summaryrefslogtreecommitdiffstats
path: root/application/modules/fbgui/controllers/AuthController.php
blob: 584135605eaddd54a753b3947872c93a3d072ef5 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
<?php
/*
 * Copyright (c) 2011 - OpenSLX GmbH, RZ Uni Freiburg
* This program is free software distributed under the GPL version 2.
* See http://gpl.openslx.org/
*
* If you have any feedback please consult http://feedback.openslx.org/ and
* send your suggestions, praise, or complaints to feedback@openslx.org
*
* General information about OpenSLX can be found at http://openslx.org/
*/

class Fbgui_AuthController extends Zend_Controller_Action {

  public function init() {
    $this->db = Zend_Db_Table::getDefaultAdapter();
    $this->personmapper = new Application_Model_PersonMapper();
  }

  public function indexAction() {
    $this->_helper-> viewRenderer-> setNoRender();
    $this->_helper->redirector('login', 'auth');
  }

  public function loginAction() {
    if (Zend_Auth::getInstance()->hasIdentity()) {
      $this->_redirect('/fbgui/');
    } 
    elseif($_SERVER['SSL_CLIENT_VERIFY'] === 'SUCCESS'){
    	$serial = $_SERVER['SSL_CLIENT_M_SERIAL'];
    	$issuerdn = $_SERVER['SSL_CLIENT_I_DN'];
    	$certificatemapper = new Application_Model_CertificateMapper();
    	$certificate = $certificatemapper->findBy(array('serial' => $serial, 'issuerdn' => $issuerdn));
    	if(isset($certificate)){
	    	if (!$certificate->getRevoked() && !$certificate->getGuestcert() && ($certificate->getExpiredate() - time()) > 0){
	            $person = $this->personmapper->find($certificate->getPersonID());
	            $date = new DateTime();
	            $person->setLogindate($date->getTimestamp());
	            $this->personmapper->save($person);
	            $this->_helper->redirector('selectmembership', 'person');
	            return;
	    	}
    	}
    	$this->_redirect('/fbgui/index/error/certresult/forbidden');
    	
    } 
    else {
    	
      if (!isset($_POST["login"])) {
        $loginForm = new fbgui_Form_Login();
      } else {
        $loginForm = new fbgui_Form_Login($_POST);

        if ($loginForm->isValid($_POST)) {

          $auth = Zend_Auth::getInstance();

          $adapter = new Zend_Auth_Adapter_DbTable($this->db, 'pbs_person', 'email', 'password', 'MD5(CONCAT(?, password_salt))');


          $adapter->setIdentity($loginForm->getValue('email'));
          $adapter->setCredential($loginForm->getValue('password'));

          $result = $auth->authenticate($adapter);

          // TODO: erweiterte fehlerbeschreibung des Users

          if ($result->isValid()) {
            $this->personmapper = new Application_Model_PersonMapper();
            $result = $this->personmapper->findBy(array('email' => Zend_Auth::getInstance()->getIdentity()), true);
            $person = new Application_Model_Person($result[0]);
            $person->setID($result[0]['personID']);
            $date = new DateTime();
            $person->setLogindate($date->getTimestamp());
            $this->personmapper->save($person);
            $this->_helper->redirector('selectmembership', 'person');
            return;
          } else {
            echo "Wrong Email or Password.";
          }
        }
      }
       $this->view->loginForm = $loginForm;
    }
  }

  public function logoutAction() {
    $this->_helper-> viewRenderer-> setNoRender();
    $auth = Zend_Auth::getInstance();
    $auth->clearIdentity();
    Zend_Session::namespaceUnset('userIDs');
    Zend_Session::forgetMe();
    $this->_redirect('/fbgui/index');
#   $this->_helper->redirector('fbgui', 'index');
    return;
  }
}