/** * Method for allowing a user to reset their password * @param {stdClass} $data Data passed from ActionScript * @return {array} Returns a standard response array */ public function lostPassword($data) { $response = CodeBank_ClientAPI::responseBase(); $response['login'] = true; $SQL_email = Convert::raw2sql($data->user); $member = Member::get_one('Member', "\"Email\"='{$SQL_email}'"); // Allow vetoing forgot password requests $sng = new MemberLoginForm(Controller::has_curr() ? Controller::curr() : singleton('Controller'), 'LoginForm'); $results = $sng->extend('forgotPassword', $member); if ($results && is_array($results) && in_array(false, $results, true)) { $response['status'] = 'HELO'; $response['message'] = _t('CodeBankAPI.PASSWORD_SENT_TEXT', "A reset link has been sent to '{email}', provided an account exists for this email address.", array('email' => $data['Email'])); } if ($member) { $token = $member->generateAutologinTokenAndStoreHash(); $e = Member_ForgotPasswordEmail::create(); $e->populateTemplate($member); $e->populateTemplate(array('PasswordResetLink' => Security::getPasswordResetLink($member, $token))); $e->setTo($member->Email); $e->send(); $response['status'] = 'HELO'; $response['message'] = _t('CodeBankAPI.PASSWORD_SENT_TEXT', "A reset link has been sent to '{email}', provided an account exists for this email address.", array('email' => $data->user)); } else { if (!empty($data->user)) { $response['status'] = 'HELO'; $response['message'] = _t('CodeBankAPI.PASSWORD_SENT_TEXT', "A reset link has been sent to '{email}', provided an account exists for this email address.", array('email' => $data->user)); } else { $response['status'] = 'EROR'; $response['message'] = _t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'); } } return $response; }
public function run() { $memberLoginForm = new MemberLoginForm(); if (isset($_POST['MemberLoginForm'])) { $memberLoginForm->attributes = $_POST['MemberLoginForm']; if ($memberLoginForm->validate() && $memberLoginForm->login()) { $this->controller->redirect(Yii::app()->user->returnUrl); } } $this->render('loginFormWidget', array('memberLoginForm' => $memberLoginForm)); }
/** * Constructor. * * @param Controller $controller * @param string $name method on the $controller * @param FieldList $fields * @param FieldList $actions * @param bool $checkCurrentUser - show logout button if logged in */ public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true) { parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser); // will be used to get correct Link() $this->ldapSecController = Injector::inst()->create('LDAPSecurityController'); $usernameField = new TextField('Username', _t('Member.USERNAME', 'Username'), null, null, $this); $this->Fields()->replaceField('Email', $usernameField); $this->setValidator(new RequiredFields('Username', 'Password')); if (Security::config()->remember_username) { $usernameField->setValue(Session::get('SessionForms.MemberLoginForm.Email')); } else { // Some browsers won't respect this attribute unless it's added to the form $this->setAttribute('autocomplete', 'off'); $usernameField->setAttribute('autocomplete', 'off'); } // Users can't change passwords unless appropriate a LDAP user with write permissions is // configured the LDAP connection binding $this->Actions()->remove($this->Actions()->fieldByName('forgotPassword')); $allowPasswordChange = Config::inst()->get('LDAPService', 'allow_password_change'); if ($allowPasswordChange && $name != 'LostPasswordForm' && !Member::currentUser()) { $forgotPasswordLink = sprintf('<p id="ForgotPassword"><a href="%s">%s</a></p>', $this->ldapSecController->Link('lostpassword'), _t('Member.BUTTONLOSTPASSWORD', "I've lost my password")); $forgotPassword = new LiteralField('forgotPassword', $forgotPasswordLink); $this->Actions()->add($forgotPassword); } // Focus on the Username field when the page is loaded Requirements::block('MemberLoginFormFieldFocus'); $js = <<<JS \t\t\t(function() { \t\t\t\tvar el = document.getElementById("Username"); \t\t\t\tif(el && el.focus && (typeof jQuery == 'undefined' || jQuery(el).is(':visible'))) el.focus(); \t\t\t})(); JS; Requirements::customScript($js, 'LDAPLoginFormFieldFocus'); }
/** * Taken from MemberLoginForm::__construct with minor changes */ public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true) { $customCSS = project() . '/css/member_login.css'; if (Director::fileExists($customCSS)) { Requirements::css($customCSS); } if (isset($_REQUEST['BackURL'])) { $backURL = $_REQUEST['BackURL']; } else { $backURL = Session::get('BackURL'); } if ($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) { $fields = new FieldList(new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this)); $actions = new FieldList(new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else"))); } else { if (!$fields) { $fields = new FieldList(new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this)); } if (!$actions) { $actions = new FieldList(new FormAction('dologin', _t('GoogleAuthenticator.BUTTONLOGIN', "Log in with Google"))); } } if (isset($backURL)) { $fields->push(new HiddenField('BackURL', 'BackURL', $backURL)); } // Allow GET method for callback $this->setFormMethod('GET', true); parent::__construct($controller, $name, $fields, $actions); }
