/**
  * @return string
  */
 public function changepassword()
 {
     $tmpPage = new Page();
     $tmpPage->Title = _t('Security.CHANGEPASSWORDHEADER', 'Change your password');
     $tmpPage->URLSegment = 'Security';
     $tmpPage->ID = -1;
     // Set the page ID to -1 so we dont get the top level pages as its children
     $controller = new Page_Controller($tmpPage);
     $controller->init();
     try {
         $former_hash = Session::get('AutoLoginHash');
         // if we have the token and the member redirect back to clear those values and avoid leaking
         // on referer header
         if (isset($_REQUEST['t']) && isset($_REQUEST['m'])) {
             // if we dont have a former autologin hash, generate it ...
             if (empty($former_hash)) {
                 $new_hash = $this->password_manager->verifyToken((int) @$_REQUEST['m'], @$_REQUEST['t']);
                 Session::set('AutoLoginHash', $new_hash);
             }
             return $this->redirect($this->Link('changepassword'));
         }
         if (!empty($former_hash)) {
             // Subsequent request after the "first load with hash"
             $customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.ENTERNEWPASSWORD', 'Please enter a new password.') . '</p>', 'Form' => $this->ChangePasswordForm()));
         } else {
             if (Member::currentUser()) {
                 // Logged in user requested a password change form.
                 $customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.CHANGEPASSWORDBELOW', 'You can change your password below.') . '</p>', 'Form' => $this->ChangePasswordForm()));
             } else {
                 self::permissionFailure($this, _t('Security.ERRORPASSWORDPERMISSION', 'You must be logged in in order to change your password!'));
                 return;
             }
         }
     } catch (InvalidPasswordResetLinkException $ex1) {
         $customisedController = $controller->customise(array('Content' => sprintf('<p>This link is no longer valid as a newer request for a password reset has been made. Please check your mailbox for the most recent link</p><p>You can request a new one <a href="%s">here', $this->Link('lostpassword'))));
     }
     return $customisedController->renderWith(array('Security_changepassword', 'Security', $this->stat('template_main'), 'ContentController'));
 }
Ejemplo n.º 2
0
 /**
  * Show the "change password" page
  *
  * @return string Returns the "change password" page as HTML code.
  */
 public function changepassword()
 {
     $tmpPage = new Page();
     $tmpPage->Title = _t('Security.CHANGEPASSWORDHEADER', 'Change your password');
     $tmpPage->URLSegment = 'Security';
     $controller = new Page_Controller($tmpPage);
     $controller->init();
     if (isset($_REQUEST['h']) && Member::autoLoginHash($_REQUEST['h'])) {
         // The auto login hash is valid, store it for the change password form
         Session::set('AutoLoginHash', $_REQUEST['h']);
         $customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.ENTERNEWPASSWORD', 'Please enter a new password.') . '</p>', 'Form' => $this->ChangePasswordForm()));
     } elseif (Member::currentUser()) {
         // let a logged in user change his password
         $customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.CHANGEPASSWORDBELOW', 'You can change your password below.') . '</p>', 'Form' => $this->ChangePasswordForm()));
     } else {
         // show an error message if the auto login hash is invalid and the
         // user is not logged in
         if (isset($_REQUEST['h'])) {
             $customisedController = $controller->customise(array('Content' => sprintf(_t('Security.NOTERESETLINKINVALID', "<p>The password reset link is invalid or expired.</p>\n" . '<p>You can request a new one <a href="%s">here</a> or change your password after you <a href="%s">logged in</a>.</p>'), $this->Link('lostpassword'), $this->link('login'))));
         } else {
             self::permissionFailure($this, _t('Security.ERRORPASSWORDPERMISSION', 'You must be logged in in order to change your password!'));
             return;
         }
     }
     //Controller::$currentController = $controller;
     return $customisedController->renderWith('Page');
 }
 /**
  * Validate the link clicked in email
  *
  * @param SS_HTTPRequest $request The SS_HTTPRequest for this action.
  * @return string Returns the "validated" page as HTML code.
