API tools faq
paste
Advertisement
Guest User

Login Controller

a guest
Jun 3rd, 2013
61
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 6.22 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. if ( ! defined('BASEPATH')) exit('No direct script access allowed');
  4.  
  5. class Login extends Backend_Controller
  6. {
  7.     public function __construct()
  8.     {
  9.         parent::__construct();
  10.         $this->load->model('users_model');
  11.     }
  12.  
  13.     public function index()
  14.     {
  15.         Asset::js('theme::login.js');
  16.  
  17.         $this->template
  18.         ->title('KOW Manager Login')
  19.         ->set_layout('usermanagement')
  20.         ->build('login');
  21.     }
  22.  
  23.     public function form_is_valid()
  24.     {
  25.         /* Set validation rules for post data */
  26.         $this->form_validation->set_rules('username', 'Username', 'trim|required|xss_clean|min_length[6]|max_length[12]|regex_match[/[a-z0-9]/]');
  27.         $this->form_validation->set_rules('password', 'Password', 'trim|required|xss_clean|min_length[6]|max_length[12]|regex_match[/[a-z0-9]/]');
  28.         //$this->form_validation->set_rules('remember', 'Remember Me', 'trim|xss_clean|integer');
  29.  
  30.         /* Form validation passed */
  31.         return $this->form_validation->run();
  32.     }
  33.  
  34.     public function is_user_locked($user_lock_date)
  35.     {
  36.         if ($user_lock_date !== '0000-00-00 00:00:00')
  37.         {
  38.             /* User is locked out */
  39.  
  40.             if (strtotime(gmdate('Y-m-d H:i:s', time())) < strtotime($user_lock_date))
  41.             {
  42.                 /* User is still locked out */
  43.                 return TRUE;
  44.             }
  45.             else
  46.             {
  47.                 /* User is no longer locked out */
  48.                 return FALSE;
  49.             }
  50.  
  51.         }
  52.     }
  53.  
  54.     public function check_user_status($user_status_id)
  55.     {
  56.         /* Match user status */
  57.         switch ($user_status_id)
  58.         {
  59.             case 1:
  60.                 $this->output('Sorry you must verify your account before logging in!', 'Account Unverified', 'Error');
  61.                 break;
  62.             case 3:
  63.                 $this->output('Your account has been suspended!', 'Account Suspended', 'Error');
  64.                 break;
  65.             case 4:
  66.                 $this->output('Your account has been suspended!', 'Account Banned', 'Error');
  67.                 break;
  68.             case 5:
  69.                 $this->output('Your account has been deleted!', 'Account Deleted', 'Error');
  70.                 break;
  71.             default:
  72.                 return;
  73.         }
  74.     }
  75.  
  76.     public function output($message, $title, $status)
  77.     {
  78.         switch (strtoupper($status))
  79.         {
  80.             default:
  81.             case 'ERROR':
  82.                 $status = 'Error';
  83.                 break;
  84.             case 'NOTICE':
  85.                 $status = 'Notice';
  86.                 break;
  87.             case 'SUCCESS':
  88.                 $status = 'Success';
  89.                 break;
  90.             }
  91.             $this->output
  92.                 ->set_content_type('application/json')
  93.                 ->set_output(json_encode(array('output_status' => $status, 'output_title' => $title, 'output_message' => $message)));
  94.     }
  95.  
  96.     public function start_user_session()
  97.     {
  98.         /* Start session with user id and clear previous failed login attempts */
  99.         $this->session->set_userdata('uid', $user_data->user_id);
  100.         $this->session->unset_userdata('failed_logins');
  101.         $this->users_model->insert_session($user_data->user_id, gmdate('Y-m-d H:i:s', time()));
  102.         return;
  103.     }
  104.  
  105.     public function submit()
  106.     {
  107.         if (!$this->form_is_valid())
  108.         {
  109.             $this->output('The form did not validate successfully!', 'Form Not Validated', 'Error');
  110.             return;
  111.         }
  112.  