/** * EmailVerificationLoginForm is the same as MemberLoginForm with the following changes: * - The code has been cleaned up. * - A form action for users who have lost their verification email has been added. * * We add fields in the constructor so the form is generated when instantiated. * * @param Controller $controller The parent controller, necessary to create the appropriate form action tag. * @param string $name The method on the controller that will return this form object. * @param FieldList|FormField $fields All of the fields in the form - a {@link FieldList} of {@link FormField} objects. * @param FieldList|FormAction $actions All of the action buttons in the form - a {@link FieldList} of {@link FormAction} objects * @param bool $checkCurrentUser If set to TRUE, it will be checked if a the user is currently logged in, and if so, only a logout button will be rendered */ function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true) { $email_field_label = singleton('Member')->fieldLabel(Member::config()->unique_identifier_field); $email_field = TextField::create('Email', $email_field_label, null, null, $this)->setAttribute('autofocus', 'autofocus'); $password_field = PasswordField::create('Password', _t('Member.PASSWORD', 'Password')); $authentication_method_field = HiddenField::create('AuthenticationMethod', null, $this->authenticator_class, $this); $remember_me_field = CheckboxField::create('Remember', 'Remember me next time?', true); if ($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) { $fields = FieldList::create($authentication_method_field); $actions = FieldList::create(FormAction::create('logout', _t('Member.BUTTONLOGINOTHER', "Log in as someone else"))); } else { if (!$fields) { $fields = FieldList::create($authentication_method_field, $email_field, $password_field); if (Security::config()->remember_username) { $email_field->setValue(Session::get('SessionForms.MemberLoginForm.Email')); } else { // Some browsers won't respect this attribute unless it's added to the form $this->setAttribute('autocomplete', 'off'); $email_field->setAttribute('autocomplete', 'off'); } } if (!$actions) { $actions = FieldList::create(FormAction::create('doLogin', _t('Member.BUTTONLOGIN', "Log in")), new LiteralField('forgotPassword', '<p id="ForgotPassword"><a href="Security/lostpassword">' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>'), new LiteralField('resendEmail', '<p id="ResendEmail"><a href="Security/verify-email">' . _t('MemberEmailVerification.BUTTONLOSTVERIFICATIONEMAIL', "I've lost my verification email") . '</a></p>')); } } if (isset($_REQUEST['BackURL'])) { $fields->push(HiddenField::create('BackURL', 'BackURL', $_REQUEST['BackURL'])); } // Reduce attack surface by enforcing POST requests $this->setFormMethod('POST', true); parent::__construct($controller, $name, $fields, $actions); $this->setValidator(RequiredFields::create('Email', 'Password')); }
public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true) { if ($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) { } else { } $backURL = isset($_REQUEST['BackURL']) ? $_REQUEST['BackURL'] : Session::get('BackURL'); if (isset($backURL)) { $fields->push(new HiddenField('BackURL', 'BackURL', $backURL)); } return parent::__construct($controller, $name, $fields, $actions); }
public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true) { // This is now set on the class directly to make it easier to create subclasses // $this->authenticator_class = $authenticatorClassName; $customCSS = project() . '/css/member_login.css'; if (Director::fileExists($customCSS)) { Requirements::css($customCSS); } if (isset($_REQUEST['BackURL'])) { $backURL = $_REQUEST['BackURL']; } else { $backURL = Session::get('BackURL'); } if ($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) { $fields = new FieldList(new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this)); $actions = new FieldList(new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else"))); } else { if (!$fields) { $label = singleton('Member')->fieldLabel(Member::config()->unique_identifier_field); $fields = new FieldList(new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this), $emailField = new TextField("Email", $label, null, null, $this), new PasswordField("Password", _t('Member.PASSWORD', 'Password'))); if (Security::config()->remember_username) { $emailField->setValue(Session::get('SessionForms.MemberLoginForm.Email')); } else { // Some browsers won't respect this attribute unless it's added to the form $this->setAttribute('autocomplete', 'off'); $emailField->setAttribute('autocomplete', 'off'); } if (Security::config()->autologin_enabled) { $fields->push(new CheckboxField("Remember", _t('Member.REMEMBERME', "Remember me next time?"))); } } if (!