public function loginform_do_login($form)
{
$name = $form->habari_username->value;
$pass = $form->habari_password->value;
if (null != $name || null != $pass) {
$user = User::authenticate($name, $pass);
if ($user instanceof User && $user != false) {
$userinfo = $user->info;
// if there's an unused password reset token, unset it to make sure there's no possibility of a compromise that way
if (isset($userinfo->password_reset)) {
unset($userinfo->password_reset);
}
/* Successfully authenticated. */
// Timestamp last login date and time.
$user->info->authenticate_time = DateTime::create()->format('Y-m-d H:i:s');
$user->update();
// Remove left over expired session error message.
if (Session::has_errors('expired_session')) {
Session::remove_error('expired_session');
}
$login_session = Session::get_set('login');
if (!empty($login_session)) {
/* Now that we know we're dealing with the same user, transfer the form data so he does not lose his request */
if (!empty($login_session['post_data'])) {
Session::add_to_set('last_form_data', $last_form_data['post'], 'post');
}
if (!empty($login_session['get_data'])) {
Session::add_to_set('last_form_data', $last_form_data['get'], 'get');
}
// don't bother parsing out the URL, we store the URI that was requested, so just append that to the hostname and we're done
$login_dest = Site::get_url('host') . $login_session['original'];
} else {
$login_session = null;
$login_dest = Site::get_url('admin');
}
// filter the destination
$login_dest = Plugins::filter('login_redirect_dest', $login_dest, $user, $login_session);
// finally, redirect to the destination
Utils::redirect($login_dest);
return true;
}
/* Authentication failed. */
// Remove submitted password, see, we're secure!
$form->habari_password->value = '';
$this->handler_vars['error'] = _t('Bad credentials');
}
}