Ejemplo n.º 1
0
 public function action_index()
 {
     // log out.
     \Model_Accounts::logout();
     // go back
     if (\Input::referrer() != null && \Input::referrer() != \Uri::main()) {
         \Response::redirect(\Input::referrer());
     } else {
         \Response::redirect(\Uri::base());
     }
 }
Ejemplo n.º 2
0
 public function action_index()
 {
     // load language
     \Lang::load('account');
     // is user logged in?
     if (\Model_Accounts::isMemberLogin() == false) {
         \Response::redirect(\Uri::create('account/login') . '?rdr=' . urlencode(\Uri::main()));
     }
     // load config from db.
     $cfg_values = array('allow_avatar', 'avatar_size', 'avatar_allowed_types');
     $config = \Model_Config::getvalues($cfg_values);
     $output['config'] = $config;
     // set config data to display in view file.
     $output['allow_avatar'] = $config['allow_avatar']['value'];
     $output['avatar_size'] = $config['avatar_size']['value'];
     $output['avatar_allowed_types'] = $config['avatar_allowed_types']['value'];
     unset($cfg_values);
     // read flash message for display errors. this is REQUIRED if you coding the check login with simultaneous login detection on.
     $form_status = \Session::get_flash('form_status');
     if (isset($form_status['form_status']) && isset($form_status['form_status_message'])) {
         $output['form_status'] = $form_status['form_status'];
         $output['form_status_message'] = $form_status['form_status_message'];
     }
     unset($form_status);
     // get account id
     $cookie_account = \Model_Accounts::forge()->getAccountCookie();
     // get account data
     $query = \Model_Accounts::query()->where('account_id', $cookie_account['account_id'])->where('account_username', $cookie_account['account_username'])->where('account_email', $cookie_account['account_email']);
     if ($query->count() > 0) {
         // found
         $row = $query->get_one();
         $output['row'] = $row;
         // loop set data for display in form.
         foreach ($row as $key => $field) {
             $output[$key] = $field;
         }
         // get account_fields data of current user and send to views form
         // to access data from view, use $account_field['field_name']. for example: the field_name is phone, just use $account_field['phone'];
         $account_fields = \Model_AccountFields::getData($cookie_account['account_id']);
         if ($account_fields->count() > 0) {
             foreach ($account_fields as $af) {
                 $output['account_field'][$af->field_name] = \Extension\Str::isJsonFormat($af->field_value) ? json_decode($af->field_value, true) : $af->field_value;
             }
         }
         unset($account_fields, $af);
         // get timezone list to display.
         \Config::load('timezone', 'timezone');
         $output['timezone_list'] = \Config::get('timezone.timezone', array());
         unset($query);
     } else {
         // not found account.
         unset($cookie_account, $query);
         \Model_Accounts::logout();
         \Response::redirect(\Uri::create('account/login') . '?rdr=' . urlencode(\Uri::main()));
     }
     // if form submitted
     if (\Input::method() == 'POST') {
         // store data for save to db.
         $data['account_id'] = $cookie_account['account_id'];
         $data['account_username'] = $cookie_account['account_username'];
         //trim(\Input::post('account_username'));//no, do not edit username.
         $data['account_old_email'] = $cookie_account['account_email'];
         $data['account_email'] = \Security::strip_tags(trim(\Input::post('account_email')));
         $data['account_password'] = trim(\Input::post('account_password'));
         $data['account_new_password'] = trim(\Input::post('account_new_password'));
         $data['account_display_name'] = \Security::htmlentities(\Input::post('account_display_name'));
         $data['account_firstname'] = \Security::htmlentities(trim(\Input::post('account_firstname', null)));
         if ($data['account_firstname'] == null) {
             $data['account_firstname'] = null;
         }
         $data['account_middlename'] = \Security::htmlentities(trim(\Input::post('account_middlename', null)));
         if ($data['account_middlename'] == null) {
             $data['account_middlename'] = null;
         }
         $data['account_lastname'] = \Security::htmlentities(trim(\Input::post('account_lastname', null)));
         if ($data['account_lastname'] == null) {
             $data['account_lastname'] = null;
         }
         $data['account_birthdate'] = \Security::strip_tags(trim(\Input::post('account_birthdate', null)));
         if ($data['account_birthdate'] == null) {
             $data['account_birthdate'] = null;
         }
         $data['account_signature'] = \Security::htmlentities(trim(\Input::post('account_signature', null)));
         if ($data['account_signature'] == null) {
             $data['account_signature'] = null;
         }
         $data['account_timezone'] = \Security::strip_tags(trim(\Input::post('account_timezone')));
         $data['account_language'] = \Security::strip_tags(trim(\Input::post('account_language', null)));
         if ($data['account_language'] == null) {
             $data['account_language'] = null;
         }
         // store data for account_fields
         $data_field = array();
         if (is_array(\Input::post('account_field'))) {
             foreach (\Input::post('account_field') as $field_name => $field_value) {
                 if (is_string($field_name)) {
                     if (is_array($field_value)) {
                         $field_value = json_encode($field_value);
                     }
                     $data_field[$field_name] = $field_value;
                 }
             }
         }
         unset($field_name, $field_value);
         // validate form.
