UpgradeService $upgrade_service, UserService $user_service) 53*d403609dSGreg Roach { 54*d403609dSGreg Roach $this->upgrade_service = $upgrade_service; 55*d403609dSGreg Roach $this->user_service = $user_service; 56*d403609dSGreg Roach } 57*d403609dSGreg Roach 58*d403609dSGreg Roach /** 59*d403609dSGreg Roach * Perform a login. 60*d403609dSGreg Roach * 61*d403609dSGreg Roach * @param ServerRequestInterface $request 62*d403609dSGreg Roach * 63*d403609dSGreg Roach * @return ResponseInterface 64*d403609dSGreg Roach */ 65*d403609dSGreg Roach public function handle(ServerRequestInterface $request): ResponseInterface 66*d403609dSGreg Roach { 67*d403609dSGreg Roach $username = $request->getParsedBody()['username'] ?? ''; 68*d403609dSGreg Roach $password = $request->getParsedBody()['password'] ?? ''; 69*d403609dSGreg Roach $url = $request->getParsedBody()['url'] ?? ''; 70*d403609dSGreg Roach 71*d403609dSGreg Roach try { 72*d403609dSGreg Roach $this->doLogin($username, $password); 73*d403609dSGreg Roach 74*d403609dSGreg Roach if (Auth::isAdmin() && $this->upgrade_service->isUpgradeAvailable()) { 75*d403609dSGreg Roach FlashMessages::addMessage(I18N::translate('A new version of webtrees is available.') . ' <a class="alert-link" href="' . e(route('upgrade')) . '">' . I18N::translate('Upgrade to webtrees %s.', '<span dir="ltr">' . $this->upgrade_service->latestVersion() . '</span>') . '</a>'); 76*d403609dSGreg Roach } 77*d403609dSGreg Roach 78*d403609dSGreg Roach // If there was no referring page, redirect to "my page". 79*d403609dSGreg Roach if ($url === '') { 80*d403609dSGreg Roach // Switch to a tree where we have a genealogy record (or keep to the current/default). 81*d403609dSGreg Roach $ged = (string) DB::table('gedcom') 82*d403609dSGreg Roach ->join('user_gedcom_setting', 'gedcom.gedcom_id', '=', 'user_gedcom_setting.gedcom_id') 83*d403609dSGreg Roach ->where('user_id', '=', Auth::id()) 84*d403609dSGreg Roach ->value('gedcom_name'); 85*d403609dSGreg Roach 86*d403609dSGreg Roach $url = route('tree-page', ['ged' => $ged]); 87*d403609dSGreg Roach } 88*d403609dSGreg Roach 89*d403609dSGreg Roach // Redirect to the target URL 90*d403609dSGreg Roach return redirect($url); 91*d403609dSGreg Roach } catch (Exception $ex) { 92*d403609dSGreg Roach // Failed to log in. 93*d403609dSGreg Roach return redirect(route('login', [ 94*d403609dSGreg Roach 'username' => $username, 95*d403609dSGreg Roach 'url' => $url, 96*d403609dSGreg Roach 'error' => $ex->getMessage(), 97*d403609dSGreg Roach ])); 98*d403609dSGreg Roach } 99*d403609dSGreg Roach } 100*d403609dSGreg Roach 101*d403609dSGreg Roach /** 102*d403609dSGreg Roach * Log in, if we can. Throw an exception, if we can't. 103*d403609dSGreg Roach * 104*d403609dSGreg Roach * @param string $username 105*d403609dSGreg Roach * @param string $password 106*d403609dSGreg Roach * 107*d403609dSGreg Roach * @return void 108*d403609dSGreg Roach * @throws Exception 109*d403609dSGreg Roach */ 110*d403609dSGreg Roach private function doLogin(string $username, string $password): void 111*d403609dSGreg Roach { 112*d403609dSGreg Roach if (!$_COOKIE) { 113*d403609dSGreg Roach Log::addAuthenticationLog('Login failed (no session cookies): ' . $username); 114*d403609dSGreg Roach throw new Exception(I18N::translate('You cannot sign in because your browser does not accept cookies.')); 115*d403609dSGreg Roach } 116*d403609dSGreg Roach 117*d403609dSGreg Roach $user = $this->user_service->findByIdentifier($username); 118*d403609dSGreg Roach 119*d403609dSGreg Roach if ($user === null) { 120*d403609dSGreg Roach Log::addAuthenticationLog('Login failed (no such user/email): ' . $username); 121*d403609dSGreg Roach throw new Exception(I18N::translate('The username or password is incorrect.')); 122*d403609dSGreg Roach } 123*d403609dSGreg Roach 124*d403609dSGreg Roach if (!$user->checkPassword($password)) { 125*d403609dSGreg Roach Log::addAuthenticationLog('Login failed (incorrect password): ' . $username); 126*d403609dSGreg Roach throw new Exception(I18N::translate('The username or password is incorrect.')); 127*d403609dSGreg Roach } 128*d403609dSGreg Roach 129*d403609dSGreg Roach if (!$user->getPreference('verified')) { 130*d403609dSGreg Roach Log::addAuthenticationLog('Login failed (not verified by user): ' . $username); 131*d403609dSGreg Roach throw new Exception(I18N::translate('This account has not been verified. Please check your email for a verification message.')); 132*d403609dSGreg Roach } 133*d403609dSGreg Roach 134*d403609dSGreg Roach if (!$user->getPreference('verified_by_admin')) { 135*d403609dSGreg Roach Log::addAuthenticationLog('Login failed (not approved by admin): ' . $username); 136*d403609dSGreg Roach throw new Exception(I18N::translate('This account has not been approved. Please wait for an administrator to approve it.')); 137*d403609dSGreg Roach } 138*d403609dSGreg Roach 139*d403609dSGreg Roach Auth::login($user); 140*d403609dSGreg Roach Log::addAuthenticationLog('Login: ' . Auth::user()->userName() . '/' . Auth::user()->realName()); 141*d403609dSGreg Roach Auth::user()->setPreference('sessiontime', (string) Carbon::now()->unix()); 142*d403609dSGreg Roach 143*d403609dSGreg Roach Session::put('language', Auth::user()->getPreference('language')); 144*d403609dSGreg Roach Session::put('theme', Auth::user()->getPreference('theme')); 145*d403609dSGreg Roach I18N::init(Auth::user()->getPreference('language')); 146*d403609dSGreg Roach } 147*d403609dSGreg Roach} 148