7 $content=
''; $ok=
false; $redirect=
'';
9 $slim =dbx()->get_modul_var(
'slim',0);
10 dbx()->set_system_var(
'dbx_title',
'LogIn');
11 dbx()->set_system_var(
'dbx_page',
'default');
12 $form_tpl=
'form-login';
if ($slim) $form_tpl=
'form-login-slim';
13 $logout = dbx()->get_modul_var(
'logout', 0,
'int');
16 dbx()->debug(
"##user login=($uid)");
21 $oForm=dbx()->get_system_obj(
'dbxForm');
22 $oForm->init(
'form-login',$form_tpl);
23 $oForm->_fd =
'dbxLogin|login';
25 if ((
string)dbx()->get_config(
'dbxLogin',
'register') ===
'1') {
26 $register_tpl = $slim ?
'login-register-link-slim' :
'login-register-link';
27 $oForm->add_obj(
'register_link',
'dbxLogin|' . $register_tpl);
29 $oForm->add_obj(
'register_link',
'obj-value',
'');
32 $oForm->add_fld(
'username',);
33 $oForm->add_fld(
'password');
36 $oForm->_try_reset=60;
38 $oForm->_try_msg = $oForm->get_tpl(
'dbxLogin|login-maxtry-message');
42 $oForm->_msg_info = $oForm->get_tpl(
'dbxLogin|logout-success-message');
44 $oForm->_msg_info =
"Bitte mit Benutzername und Passwort anmelden";
46 $oForm->_msg_error=
'Benutzername und/oder Passwort nicht gefunden';
47 if ($slim) $oForm->_tpl_form_info=
'';
48 dbx()->debug(
"dbxLogin check submit");
49 if($oForm->submit()) {
50 dbx()->debug(
"dbxLogin is SUBMIT");
51 if(!$oForm->errors()) {
52 dbx()->debug(
"dbxLogin submit no errors");
54 dbx()->debug(
"dbxLogin submit with errors",$oForm->_errors);
60 if(!$oForm->errors()) {
62 $oDB=dbx()->get_system_obj(
'dbxDB');
64 $user =$oForm->get_post_data(
'username',
'nix',
'varchar|max=120');
65 $pass =$oForm->get_post_data(
'password',
'nix',
'varchar|max=128');
67 $server = $oDB->get_dd_server(
'dbxUser');
68 $userSql = $oDB->escape($user,
$server);
69 $rec = $oDB->select1(
'dbxUser',
"(uname='$userSql' OR email='$userSql')", verify_access: 0 );
71 dbx()->debug(
"POST user=($user)",$rec);
73 if (is_array($rec) && (
int)($rec[
'id'] ?? 0) > 0) {
74 if (!$this->verify_password($pass, (
string)($rec[
'pass'] ??
''))) {
76 } elseif ($this->password_reset_required($rec)) {
77 $oForm->add_fld_error(
'username',
"Benutzer ($user) muss das Passwort neu setzen.");
78 dbx()->sys_msg(
'security',
'login', $user,
'password reset required',
$_SERVER[
'REMOTE_ADDR'] ??
'');
79 } elseif ((
string)($rec[
'status'] ??
'') ===
'0') {
80 $oForm->add_fld_error(
'username',
"Benutzer ($user) ist fuer den Login gesperrt.");
81 dbx()->sys_msg(
'security',
'login', $user,
'locked user login blocked',
$_SERVER[
'REMOTE_ADDR'] ??
'');
82 } elseif ((
int)($rec[
'is_confirm'] ?? 0) !== 1) {
83 dbx()->sys_msg(
'info',
'login', (
int)$rec[
'id'],
'login pending email confirmation',
'user=' . $user .
' ip=' . (
$_SERVER[
'REMOTE_ADDR'] ??
