| [ Index ] |
PHP Cross Reference of Joomla 4.2.2 documentation |
[Summary view] [Print] [Text view]
1 <?php 2 3 /** 4 * @package Joomla.Administrator 5 * @subpackage com_login 6 * 7 * @copyright (C) 2006 Open Source Matters, Inc. <https://www.joomla.org> 8 * @license GNU General Public License version 2 or later; see LICENSE.txt 9 */ 10 11 namespace Joomla\Component\Login\Administrator\Controller; 12 13 use Joomla\CMS\Language\Text; 14 use Joomla\CMS\MVC\Controller\BaseController; 15 use Joomla\CMS\Uri\Uri; 16 17 // phpcs:disable PSR1.Files.SideEffects 18 \defined('_JEXEC') or die; 19 // phpcs:enable PSR1.Files.SideEffects 20 21 /** 22 * Login Controller. 23 * 24 * @since 1.5 25 */ 26 class DisplayController extends BaseController 27 { 28 /** 29 * Method to display a view. 30 * 31 * @param boolean $cachable If true, the view output will be cached 32 * @param array $urlparams An array of safe URL parameters and their variable types, for valid values see {@link \JFilterInput::clean()}. 33 * 34 * @return static This object to support chaining. 35 * 36 * @since 1.5 37 * @throws \Exception 38 */ 39 public function display($cachable = false, $urlparams = false) 40 { 41 /* 42 * Special treatment is required for this component, as this view may be called 43 * after a session timeout. We must reset the view and layout prior to display 44 * otherwise an error will occur. 45 */ 46 $this->input->set('view', 'login'); 47 $this->input->set('layout', 'default'); 48 49 // For non-html formats we do not have login view, so just display 403 instead 50 if ($this->input->get('format', 'html') !== 'html') { 51 throw new \RuntimeException(Text::_('JERROR_ALERTNOAUTHOR'), 403); 52 } 53 54 /** 55 * To prevent clickjacking, only allow the login form to be used inside a frame in the same origin. 56 * So send a X-Frame-Options HTTP Header with the SAMEORIGIN value. 57 * 58 * @link https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet 59 * @link https://tools.ietf.org/html/rfc7034 60 */ 61 $this->app->setHeader('X-Frame-Options', 'SAMEORIGIN'); 62 63 return parent::display(); 64 } 65 66 /** 67 * Method to log in a user. 68 * 69 * @return void 70 */ 71 public function login() 72 { 73 // Check for request forgeries. 74 $this->checkToken(); 75 76 $app = $this->app; 77 78 $model = $this->getModel('login'); 79 $credentials = $model->getState('credentials'); 80 $return = $model->getState('return'); 81 82 $app->login($credentials, array('action' => 'core.login.admin')); 83 84 if (Uri::isInternal($return) && strpos($return, 'tmpl=component') === false) { 85 $app->redirect($return); 86 } else { 87 $app->redirect('index.php'); 88 } 89 } 90 91 /** 92 * Method to log out a user. 93 * 94 * @return void 95 */ 96 public function logout() 97 { 98 $this->checkToken('request'); 99 100 $app = $this->app; 101 102 $userid = $this->input->getInt('uid', null); 103 104 if ($app->get('shared_session', '0')) { 105 $clientid = null; 106 } else { 107 $clientid = $userid ? 0 : 1; 108 } 109 110 $options = array( 111 'clientid' => $clientid, 112 ); 113 114 $result = $app->logout($userid, $options); 115 116 if (!($result instanceof \Exception)) { 117 $model = $this->getModel('login'); 118 $return = $model->getState('return'); 119 120 // Only redirect to an internal URL. 121 if (Uri::isInternal($return)) { 122 $app->redirect($return); 123 } 124 } 125 126 parent::display(); 127 } 128 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Sep 7 05:41:13 2022 | Chilli.vc Blog - For Webmaster,Blog-Writer,System Admin and Domainer |