  */
 public function validate($request)
 {
     $tmpPage = new Page();
     $tmpPage->Title = _t('EmailVerifiedMember.VERIFYEMAILHEADER', 'Verification link');
     $tmpPage->URLSegment = 'Security';
     $tmpPage->ID = -1;
     // Set the page ID to -1 so we dont get the top level pages as its children
     $controller = new Page_Controller($tmpPage);
     $controller->init();
     if ($request && ($member = DataObject::get_one('Member', "\"Email\" = '" . Convert::raw2sql($request->param('ID')) . "'"))) {
         if ($member->VerificationString == Convert::raw2sql($request->param('OtherID'))) {
             if (!$member->Verified) {
                 $member->Verified = true;
                 $member->write();
                 $member->sendmoderatoremail();
             }
             $config = SiteConfig::current_site_config();
             //Debug::Show($config);
             if ($config->Moderate) {
                 $nextAction = _t('EmailVerifiedMember.NEXTACTIONMODERATE', "You will be able to login after a moderator has approved your account.");
             } else {
                 $nextAction = _t('EmailVerifiedMember.NEXTACTIONLOGIN', "You can now <a href='security/login'>login</a> to the website.");
             }
             $customisedController = $controller->customise(array('Title' => _t('EmailVerifiedMember.ACCOUNTVERIFIEDTITLE', "Member account verified"), 'Content' => "<p>" . sprintf(_t('EmailVerifiedMember.EMAILVERIFIED', "Thank you %s! Your email account has been verified." . " " . $nextAction), $member->Name) . "</p>"));
             return $customisedController->renderWith(array('Security_validationsuccess', 'Security', $this->owner->stat('template_main'), 'ContentController'));
         }
     }
     // Verification failed
     $customisedController = $controller->customise(array('Title' => _t('EmailVerifiedMember.ACCOUNTVERIFIEDFAILTITLE', "Member email address verification failed"), 'Content' => "<p>" . sprintf(_t('EmailVerifiedMember.ACCOUNTVERIFIEDFAIL', "Member email address verification failed, either unknown email address or invalid verification string. Please ensure you copy and pasted the entire link."), $member->Name) . "</p>"));
     return $customisedController->renderWith(array('Security_validationfail', 'Security', $this->owner->stat('template_main'), 'ContentController'));
 }
 /**
  * Merge some arbitrary data in with this object. This method returns a {@link ViewableData_Customised} instance
  * with references to both this and the new custom data.
  *
  * Note that any fields you specify will take precedence over the fields on this object.
  * 
  * Adds custom product detail data when a product detail view is requested.
  * 
  * @param array $data Customised data
  * 
  * @return ViewableData_Customised
  * 
  * @author Sebastian Diel <*****@*****.**>
  * @since 27.07.2012
  */
 public function customise($data)
 {
     if ($this->isProductDetailView()) {
         $data = array_merge($data, $this->ProductDetailViewParams());
     }
     $customisedData = parent::customise($data);
     return $customisedData;
 }
Ejemplo n.º 5
0
 /**
  * Show the "change password" page.
  * This page can either be called directly by logged-in users
  * (in which case they need to provide their old password),
  * or through a link emailed through {@link lostpassword()}.
  * In this case no old password is required, authentication is ensured
  * through the Member.AutoLoginHash property.
  * 
  * @see ChangePasswordForm
  *
  * @return string Returns the "change password" page as HTML code.
  */
 public function changepassword()
 {
     $tmpPage = new Page();
     $tmpPage->Title = _t('Security.CHANGEPASSWORDHEADER', 'Change your password');
     $tmpPage->URLSegment = 'Security';
     $tmpPage->ID = -1;
     // Set the page ID to -1 so we dont get the top level pages as its children
     $controller = new Page_Controller($tmpPage);
     $controller->init();
     // Extract the member from the URL.
     $member = null;
     if (isset($_REQUEST['m'])) {
         $member = DataObject::get_by_id('Member', (int) $_REQUEST['m']);
     }
     // Check whether we are merely changin password, or resetting.
     if (isset($_REQUEST['t']) && $member && $member->validateAutoLoginToken($_REQUEST['t'])) {
         // On first valid password reset request redirect to the same URL without hash to avoid referrer leakage.
         // Store the hash for the change password form. Will be unset after reload within the ChangePasswordForm.
         Session::set('AutoLoginHash', $member->encryptWithUserSettings($_REQUEST['t']));
         return $this->redirect($this->Link('changepassword'));
     } elseif (Session::get('AutoLoginHash')) {
         // Subsequent request after the "first load with hash" (see previous if clause).
         $customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.ENTERNEWPASSWORD', 'Please enter a new password.') . '</p>', 'Form' => $this->ChangePasswordForm()));
     } elseif (Member::currentUser()) {
         // Logged in user requested a password change form.