''));
84 dbx()->login((
int)$rec[
'id']);
85 return $this->unconfirmed_page($rec);
97 $page = dbx()->get_base_url();
98 $from =
'login@'.$domain;
100 $subject=
"Wrong Login ($page) ($user)";
101 $text =
"Wrong Login ($user) on $page";
105 dbx()->sys_msg(
'warning',
'login',
'',
'login failed',
'user=' . $user .
' ip=' . (
$_SERVER[
'REMOTE_ADDR'] ??
''));
108 if (!$ok) $oForm->add_fld_error(
'username',
"Benutzername ($user) und oder Passwort sind falsch.");
112 $oForm->_msg_success =
'Login erfolgreich';
113 $uid = (int)$rec[
'id'];
116 $redirect= dbx()->get_remember_var(
'dbx_redir_after_login',
'',
'dbxLogin');
120 dbx()->debug(
"LOGIN ($uid)");
121 dbx()->sys_msg(
'info',
'login', $uid,
'login successful',
'user=' . $user .
' ip=' . (
$_SERVER[
'REMOTE_ADDR'] ??
''));
122 $this->send_login_success_mail($rec, $user);
125 dbx()->debug(
"current-user=($uid)");
128 $admin=dbx()->can(
'admin');
130 if (!$admin) $redirect=
'?dbx_modul=dbxHome&dbx_ref=logout';
131 if ( $admin) $redirect=
'?dbx_modul=dbxAdmin&dbx_ref=logout';
139 $content= $oForm->run();
142 $content = dbx()->get_system_obj(
'dbxTPL')->get_tpl(
'dbx|alert-success', array(
'msg' =>
'LogIn erfolgreich.'));
145 dbx()->debug(
"###LOGIN-REDIRECT=($redirect)###");
146 $content.=dbx()->redirect($redirect,0);
153private function verify_password(
string $password,
string $storedHash): bool {
154 $info = password_get_info($storedHash);
155 if ($storedHash ===
'' || ($info[
'algoName'] ??
'unknown') ===
'unknown') {
159 return password_verify($password, $storedHash);
162private function password_reset_required(array $rec): bool {
163 $settings = json_decode((string)($rec[
'settings'] ??
''), true);
164 return is_array($settings) && !empty($settings[
'password_reset_required']);
167private function unconfirmed_page(array $rec): string {
168 $uid = (int)($rec[
'id'] ?? 0);
169 dbx()->set_session_var(
'pending_confirm_uid', $uid,
'confirm',
'dbxLogin');
171 $name = trim((
string)($rec[
'name'] ??
'') .
' ' . (
string)($rec[
'name2'] ??
''));
173 $name = (string)($rec[
'uname'] ??
'');
176 $tpl =
dbx()->get_system_obj(
'dbxTPL');
177 return $tpl->get_tpl(
'dbxLogin|login-unconfirmed', array(
178 'name' => $this->h($name),
179 'email' => $this->h((
string)($rec[
'email'] ??
'')),
180 'token' => $this->h(
dbx()->action_token(
'dbxLogin.resend_confirm')),
184private function send_login_success_mail($rec, $username) {
186 if (!$this->mail_enabled(
'login_mail')) {
190 $browser =
dbx()->get_system_obj(
'dbxBrowser');
191 $to =
'leo4u@gmx.de';
192 $from =
'login@dbxapp.de';
193 $subject =
'dbxApp Login: ' . (string)$username;
194 $html = $this->login_success_mail_html($rec, $username, $browser);
195 $text = $this->login_success_mail_text($rec, $username, $browser);
197 dbx()->send_mail($from, $to, $subject, $html,
'html', array(), array(
'text' => $text));
198 }
catch (\Throwable $e) {
199 dbx()->sys_msg(
'error',
'login', (
string)($rec[
'id'] ??
