Ejemplo n.º 1
0
 /**
  * Handle POST requests (adds $currentUser Person to the session).
  *
  * @param Alpha\Util\Http\Request $request
  *
  * @return Alpha\Util\Http\Response
  *
  * @throws Alpha\Exception\IllegalArguementException
  *
  * @since 1.0
  */
 public function doPOST($request)
 {
     self::$logger->debug('>>doPOST($request=[' . var_export($request, true) . '])');
     $params = $request->getParams();
     if (!is_array($params)) {
         throw new IllegalArguementException('Bad $params [' . var_export($params, true) . '] passed to doPOST method!');
     }
     $config = ConfigProvider::getInstance();
     $body = '';
     try {
         // check the hidden security fields before accepting the form POST data
         if (!$this->checkSecurityFields()) {
             throw new SecurityException('This page cannot accept post data from remote servers!');
         }
         if (isset($params['loginBut'])) {
             // if the database has not been set up yet, accept a login from the config admin username/password
             if (!ActiveRecord::isInstalled()) {
                 if ($params['email'] == $config->get('app.install.username') && password_verify($params['password'], password_hash($config->get('app.install.password'), PASSWORD_DEFAULT, ['cost' => 12]))) {
                     self::$logger->info('Logging in [' . $params['email'] . '] at [' . date('Y-m-d H:i:s') . ']');
                     $admin = new Person();
                     $admin->set('displayName', 'Admin');
                     $admin->set('email', $params['email']);
                     $admin->set('password', password_hash($params['password'], PASSWORD_DEFAULT, ['cost' => 12]));
                     $admin->set('OID', '00000000001');
                     $sessionProvider = $config->get('session.provider.name');
                     $session = SessionProviderFactory::getInstance($sessionProvider);
                     $session->set('currentUser', $admin);
                     $response = new Response(301);
                     if ($this->getNextJob() != '') {
                         $response->redirect(FrontController::generateSecureURL('act=' . $this->getNextJob()));
                         $this->clearUnitOfWorkAttributes();
                     } else {
                         $response->redirect(FrontController::generateSecureURL('act=InstallController'));
                     }
                     return $response;
                 } else {
                     throw new ValidationException('Failed to login user ' . $params['email'] . ', the password is incorrect!');
                 }
             } else {
                 // here we are attempting to load the person from the email address
                 $this->personObject->loadByAttribute('email', $params['email'], true);
                 ActiveRecord::disconnect();
                 // checking to see if the account has been disabled
                 if (!$this->personObject->isTransient() && $this->personObject->get('state') == 'Disabled') {
                     throw new SecurityException('Failed to login user ' . $params['email'] . ', that account has been disabled!');
                 }
                 // check the password
                 return $this->doLoginAndRedirect($params['password']);
             }
             $body .= View::displayPageHead($this);
             $body .= $this->personView->displayLoginForm();
         }
         if (isset($params['resetBut'])) {
             // here we are attempting to load the person from the email address
             $this->personObject->loadByAttribute('email', $params['email']);
             ActiveRecord::disconnect();
             // generate a new random password
             $newPassword = $this->personObject->generatePassword();
             // now encrypt and save the new password, then e-mail the user
             $this->personObject->set('password', password_hash($newPassword, PASSWORD_DEFAULT, ['cost' => 12]));
             $this->personObject->save();
             $message = 'The password for your account has been reset to ' . $newPassword . ' as you requested.  You can now login to the site using your ' . 'e-mail address and this new password as before.';
             $subject = 'Password change request';
             $this->personObject->sendMail($message, $subject);
             $body .= View::displayUpdateMessage('The password for the user <strong>' . $params['email'] . '</strong> has been reset, and the new password ' . 'has been sent to that e-mail address.');
             $body .= '<a href="' . $config->get('app.url') . '">Home Page</a>';
         }
     } catch (ValidationException $e) {
         $body .= View::displayPageHead($this);
         $body .= View::displayErrorMessage($e->getMessage());
         if (isset($params['reset'])) {
             $body .= $this->personView->displayResetForm();
         } else {
             $body .= $this->personView->displayLoginForm();
         }
         self::$logger->warn($e->getMessage());
     } catch (SecurityException $e) {
         $body .= View::displayPageHead($this);
         $body .= View::displayErrorMessage($e->getMessage());
         self::$logger->warn($e->getMessage());
     } catch (RecordNotFoundException $e) {
         $body .= View::displayPageHead($this);
         $body .= View::displayErrorMessage('Failed to find the user \'' . $params['email'] . '\'');
         if (isset($params['reset'])) {
             $body .= $this->personView->displayResetForm();
         } else {
             $body .= $this->personView->displayLoginForm();
         }
         self::$logger->warn($e->getMessage());
     }
     $body .= View::displayPageFoot($this);
     self::$logger->debug('<<doPOST');
     return new Response(200, $body, array('Content-Type' => 'text/html'));
 }