Documentation

Login2
in package
implements ActionInterface Uses BackwardCompatibility

Validates the submitted credentials and logs the user in if they pass.

Table of Contents

Interfaces

ActionInterface
Interface for all action classes.

Properties

$subaction  : string
$subactions  : array<string|int, mixed>
$obj  : object
$backcompat  : array<string|int, mixed>

Methods

call()  : void
Convenience method to load() and execute() an instance of this class.
checkAjax()  : void
Checks whether this is an AJAX request.
checkCookie()  : void
Double check the cookie.
execute()  : void
Actually logs you in.
exportStatic()  : void
Provides a way to export a class's public static properties and methods to global namespace.
load()  : object
Static wrapper for constructor.
main()  : void
Performs checks and then logs the guest in (if they pass the tests).
updateSalt()  : void
Update the user's password salt.
validatePasswordFlood()  : mixed
This protects against brute force attacks on a member's password.
__construct()  : mixed
Constructor. Protected to force instantiation via self::load().
checkActivation()  : mixed
Check activation status of the current user.
checkPasswordFallbacks()  : bool
Checks $_POST['passwrd'] against other possible encrypted strings.
DoLogin()  : mixed
Perform the logging in. (set cookie, call hooks, etc)
phpBB3_password_check()  : string
Custom encryption for phpBB3 based passwords.
validateInput()  : bool
Checks that $_POST['user'] and $_POST['passwrd'] aren't obviously valid.

Properties

$subaction

public string $subaction = 'main'

The requested sub-action. This should be set by the constructor.

$subactions

public static array<string|int, mixed> $subactions = ['main' => 'main', 'salt' => 'updateSalt', 'check' => 'checkCookie']

Available sub-actions.

$obj

protected static object $obj

An instance of this class. This is used by the load() method to prevent mulitple instantiations.

$backcompat

private static array<string|int, mixed> $backcompat = ['func_names' => ['call' => 'Login2', 'checkAjax' => 'checkAjax', 'validatePasswordFlood' => 'validatePasswordFlood']]

BackwardCompatibility settings for this class.

Methods

call()

Convenience method to load() and execute() an instance of this class.

public static call() : void

checkAjax()

Checks whether this is an AJAX request.

public static checkAjax() : void

If so, does the following:

  1. Sets Utils::$context['from_ajax'] to true.
  2. Sets Utils::$context['template_layers'] to an empty array.

checkCookie()

Double check the cookie.

public checkCookie() : void

..

execute()

Actually logs you in.

public execute() : void

What it does:

  • checks credentials and checks that login was successful.
  • it employs protection against a specific IP or user trying to brute force a login to an account.
  • upgrades password encryption on login, if necessary.
  • after successful login, redirects you to $_SESSION['login_url'].
  • accessed from ?action=login2, by forms.

On error, uses the same templates Login() uses.

exportStatic()

Provides a way to export a class's public static properties and methods to global namespace.

public static exportStatic() : void

To do so:

  1. Use this trait in the class.
  2. At the END of the class's file, call its exportStatic() method.

Although it might not seem that way at first glance, this approach conforms to section 2.3 of PSR 1, since executing this method is simply a dynamic means of declaring functions when the file is included; it has no other side effects.

Regarding the $backcompat items:

A class's static properties are not exported to global variables unless explicitly included in $backcompat['prop_names']. Likewise, a class's static methods are not exported as global functions unless explicitly included in $backcompat['func_names'].

$backcompat['prop_names'] is a simple array where the keys are the names of one or more of a class's static properties, and the values are the names of global variables. In each case, the global variable will be set to a reference to the static property. Static properties that are not named in this array will not be exported.

$backcompat['func_names'] is a simple array where the keys are the names of one or more of a class's static methods, and the values are the names that should be used for global functions that will encapsulate those methods. Methods that are not named in this array will not be exported.

Adding non-static properties or methods to the $backcompat arrays will produce runtime errors. It is the responsibility of the developer to make sure not to do this.

load()

Static wrapper for constructor.

public static load() : object
Return values
object

An instance of this class.

main()

Performs checks and then logs the guest in (if they pass the tests).

public main() : void

updateSalt()

Update the user's password salt.

public updateSalt() : void

validatePasswordFlood()

This protects against brute force attacks on a member's password.

public static validatePasswordFlood(int $id_member, string $member_name[, bool|string $password_flood_value = false ][, bool $was_correct = false ][, bool $tfa = false ]) : mixed

Importantly, even if the password was right we DON'T TELL THEM!

Parameters
$id_member : int

The ID of the member

$member_name : string

The name of the member.

$password_flood_value : bool|string = false

False if we don't have a flood value, otherwise a string with a timestamp and number of tries separated by a |

$was_correct : bool = false

Whether or not the password was correct

$tfa : bool = false

Whether we're validating for two-factor authentication

__construct()

Constructor. Protected to force instantiation via self::load().

protected __construct() : mixed

checkActivation()

Check activation status of the current user.

protected checkActivation() : mixed

checkPasswordFallbacks()

Checks $_POST['passwrd'] against other possible encrypted strings.

protected checkPasswordFallbacks() : bool

If a match is found, the old encrypted string is replaced with an updated version that uses modern encryption.

This allows seamlessly updating the encryption after the forum has been upgraded or converted.

Return values
bool

Whether the supplied password was correct.

DoLogin()

Perform the logging in. (set cookie, call hooks, etc)

protected DoLogin() : mixed

phpBB3_password_check()

Custom encryption for phpBB3 based passwords.

protected phpBB3_password_check() : string
Return values
string

The hashed version of $_POST['passwrd']

validateInput()

Checks that $_POST['user'] and $_POST['passwrd'] aren't obviously valid.

protected validateInput() : bool
Return values
bool

False if either URL param is obviously invalid.


        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results