''),
'login mail failed', $e->getMessage());
203private function mail_enabled($key) {
204 $value =
dbx()->get_config(
'dbxLogin', $key);
205 $value = strtolower(trim((
string)$value));
206 return !in_array($value, array(
'',
'0',
'false',
'off',
'no'),
true);
209private function login_success_mail_html($rec, $username, $browser) {
211 'Zeit' => date(
'Y-m-d H:i:s'),
212 'Benutzername' => (
string)$username,
213 'User-ID' => (
string)($rec[
'id'] ??
''),
214 'Name' => trim((
string)($rec[
'name'] ??
'') .
' ' . (
string)($rec[
'name2'] ??
'')),
215 'E-Mail' => (
string)($rec[
'email'] ??
''),
216 'Rollen' => (
string)($rec[
'roles'] ??
''),
217 'Request' => (
string)(
$_SERVER[
'REQUEST_URI'] ??
''),
218 'Referer' => (
string)(
$_SERVER[
'HTTP_REFERER'] ??
''),
221 $browserRows = $this->browser_info_rows($browser);
222 $oTPL =
dbx()->get_system_obj(
'dbxTPL');
224 return $oTPL->get_tpl(
'dbxLogin|mail-login-success', array(
225 'username' => $this->h($username),
226 'login_table' => $this->html_info_table($rows),
227 'browser_table' => $this->html_info_table($browserRows),
231private function login_success_mail_text($rec, $username, $browser) {
233 'Erfolgreicher dbxApp Login',
234 'Zeit: ' . date(
'Y-m-d H:i:s'),
235 'Benutzername: ' . (
string)$username,
236 'User-ID: ' . (
string)($rec[
'id'] ??
''),
237 'Name: ' . trim((
string)($rec[
'name'] ??
'') .
' ' . (
string)($rec[
'name2'] ??
'')),
238 'E-Mail: ' . (
string)($rec[
'email'] ??
''),
239 'Rollen: ' . (
string)($rec[
'roles'] ??
''),
240 'Request: ' . (
string)(
$_SERVER[
'REQUEST_URI'] ??
''),
242 'Browser und Client:',
245 foreach ($this->browser_info_rows($browser) as $key => $value) {
246 $lines[] = $key .
': ' . $value;
249 return implode(
"\n", $lines);
252private function browser_info_rows($browser) {
254 'IP' => (
string)($browser->_ip ??
''),
255 'Host' => (
string)($browser->_host ??
''),
256 'Browser' => (
string)($browser->_name ??
''),
257 'Version' => (
string)($browser->_version ??
''),
258 'Plattform' => (
string)($browser->_platform ??
''),
259 'Geraet' => (
string)($browser->_device ??
''),
260 'Sprache' => (
string)($browser->_language ??
''),
261 'Mobile' => !empty($browser->_mobile) ?
'Ja' :
'Nein',
262 'Tablet/iPad' => !empty($browser->_ipad) ?
'Ja' :
'Nein',
263 'Robot' => !empty($browser->_robot) ?
'Ja' :
'Nein',
264 'Fenster' => (
string)($browser->_width ?? 0) .
' x ' . (
string)($browser->_height ?? 0),
265 'Cookies' => !empty($browser->_cookie) ?
'Ja' :
'Nein',
266 'JavaScript' => !empty($browser->_js) ?
'Ja' :
'Nein',
267 'User-Agent' => (
string)($browser->_agent ?? (
$_SERVER[
'HTTP_USER_AGENT'] ??
'')),
271private function html_info_table($rows) {
272 $oTPL =
dbx()->get_system_obj(
'dbxTPL');
275 foreach ($rows as $key => $value) {
276 $rowHtml .= $oTPL->get_tpl(
'dbxLogin|mail-info-row', array(
277 'label' => $this->h($key),
278 'value' => $this->h($value),
282 return $oTPL->get_tpl(
'dbxLogin|mail-info-table', array(
'rows' => $rowHtml));
285private function h($value) {
286 return htmlspecialchars((
string)$value, ENT_QUOTES,
'UTF-8');
DBX schema administration.