/**
* Действие для авторизации пользователя
*/
public function action_login()
{
// Already logged in
\Auth::check() and \Response::redirect('admin/articles');
$val = \Validation::forge();
if (\Input::method() == 'POST') {
$val->add('email', 'Логин')->add_rule('required');
$val->add('password', 'Пароль')->add_rule('required');
if ($val->run()) {
$auth = \Auth::instance();
// check the credentials. This assumes that you have the previous table created
if (\Auth::check() or $auth->login(\Input::post('email'), \Input::post('password'))) {
// credentials ok, go right in
if (\Config::get('auth.driver', 'Simpleauth') == 'Ormauth') {
$current_user = \Model\Auth_User::find_by_username(\Auth::get_screen_name());
} else {
$current_user = \Model_User::find_by_username(\Auth::get_screen_name());
}
\Session::set_flash('success', 'Добро пожаловать, <b>' . $current_user->username . '</b>');
\Response::redirect('admin/articles');
} else {
\Session::set_flash('error', 'Неверная комбинация логина и пароля.');
}
}
}
$this->template->title = 'Авторизация';
$this->template->content = \View::forge('login', array('val' => $val), false);
}
public function action_recover($hash = null)
{
if (Input::Method() === "POST") {
if ($user = \Model\Auth_User::find_by_email(Input::POST('email'))) {
// generate a recovery hash
$hash = \Auth::instance()->hash_password(\Str::random()) . $user->id;
// and store it in the user profile
\Auth::update_user(array('lostpassword_hash' => $hash, 'lostpassword_created' => time()), $user->username);
// send an email out with a reset link
\Package::load('email');
$email = \Email::forge();
$html = 'Your password recovery link <a href="' . Uri::Create('login/recover/' . $hash) . '">Recover My Password!</a>';
// use a view file to generate the email message
$email->html_body($html);
// give it a subject
$email->subject(\Settings::Get('site_name') . ' Password Recovery');
// GET ADMIN EMAIL FROM SETTINGS?
$admin_email = Settings::get('admin_email');
if (empty($admin_email) === false) {
$from = $admin_email;
} else {
$from = 'support@' . str_replace('http:', '', str_replace('/', '', Uri::Base(false)));
}
$email->from($from);
$email->to($user->email, $user->fullname);
// and off it goes (if all goes well)!
try {
// send the email
$email->send();
Session::set('success', 'Email has been sent to ' . $user->email . '! Please check your spam folder!');
} catch (\Exception $e) {
Session::Set('error', 'We failed to send the eamil , contact ' . $admin_email);
\Response::redirect_back();
}
} else {
Session::Set('error', 'Sorry there is not a matching email!');
}
} elseif (empty($hash) === false) {
$hash = str_replace(Uri::Create('login/recover/'), '', Uri::current());
$user = substr($hash, 44);
if ($user = \Model\Auth_User::find_by_id($user)) {
// do we have this hash for this user, and hasn't it expired yet , must be within 24 hours
if (isset($user->lostpassword_hash) and $user->lostpassword_hash == $hash and time() - $user->lostpassword_created < 86400) {
// invalidate the hash
\Auth::update_user(array('lostpassword_hash' => null, 'lostpassword_created' => null), $user->username);
// log the user in and go to the profile to change the password
if (\Auth::instance()->force_login($user->id)) {
Session::Set('current_password', Auth::reset_password($user->username));
Response::Redirect(Uri::Create('user/settings'));
}
}
}
Session::Set('error', 'Invalid Hash!');
}
$this->template->content = View::forge('login/recover');
}
public static function get_users($pagination = null)
{
$term = Input::GET('search');
$results = \Model\Auth_User::query()->related('metadata')->where('username', 'LIKE', '%' . $term . '%')->or_where('email', 'LIKE', '%' . $term . '%')->or_where_open()->where('metadata.value', 'LIKE', '%' . $term . '%')->where('metadata.key', 'fullname')->or_where_close();
if (empty($pagination) === false) {
$results = $results->rows_offset($pagination->offset)->rows_limit($pagination->per_page)->get();
} else {
$results = $results->count();
}
return $results;
}
public function before()
{
parent::before();
\Config::load('Admin::config');
// Assign current_user to the instance so controllers can use it
if (\Config::get('auth.driver', 'Simpleauth') == 'Ormauth') {
$this->current_user = \Auth::check() ? \Model\Auth_User::find_by_username(\Auth::get_screen_name()) : null;
} else {
$this->current_user = \Auth::check() ? \Model_User::find_by_username(\Auth::get_screen_name()) : null;
}
// Set a global variable so views can use it
\View::set_global('current_user', $this->current_user);
}
public function action_recover($hash = null)
{
/*
* https://myturbotax.intuit.com/account-recovery?offering_id=Intuit.cg.myturbotax&username=daniel.rodas1&locale=en-Us&offering_env=prd&confirmation_id=910855&namespace_id=50000003
*/
//email use a link
// was the lostpassword form posted?