         $customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.CHANGEPASSWORDBELOW', 'You can change your password below.') . '</p>', 'Form' => $this->ChangePasswordForm()));
     } else {
         // show an error message if the auto login token is invalid and the
         // user is not logged in
         if (!isset($_REQUEST['t']) || !$member) {
             $customisedController = $controller->customise(array('Content' => sprintf(_t('Security.NOTERESETLINKINVALID', '<p>The password reset link is invalid or expired.</p><p>You can request a new one <a href="%s">here</a> or change your password after you <a href="%s">logged in</a>.</p>'), $this->Link('lostpassword'), $this->link('login'))));
         } else {
             self::permissionFailure($this, _t('Security.ERRORPASSWORDPERMISSION', 'You must be logged in in order to change your password!'));
             return;
         }
     }
     return $customisedController->renderWith(array('Security_changepassword', 'Security', $this->stat('template_main'), 'ContentController'));
 }
 /**
  * Show the "change password" page.
  * This page can either be called directly by logged-in users
  * (in which case they need to provide their old password),
  * or through a link emailed through {@link lostpassword()}.
  * In this case no old password is required, authentication is ensured
  * through the Member.AutoLoginHash property.
  * 
  * @see ChangePasswordForm
  *
  * @return string Returns the "change password" page as HTML code.
  */
 public function changepassword()
 {
     $tmpPage = new Page();
     $tmpPage->Title = _t('Security.CHANGEPASSWORDHEADER', 'Change your password');
     $tmpPage->URLSegment = 'Security';
     $tmpPage->ID = -1;
     // Set the page ID to -1 so we dont get the top level pages as its children
     $controller = new Page_Controller($tmpPage);
     $controller->init();
     // First load with hash: Redirect to same URL without hash to avoid referer leakage
     if (isset($_REQUEST['h']) && Member::member_from_autologinhash($_REQUEST['h'])) {
         // The auto login hash is valid, store it for the change password form.
         // Temporary value, unset in ChangePasswordForm
         Session::set('AutoLoginHash', $_REQUEST['h']);
         return $this->redirect($this->Link('changepassword'));
         // Redirection target after "First load with hash"
     } elseif (Session::get('AutoLoginHash')) {
         $customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.ENTERNEWPASSWORD', 'Please enter a new password.') . '</p>', 'Form' => $this->ChangePasswordForm()));
     } elseif (Member::currentUser()) {
         // let a logged in user change his password
         $customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.CHANGEPASSWORDBELOW', 'You can change your password below.') . '</p>', 'Form' => $this->ChangePasswordForm()));
     } else {
         // show an error message if the auto login hash is invalid and the
         // user is not logged in
         if (isset($_REQUEST['h'])) {
             $customisedController = $controller->customise(array('Content' => sprintf(_t('Security.NOTERESETLINKINVALID', '<p>The password reset link is invalid or expired.</p><p>You can request a new one <a href="%s">here</a> or change your password after you <a href="%s">logged in</a>.</p>'), $this->Link('lostpassword'), $this->link('login'))));
         } else {
             self::permissionFailure($this, _t('Security.ERRORPASSWORDPERMISSION', 'You must be logged in in order to change your password!'));
             return;
         }
     }
     return $customisedController->renderWith(array('Security_changepassword', 'Security', $this->stat('template_main'), 'ContentController'));
 }
 public function usernamesent($request)
 {
     Requirements::javascript(THIRDPARTY_DIR . '/behaviour.js');
     Requirements::javascript(THIRDPARTY_DIR . '/loader.js');
     Requirements::javascript(THIRDPARTY_DIR . '/prototype.js');
     Requirements::javascript(THIRDPARTY_DIR . '/prototype_improvements.js');
     Requirements::javascript(THIRDPARTY_DIR . '/scriptaculous/effects.js');
     $tmpPage = new Page();
     $tmpPage->Title = _t('Security.LOSTPASSWORDHEADER');
     $tmpPage->URLSegment = 'UsernameSecurity';
     $tmpPage->ID = -1;
     $controller = new Page_Controller($tmpPage);
     $controller->init();
     $email = Session::get('ForgotEmail') ? Convert::raw2xml(Session::get('ForgotEmail')) : null;
     Session::clear('ForgotEmail');
     $customisedController = $controller->customise(array('Title' => _t('Security.USERNAMESENTHEADER', "Username sent"), 'Content' => "<p>" . sprintf(_t('Security.USERNAMESENTTEXT', "Username has been sent to: '%s'"), $email) . "</p>"));
     return $customisedController->renderWith(array('Security_passwordsent', 'Security', $this->stat('template_main')));
 }