  113.         /* Post values from login form */
  114.         $post_username = $this->input->post('username');
  115.         $post_password = $this->input->post('password');
  116.  
  117.         /* Test to see value of posted login form */
  118.         //echo '<pre>';
  119.         //var_dump($post_username);
  120.         //var_dump($post_password);
  121.         //echo '</pre>';
  122.         //die();
  123.  
  124.         /* Get user data from post username value */
  125.         $user_data = $this->users_model->get_by('username', $post_username);
  126.  
  127.         /* Test to see value of $user_data */
  128.         //echo '<pre>';
  129.         //var_dump($user_data);
  130.         //echo '</pre>';
  131.         //die();
  132.  
  133.         if (count($user_data) == 0)
  134.         {
  135.             /* User was not found in database */
  136.             $this->output('The user was not found in the database!', 'User Not Found', 'Error');
  137.             return;
  138.         }
  139.  
  140.         /* User was found in database */
  141.  
  142.         if ($this->is_user_locked($user_data->lock_date))
  143.         {
  144.             /* User is locked from logging in from too many failed attempts */
  145.             $this->output('This user account is currently locked!', 'Account Locked', 'Error');
  146.             return;
  147.         }
  148.         else
  149.         {
  150.             /* User can be unlocked and form be resubmitted */
  151.             $this->users_model->unlock_user($user_data->user_id);
  152.         }
  153.  
  154.         /* User is unlocked from logging in */
  155.  
  156.         if ($user_data->user_status_id != 2)
  157.         {
  158.             /* User has a status that is not allowed to proceed */
  159.             $this->user_status_message($user_data->user_status_id);
  160.         }
  161.  
  162.         /* User is registered and validated */
  163.  
  164.         $regenerated_post_password = $this->genfunc->reGenPassHash($post_password, $user_data->password_hash);
  165.  
  166.         $failed_logins = $this->session->userdata('failed_logins');
  167.  
  168.         if ($regenerated_post_password !== $user_data->password)
  169.         {
  170.             /* Password from login from does not match user stored password */
  171.  
  172.             if ($failed_logins == 0)
  173.             {
  174.                 /* First time user has not entered username and password successfully */
  175.                 $this->session->set_userdata('failed_logins', 1);
  176.                 $this->users_model->increase_login_attempt($this->input->ip_address(), $post_username, gmdate('Y-m-d H:i:s', time()));
  177.                 $this->output('Incorrect username and password credentials!', 'Incorrect Login Credentials', 'Error');
  178.                 return;
  179.             }
  180.  
  181.             /* User has atleast one failed login attempt for the current session */
  182.  
  183.             if ($failed_logins !== 4)
  184.             {
  185.                 /* User has a few more chances to get password right */
  186.                 $failed_logins++;
  187.                 $this->session->set_userdata('failed_logins', $failed_logins);
  188.                 $this->users_model->increase_login_attempt($this->input->ip_address(), $post_username, gmdate('Y-m-d H:i:s', time()));
  189.                 $this->output('Incorrect username and password credentials!', 'Incorrect Login Credentials', 'Error');
  190.                 return;
  191.             }
  192.  
  193.             $this->users_model->lock_out_user($user_data->user_id, gmdate('Y-m-d H:i:s', time()+(60*15)));
  194.             //$this->functions_model->send_email('maximum_failed_login_attempts_exceeded', $user_data->email_address, $user_data)
  195.             $this->output('Your account is currently locked, we apologize for the inconvienence. You must wait 15 minutes before you can log in again! An email was sent to the owner of this account! Forgotten your username or password? <a href="forgotusername">Forgot Username</a> or <a href="forgotpassword">Forgot Password</a>', 'Account Locked', 'Error');
  196.             return;
  197.         }
  198.  
  199.         /* Password from login form matches user stored password and user may login */
  200.  
  201.         $this->output('Successful login! Sending you to the dashboard!', 'Login Sucessful', 'Success');
  202.         return;
  203.     }
  204. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!