/**
* @Route(methods="POST", defaults={"_maintenance" = true})
* @Request({"credentials": "array", "remember_me": "boolean", "redirect": "string"})
*/
public function authenticateAction($credentials, $remember = false, $redirect = '')
{
try {
if (!App::csrf()->validate()) {
throw new CsrfException(__('Invalid token. Please try again.'));
}
App::auth()->authorize($user = App::auth()->authenticate($credentials, false));
if (($event = App::auth()->login($user, $remember)) && $event->hasResponse()) {
return $event->getResponse();
}
if (App::request()->isXmlHttpRequest()) {
return App::response()->json(['csrf' => App::csrf()->generate()]);
} else {
return App::redirect(preg_replace('#(https?:)?//[^/]+#', '', $redirect));
}
} catch (CsrfException $e) {
if (App::request()->isXmlHttpRequest()) {
return App::response()->json(['csrf' => App::csrf()->generate()], 401);
}
$error = $e->getMessage();
} catch (BadCredentialsException $e) {
$error = __('Invalid username or password.');
} catch (AuthException $e) {
$error = $e->getMessage();
}
if (App::request()->isXmlHttpRequest()) {
App::abort(401, $error);
} else {
App::message()->error($error);
return App::redirect(preg_replace('#(https?:)?//[^/]+#', '', App::url()->previous()));
}
}
/**
* @Request({"user", "key"})
*/
public function confirmAction($username = "", $activation = "")
{
if (empty($username) || empty($activation) || !($user = User::where(compact('username', 'activation'))->first())) {
return $this->messageView(__('Invalid key.'), $success = false);
}
if ($user->isBlocked()) {
return $this->messageView(__('Your account has not been activated or is blocked.'), $success = false);
}
$error = '';
if ('POST' === App::request()->getMethod()) {
try {
if (!App::csrf()->validate()) {
throw new Exception(__('Invalid token. Please try again.'));
}
$password = App::request()->request->get('password');
if (empty($password)) {
throw new Exception(__('Enter password.'));
}
if ($password != trim($password)) {
throw new Exception(__('Invalid password.'));
}
$user->password = App::get('auth.password')->hash($password);
$user->activation = null;
$user->save();
App::message()->success(__('Your password has been reset.'));
return App::redirect('@user/login');
} catch (Exception $e) {
$error = $e->getMessage();
}
}
return ['$view' => ['title' => __('Reset Confirm'), 'name' => 'system/user/reset-confirm.php'], 'username' => $username, 'activation' => $activation, 'error' => $error];
}
/**
* @Route(methods="POST", defaults={"_maintenance" = true})
* @Request({"credentials": "array", "_remember_me": "boolean"})
*/
public function authenticateAction($credentials, $remember = false)
{
$isXml = App::request()->isXmlHttpRequest();
try {
if (!App::csrf()->validate()) {
throw new AuthException(__('Invalid token. Please try again.'));
}
App::auth()->authorize($user = App::auth()->authenticate($credentials, false));
if (!$isXml) {
return App::auth()->login($user, $remember);
} else {
App::auth()->setUser($user, $remember);
return ['success' => true];
}
} catch (BadCredentialsException $e) {
$error = __('Invalid username or password.');
} catch (AuthException $e) {
$error = $e->getMessage();
}
if (!$isXml) {
App::message()->error($error);
return App::redirect(App::url()->previous());
} else {
App::abort(400, $error);
}
}
/**
* @Route(methods="POST", defaults={"_maintenance" = true})
* @Request({"credentials": "array"})
*/
public function authenticateAction($credentials)
{
try {
if (!App::csrf()->validate()) {
throw new AuthException(__('Invalid token. Please try again.'));
}
App::auth()->authorize($user = App::auth()->authenticate($credentials, false));
return App::auth()->login($user, App::request()->get(Auth::REMEMBER_ME_PARAM));
} catch (BadCredentialsException $e) {
App::message()->error(__('Invalid username or password.'));
} catch (AuthException $e) {
App::message()->error($e->getMessage());
}
return App::redirect(App::url()->previous());
}
/**
* @Request({"user": "******"})
*/
public function registerAction($data)
{
$message = '';
try {
if (App::user()->isAuthenticated() || $this->module->config('registration') == 'admin') {
return App::redirect();
}
if (!App::csrf()->validate()) {
throw new Exception(__('Invalid token. Please try again.'));
}
$password = @$data['password'];
if (trim($password) != $password || strlen($password) < 6) {
throw new Exception(__('Password must be 6 characters or longer.'));
}
$user = User::create(['registered' => new \DateTime(), 'name' => @$data['name'], 'username' => @$data['username'], 'email' => @$data['email'], 'password' => App::get('auth.password')->hash($password), 'status' => User::STATUS_BLOCKED]);
$token = App::get('auth.random')->generateString(32);
$admin = $this->module->config('registration') == 'approval';
if ($verify = $this->module->config('require_verification')) {
$user->activation = $token;
} elseif ($admin) {
$user->activation = $token;
$user->set('verified', true);
} else {
$user->status = User::STATUS_ACTIVE;
}
$user->validate();
$user->save();
if ($verify) {
$this->sendVerificationMail($user);
$message = __('Complete your registration by clicking the link provided in the mail that has been sent to you.');
} elseif ($admin) {
$this->sendApproveMail($user);
$message = __('Your user account has been created and is pending approval by the site administrator.');
} else {
$this->sendWelcomeEmail($user);
$message = __('Your user account has been created.');
}
} catch (Exception $e) {
App::abort(400, $e->getMessage());
}
App::message()->success($message);
return ['message' => $message, 'redirect' => App::url('@user/login', [], true)];
}