$actions) { $actions = new FieldList(new FormAction('dologin', _t('Member.BUTTONLOGIN', "Log in")), new LiteralField('forgotPassword', '<p id="ForgotPassword"><a href="Security/lostpassword">' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>')); } } if (isset($backURL)) { $fields->push(new HiddenField('BackURL', 'BackURL', $backURL)); } // Reduce attack surface by enforcing POST requests $this->setFormMethod('POST', true); parent::__construct($controller, $name, $fields, $actions); $this->setValidator(new RequiredFields()); // Focus on the email input when the page is loaded $js = <<<JS \t\t\t(function() { \t\t\t\tvar el = document.getElementById("MemberLoginForm_LoginForm_Email"); \t\t\t\tif(el && el.focus && (typeof jQuery == 'undefined' || jQuery(el).is(':visible'))) el.focus(); \t\t\t})(); JS; Requirements::customScript($js, 'MemberLoginFormFieldFocus'); }
public function Fields() { if (!Session::get('TOTP.ID')) { return parent::Fields(); } $security_token = $this->getSecurityToken(); $fields = \FieldList::create(\TextField::create('TOTP', 'Security Token'), \HiddenField::create('BackURL', null, Session::get('BackURL')), \HiddenField::create($security_token->getName(), null, $security_token->getSecurityID())); foreach ($this->getExtraFields() as $field) { if (!$fields->fieldByName($field->getName())) { $fields->push($field); } } return $fields; }
public function __construct($controller = null, $name = null, $fields = null, $actions = null, $checkCurrentUser = true) { if (!$controller) { $controller = Controller::curr(); } if (!$name) { $name = "LoginForm"; } parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser); $this->Fields()->bootstrapify(); $this->Actions()->bootstrapify(); $this->setTemplate("BootstrapForm"); $this->invokeWithExtensions('updateBoostrapMemberLoginForm', $this); }
public function __construct($controller = null, $name = null, $fields = null, $actions = null, $checkCurrentUser = true) { if (!$controller) { $controller = Controller::curr(); } if (!$name) { $name = "LoginForm"; } parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser); $this->Fields()->bootstrapify(); $this->Actions()->bootstrapify(); $this->setTemplate("FoundationForm"); $this->invokeWithExtensions('updateFoundationMemberLoginForm', $this); Requirements::css(FOUNDATIONFORMS_DIR . '/css/foundationforms.css'); }
public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true) { if ($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) { $fields = new FieldList(new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this)); $actions = new FieldList(new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else"))); } else { $fields = new FieldList(new LiteralField('FacebookLoginIn', "<fb:login-button scope='" . $controller->getFacebookPermissions() . "'></fb:login-button>")); $actions = new FieldList(new LiteralField('FacebookLoginLink', "<!-- <a href='" . $controller->getFacebookLoginLink() . "'>" . _t('FacebookLoginForm.LOGIN', 'Login') . "</a> -->")); } $backURL = isset($_REQUEST['BackURL']) ? $_REQUEST['BackURL'] : Session::get('BackURL'); if (isset($backURL)) { $fields->push(new HiddenField('BackURL', 'BackURL', $backURL)); } return parent::__construct($controller, $name, $fields, $actions); }
/** * Constructor * * @param Controller $controller The parent controller, necessary to * create the appropriate form action tag. * @param string $name The method on the controller that will return this * form object. * @param FieldList|FormField $fields All of the fields in the form - a * {@link FieldList} of {@link FormField} * objects. * @param FieldList|FormAction $actions All of the action buttons in the * form - a {@link FieldList} of * {@link FormAction} objects * @param bool $checkCurrentUser If set to TRUE, it will be checked if a * the user is currently logged in, and if * so, only a logout button will be rendered * @param string $authenticatorClassName Name of the authenticator class that this form uses. */ function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true) { // This is now set on the class directly to make it easier to create subclasses // $this->authenticator_class = $authenticatorClassName; $customCSS = project() . '/css/member_login.css'; if (Director::fileExists($customCSS)) { Requirements::css($customCSS); } if (isset($_REQUEST['BackURL'])) { $_REQUEST['BackURL'] = str_replace("/RegistrationForm", "", $_REQUEST['BackURL']); $backURL = $_REQUEST['BackURL']; } else { if (strpos(Session::get('BackURL'), "/RegistrationForm") > 0) { Session::set('BackURL', str_replace("/RegistrationForm", "", Session::get('BackURL'))); } $backURL = str_replace("/RegistrationForm", "", Session::get('BackURL')); } if ($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) { $fields = new FieldList(new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this)); $actions = new FieldList(new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else"))); } else { if (!