         $validate = \Validation::forge();
         $validate->add_callable(new \Extension\FsValidate());
         //$validate->add('account_username', \Lang::get('account_username'), array(), array('required', 'noSpaceBetweenText'));//no, do not edit username.
         $validate->add('account_email', \Lang::get('account_email'), array(), array('required', 'valid_email'));
         $validate->add('account_display_name', \Lang::get('account_display_name'), array(), array('required'));
         $validate->add('account_birthdate', \Lang::get('account_birthdate'))->add_rule('valid_date', 'Y-m-d');
         $validate->add('account_timezone', \Lang::get('account_timezone'), array(), array('required'));
         if (!\Extension\NoCsrf::check()) {
             // validate token failed
             $output['form_status'] = 'error';
             $output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
         } elseif (!$validate->run()) {
             // validate failed
             $output['form_status'] = 'error';
             $output['form_status_message'] = $validate->show_errors();
         } else {
             // save
             $result = \Model_accounts::memberEditProfile($data, $data_field);
             if ($result === true) {
                 if (\Session::get_flash('form_status', null, false) == null) {
                     \Session::set_flash('form_status', array('form_status' => 'success', 'form_status_message' => \Lang::get('account_saved')));
                 }
                 \Response::redirect(\Uri::main());
             } else {
                 $output['form_status'] = 'error';
                 $output['form_status_message'] = $result;
             }
         }
         // re-populate form
         //$output['account_username'] = trim(\Input::post('account_username'));//no, do not edit username.
         $output['account_email'] = trim(\Input::post('account_email'));
         $output['account_display_name'] = trim(\Input::post('account_display_name'));
         $output['account_firstname'] = trim(\Input::post('account_firstname'));
         $output['account_middlename'] = trim(\Input::post('account_middlename'));
         $output['account_lastname'] = trim(\Input::post('account_lastname'));
         $output['account_birthdate'] = trim(\Input::post('account_birthdate'));
         $output['account_signature'] = trim(\Input::post('account_signature'));
         $output['account_timezone'] = trim(\Input::post('account_timezone'));
         $output['account_language'] = trim(\Input::post('account_language'));
         // re-populate form for account fields
         if (is_array(\Input::post('account_field'))) {
             foreach (\Input::post('account_field') as $field_name => $field_value) {
                 if (is_string($field_name)) {
                     $output['account_field'][$field_name] = $field_value;
                 }
             }
         }
         unset($field_name, $field_value);
     }
     // clear variables
     unset($cookie_account, $data, $result);
     // <head> output ----------------------------------------------------------------------------------------------
     $output['page_title'] = $this->generateTitle(\Lang::get('account_edit'));
     // <head> output ----------------------------------------------------------------------------------------------
     return $this->generatePage('front/templates/account/edit_v', $output, false);
 }
Ejemplo n.º 3
0
 public function action_index()
 {
     // load language
     \Lang::load('account');
     // load config from db.
     $cfg_values = array('member_max_login_fail', 'member_login_fail_wait_time');
     $config = Model_Config::getvalues($cfg_values);
     $output['config'] = $config;
     unset($cfg_values);
     // set login redirect referer.
     if (\Input::referrer() != null && \Input::referrer() != \Uri::main()) {
         $output['go_to'] = urlencode(\Input::referrer());
     }
     if (\Input::get('rdr') != null) {
         $output['go_to'] = urlencode(\Input::get('rdr'));
     }
     // read flash message for display errors. this is REQUIRED if you coding the check login with simultaneous login detection on.
     // this is REQUIRED in login page. because failed 'is login' check will redirect to here.
     $form_status = \Session::get_flash('form_status');
     if (isset($form_status['form_status']) && isset($form_status['form_status_message'])) {
         $output['form_status'] = $form_status['form_status'];
         $output['form_status_message'] = $form_status['form_status_message'];
     }
     unset($form_status);
     // count login fail and show captcha.
     if (\Session::get('login_all_fail_count', '0') >= $this->login_fail_time_show_captcha || \Session::get('show_captcha', false) === true) {
         $output['show_captcha'] = true;
         // if last time login failed is over wait time, reset it
         if ((time() - \Session::get('login_all_fail_time', time())) / 60 > $config['member_login_fail_wait_time']['value']) {
             // reset captcha requirement and wait time.
             \Session::set('login_all_fail_count', \Session::get('login_all_fail_count') - ($this->login_fail_time_show_captcha + 1));
             // do not reset this, just reduce to fail time show captcha+1. doing this to prevent brute force attack.