if (\Input::method() == 'POST') {
// do we have a posted email address?
if ($email = \Input::post('email')) {
// do we know this user?
if ($user = \Model\Auth_User::find_by_email($email)) {
// generate a recovery hash
$hash = \Auth::instance()->hash_password(\Str::random()) . $user->id;
// and store it in the user profile
\Auth::update_user(array('lostpassword_hash' => $hash, 'lostpassword_created' => time()), $user->username);
\Package::load('email');
$email = \Email::forge();
$data = array();
$hash = Crypt::encode($hash, 'R@nd0mK~Y');
$data['url'] = \Uri::create('user/password/recover/' . $hash);
$data['user'] = $user;
// use a view file to generate the email message
$email->html_body(View::forge('user/password/email', $data));
// give it a subject
$email->subject('RN | WJS Password Recovery');
// $email->subject(__('user.login.password-recovery'));
// add from- and to address
// $from = \Config::get('application.email-addresses.from.website');
// $from = array('email' => '*****@*****.**', 'name' => 'RN | Wall Street Journal');
// $email->from($from['email']);
$email->from('*****@*****.**');
$email->to($user->email);
// and off it goes (if all goes well)!
try {
// send the email
// $email->send();
\Messages::success('Please check your email for instructions to reset your password');
// \Messages::success(__('user.login.recovery-email-send'));
\Response::redirect('user/password/confirm/' . $user->id);
} catch (\EmailValidationFailedException $e) {
\Messages::error('INVALID EMAIL !');
\Messages::error($e->getMessage());
// \Messages::error(__('user.login.invalid-email-address'));
\Response::redirect_back();
} catch (\Exception $e) {
// log the error so an administrator can have a look
logger(\Fuel::L_ERROR, '*** Error sending email (' . __FILE__ . '#' . __LINE__ . '): ' . $e->getMessage());
// \Messages::error($e->getMessage());
\Messages::error('ERROR SENDING EMAIL !');
// \Messages::error(__('user.login.error-sending-email'));
}
}
} else {
// inform the user and fall through to the form
\Messages::error(__('user.login.error-missing-email'));
}
// inform the user an email is on the way (or not ;-))
\Messages::info(__('user.login.recovery-email-send'));
\Response::redirect_back();
} elseif ($hash !== null) {
$hash = Crypt::decode($hash, 'R@nd0mK~Y');
// get the userid from the hash
$user = substr($hash, 44);
// and find the user with this id
if ($user = \Model\Auth_User::find_by_id($user)) {
// do we have this hash for this user, and hasn't it expired yet (we allow for 24 hours response)?
if (isset($user->lostpassword_hash) and $user->lostpassword_hash == $hash and time() - $user->lostpassword_created < 86400) {
// invalidate the hash
\Auth::update_user(array('lostpassword_hash' => null, 'lostpassword_created' => null), $user->username);
// log the user in and go to the profile to change the password
if (\Auth::instance()->force_login($user->id)) {
// \Messages::info('LOGGED IN');
$tempPass = \Auth::instance()->reset_password($user->username);
if ($tempPass) {
// \Messages::info(__('user.login.password-recovery-accepted'));
\Messages::info("Your temporary password is : {$tempPass} ");
\Response::redirect('backend/account/index/password');
} else {
return 'Something went wrong resetting password';
// something wrong with the hash
// \Messages::error(__('user.login.recovery-hash-invalid'));
// \Response::redirect_back();
}
}
}
}
// something wrong with the hash
\Messages::error(__('user.login.recovery-hash-invalid'));
\Response::redirect_back();
} else {
// display the login page
$this->template->content = View::forge('user/password/recover');
}
}
/**
* Check for login
*
* @return bool
*/
protected function perform_check()
{
// get the username and login hash from the session
$username = \Session::get('username');
$login_hash = \Session::get('login_hash');
// only worth checking if there's both a username and login-hash
if (!empty($username) and !empty($login_hash)) {
// if we don't have a user, or we're logging in from guest mode
if (is_null($this->user) or $this->user->username != $username and $this->user->id == 0) {
// find the user
$this->user = \Model\Auth_User::query()->select(\Config::get('ormauth.table_columns', array()))->related('metadata')->where('username', '=', $username)->get_one();
}
// return true when login was verified, and either the hash matches or multiple logins are allowed
if ($this->user and (\Config::get('ormauth.multiple_logins', false) or $this->user['login_hash'] === $login_hash)) {
return true;
}
} elseif (static::$remember_me and $user_id = static::$remember_me->get('user_id', null)) {
return $this->force_login($user_id);
}
//var_dump(static::$remember_me);die();
// force a logout
$this->logout();
return false;
}
public function view()
{
$this->users = \Model\Auth_User::find('all', ['where' => [['id', '>', 0]]]);
}