$fields) { $label = singleton('Member')->fieldLabel(Member::get_unique_identifier_field()); $fields = new FieldList(new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this), new TextField("Email", $label, Session::get('SessionForms.MemberLoginForm.Email'), null, $this), new PasswordField("Password", _t('Member.PASSWORD', 'Password'))); if (Security::$autologin_enabled) { $fields->push(new CheckboxField("Remember", _t('Member.REMEMBERME', "Remember me next time?"))); } } if (!$actions) { $actions = new FieldList(new FormAction('dologin', _t('Member.BUTTONLOGIN', "Log in")), new LiteralField('forgotPassword', '<p id="ForgotPassword"><a href="Security/lostpassword">' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>'), new LiteralField('resendEmail', '<p id="ResendEmail"><a href="Security/verifyemail">' . _t('EmailVerifiedMember.BUTTONRESENDEMAIL', "I've lost my verification email") . '</a></p>')); } } if (isset($backURL)) { $fields->push(new HiddenField('BackURL', 'BackURL', $backURL)); } parent::__construct($controller, $name, $fields, $actions); // Focus on the email input when the page is loaded // Only include this if other form JS validation is enabled /* if($this->getValidator()->getJavascriptValidationHandler() != 'none') { Requirements::customScript(<<<JS (function() { var el = document.getElementById("MemberLoginForm_LoginForm_Email"); if(el && el.focus) el.focus(); })(); JS ); }*/ }
public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true) { parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser); if ($this->Actions()->fieldByName('forgotPassword')) { // replaceField won't work, since it's a dataless field $this->Actions()->removeByName('forgotPassword'); $this->Actions()->push(new LiteralField('forgotPassword', '<p id="ForgotPassword"><a href="AdminSecurity/lostpassword">' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>')); } Requirements::customScript(<<<'JS' (function() { var el = document.getElementById("AdminLoginForm_LoginForm_Email"); if(el && el.focus) el.focus(); })(); JS ); }
public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true) { $form_action_url = Controller::join_links(BASE_URL, "Security", $name); $lost_password_url = Controller::join_links(BASE_URL, "Security", "lostpassword"); if (isset($_REQUEST['BackURL'])) { $backURL = $_REQUEST['BackURL']; } else { $backURL = Session::get('BackURL'); } $fields = new FieldList(HiddenField::create("AuthenticationMethod", null, $this->authenticator_class, $this), TextField::create('Identity', 'Username or Email'), PasswordField::create("Password", _t('Member.PASSWORD', 'Password'))); if (Security::config()->autologin_enabled) { $fields->push(new CheckboxField("Remember", _t('Member.REMEMBERME', "Remember me?"))); } $actions = new FieldList(FormAction::create('dologin', 'Login'), LiteralField::create('forgotPassword', '<p id="ForgotPassword"><a href="' . $lost_password_url . '">' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>')); // LoginForm does its magic parent::__construct($controller, $name, $fields, $actions); $this->setAttribute("action", $form_action_url); }
public function Fields() { if (!Session::get('TOTP.ID')) { return parent::Fields(); } $actions = $this->Actions(); $field = $actions->fieldByName('action_forgotPassword'); if ($field) { return parent::Fields(); } $fields = \FieldList::create(\TextField::create('TOTP', 'Security Token'), \HiddenField::create('BackURL', null, Session::get('BackURL'))); foreach ($this->getExtraFields() as $field) { if (!$fields->fieldByName($field->getName())) { $fields->push($field); } } return $fields; }
public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true) { parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser); $this->fields->renameField('Email', 'Username'); }
/** * Factory method for the lost password form * * @return Form Returns the lost password form */ public function LostPasswordForm() { return MemberLoginForm::create($this, 'LostPasswordForm', new FieldList(new EmailField('Email', _t('Member.EMAIL', 'Email'))), new FieldList(new FormAction('forgotPassword', _t('Security.BUTTONSEND', 'Send me the password reset link'))), false); }
public function dologin($data) { parent::dologin($data); $this->controller->response->removeHeader('Location'); Director::redirect(Director::baseURL() . "assets/membership"); }
public function LoginForm() { $form = MemberLoginForm::create($this->owner, 'LoginForm'); $this->owner->extend('updateLoginForm', $form); return $form; }
/** * Method that creates the login form for this authentication method * * @param Controller The parent controller, necessary to create the * appropriate form action tag * @return Form Returns the login form to use with this authentication * method */ public static function get_login_form(Controller $controller) { return MemberLoginForm::create($controller, "LoginForm"); }
/** * Get message from session */ protected function getMessageFromSession() { parent::getMessageFromSession(); $this->message = ''; }