             \Session::delete('login_all_fail_time');
             \Session::delete('show_captcha');
         }
     }
     // if form submitted --------------------------------------------------------------------------------------------
     if (\Input::method() == 'POST') {
         // store data for login
         $data['account_identity'] = trim(\Input::post('account_identity'));
         if (strpos($data['account_identity'], '@') === false) {
             $data['account_username'] = $data['account_identity'];
         } else {
             $data['account_email'] = $data['account_identity'];
         }
         $data['account_password'] = trim(\Input::post('account_password'));
         // validate form.
         $validate = \Validation::forge();
         // check username or email required
         $validate->add('account_identity', \Lang::get('account_username_or_email'), array(), array('required'));
         $validate->add('account_password', \Lang::get('account_password'), array(), array('required'));
         if (!\Extension\NoCsrf::check()) {
             // validate token failed
             $output['form_status'] = 'error';
             $output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token');
             // if ajax request, return error message.
             if (\Input::is_ajax()) {
                 unset($output['config']);
                 $response = new \Response();
                 $response->set_header('Content-Type', 'application/json');
                 $response->body(json_encode($output));
                 return $response;
             }
         } elseif (!$validate->run()) {
             // validate failed
             $output['form_status'] = 'error';
             $output['form_status_message'] = $validate->show_errors();
             // if ajax request, return error message.
             if (\Input::is_ajax()) {
                 unset($output['config']);
                 $response = new \Response();
                 $response->set_header('Content-Type', 'application/json');
                 $response->body(json_encode($output));
                 return $response;
             }
         } else {
             // logout to clear old cookie and login session before try login
             \Model_Accounts::logout();
             // count login failed and wait if it was exceed max failed allowed.
             if (\Session::get('login_all_fail_count', '0') > $config['member_max_login_fail']['value'] && (time() - \Session::get('login_all_fail_time', time())) / 60 <= $config['member_login_fail_wait_time']['value']) {
                 // continuous login failed over max fail limit.
                 $result = Lang::get('account_login_failed_too_many', array('wait_minute' => $config['member_login_fail_wait_time']['value'], 'wait_til_time' => date('d F Y H:i:s', time() + $config['member_login_fail_wait_time']['value'] * 60)));
             } else {
                 // not reach maximum limit
                 // check if show captcha
                 if (isset($output['show_captcha']) && $output['show_captcha'] === true) {
                     include APPPATH . 'vendor' . DS . 'securimage' . DS . 'securimage.php';
                     $securimage = new \Securimage();
                     if ($securimage->check(\Input::post('captcha')) == false) {
                         $result = \Lang::get('account_wrong_captcha_code');
                     }
                 }
                 // try to login. ---------------------------------------------
                 if (!isset($result) || isset($result) && $result == null) {
                     $result = \Model_Accounts::memberLogin($data);
                 }
             }
             // check login result ----------------------------------------------
             if ($result === true) {
                 // success
                 $all_fail_count = 0;
                 \Session::delete('login_all_fail_count');
                 \Session::delete('login_all_fail_time');
                 \Session::delete('show_captcha');
                 if (\Input::is_ajax()) {
                     unset($output['config']);
                     $output['login_status'] = true;
                     $output['form_status'] = 'success';
                     $output['form_status_message'] = \Lang::get('account_login_success');
                     if (!isset($output['go_to'])) {
                         $output['go_to'] = \Uri::base();
                     } else {
                         $output['go_to'] = urldecode($output['go_to']);
                     }
                     $response = new \Response();
                     $response->set_header('Content-Type', 'application/json');
                     $response->body(json_encode($output));
                     return $response;
                 } else {
                     if (isset($output['go_to'])) {
                         \Response::redirect(urldecode($output['go_to']));
                     } else {
                         \Response::redirect(\Uri::base());
                     }
                 }
             } else {
                 // failed
                 $all_fail_count = \Session::get('login_all_fail_count', '0') + 1;
                 \Session::set('login_all_fail_count', $all_fail_count);
                 \Session::set('login_all_fail_time', time());
                 // if login fail count more than or equal to fail time show captcha
                 if ($all_fail_count >= $this->login_fail_time_show_captcha) {
                     $output['show_captcha'] = true;
                     \Session::set('show_captcha', true);
                 }
                 $output['form_status'] = 'error';
                 $output['form_status_message'] = $result;
                 if (\Input::is_ajax()) {
                     unset($output['config']);
                     $response = new \Response();
                     $response->set_header('Content-Type', 'application/json');
                     $response->body(json_encode($output));
                     return $response;
                 }
             }
         }
         // re-populate form
         $output['account_identity'] = $data['account_identity'];
     }
     // <head> output ----------------------------------------------------------------------------------------------
     $output['page_title'] = $this->generateTitle(\Lang::get('account_login'));
     // <head> output ----------------------------------------------------------------------------------------------
     return $this->generatePage('front/templates/account/login_v', $output, false);
 }