/**
* Login action for authentication controller
*/
public function loginAction()
{
$translate = Zend_Registry::get('Zend_Translate');
try {
$auth = Zend_Auth::getInstance();
$identity = $auth->getIdentity();
$role = $auth->hasIdentity() ? $auth->getIdentity()->role_id : 3;
$frmLogin = new Acl_Form_Login();
$this->view->identity = $role != 3 ? $identity : null;
$frmLogin->setAction($this->_request->getBaseUrl() . '/login');
$this->view->frmLogin = $frmLogin;
if ($this->getRequest()->isPost()) {
if ($frmLogin->isValid($this->getRequest()->getParams())) {
$mdlAccount = new Acl_Model_Account();
$objAccount = $mdlAccount->createRow($frmLogin->getValues());
$objAccount->password = $objAccount->password;
if ($mdlAccount->Login($objAccount)) {
$role = $auth->getInstance()->getIdentity()->role_id;
if ($role < 3) {
// is root or super administrator
}
$this->redirect('login');
} else {
throw new Exception($translate->translate("ACL_ACCESS_DENIED"));
}
} else {
/*$msgs = "";
$ErrorMsgsForm = $frmLogin->getMessages();
foreach ( $ErrorMsgsForm as $errorMsg ) {
foreach ( $errorMsg as $key => $value ) {
$msgs .= $value."<br>";
}
}
throw new Exception($msgs);*/
/*
* /!\ Warning
* si se lanza una excepcion aca entonces los widgets tendran problemas cuando esta accion sea usada como widget
* este form de login deberia apuntar a una nueva accion llamada validate o algo similar
* toda funcion usada como widget que traiga consigo un form debe tener como action una funcion distinta para evitar
* este problema.
* /!\ To do
* Anybody wants to take this enhacement-issue?
* */
}
}
$fields = array();
foreach ($frmLogin->getElements() as $element) {
$fields[] = $element->getName();
}
$frmLogin->addDisplayGroup($fields, 'form', array('legend' => "ACL_LOGIN"));
} catch (Exception $e) {
$this->_helper->flashMessenger->addMessage(array('type' => 'error', 'header' => '', 'message' => $e->getMessage()));
$this->redirect('login');
#echo $e->getMessage();
}
}
/**
* Login function authentication system
* @param Zend_Db_Table_Row $account
* @return boolean
*/
function Login(Zend_Db_Table_Row $account)
{
$select = $this->select()->where('email=?', $account->email)->limit(1);
$row = $this->fetchRow($select);
// set up the auth adapter
$db = Acl_Model_Account::getDefaultAdapter();
$authAdapter = new OS_Application_Adapter_Auth($account->email, $account->password);
$authAdapter = new Zend_Auth_Adapter_DbTable($db);
$authAdapter->setTableName($this->_name)->setIdentityColumn('email')->setCredentialColumn('password')->setCredentialTreatment('block = 0');
#->setCredentialTreatment('MD5(?) and block = 0');
$authAdapter->setIdentity($account->email);
$authAdapter->setCredential(crypt($account->password, $row->password));
$result = $authAdapter->authenticate();
Zend_Session::regenerateId();
if ($result->isValid()) {
$auth = Zend_Auth::getInstance();
$storage = $auth->getStorage();
$storage->write($authAdapter->getResultRowObject(array('id', 'email', 'registerdate', 'lastvisitdate', 'role_id', 'fullname', 'email_alternative')));
$account = $this->find($authAdapter->getResultRowObject()->id)->current();
#$account = $this->createRow( $account->toArray() );
$account->lastvisitdate = Zend_Date::now()->toString('YYYY-MM-dd HH:mm:ss');
$account->save();
return true;
}
return false;
}
public function authenticate()
{
$mdlAccount = new Acl_Model_Account();
$select = $mdlAccount->select()->where('email=?', $this->_email)->where('block=0')->limit(1);
#trigger_error($select->__toString());
$row = $mdlAccount->fetchRow($select);
if ($row == null) {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, $this->_email);
}
$data = $row->toArray();
if (crypt($this->_password, $data['password']) !== $data['password']) {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $this->_email);
} else {
$this->_row = $row;
return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, 'email');
#return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_email);
}
}
/**
* View action for contact controller
* @throws Exception
*/
public function viewAction()
{
// action body
try {
$translate = Zend_Registry::get('Zend_Translate');
$mdlContact = new Contact_Model_Contact();
$frmContact = new Contact_Form_Contact(array('type' => 'public'));
$params = $this->getRequest()->getParams();
$contact = $mdlContact->find((int) $params['contact'])->current();
if (!$contact) {
throw new Exception($translate->translate("CONTACT_ROW_NOT_FOUND"));
}
if ($this->getRequest()->isPost()) {
if ($frmContact->isValid($_POST)) {
$mdlAccount = new Acl_Model_Account();
$account = $mdlAccount->find((int) $contact->account_id)->current();
$emailTo = strlen($contact->email_to) > 1 ? $contact->email_to : $account->email;
$mail = new Zend_Mail();
$mail->setBodyText($frmContact->getElement('message')->getValue())->setFrom($frmContact->getElement('email')->getValue(), $frmContact->getElement('fullname')->getValue())->addTo($emailTo, $account->first_name . ' ' . $account->last_name)->setSubject($translate->translate('CONTACT_DEFAULT_SUBJECT'))->send();
$frmContact->reset();
}
} else {
$fields = array();
foreach ($frmContact->getElements() as $element) {
$fields[] = $element->getName();
}
$frmContact->addDisplayGroup($fields, 'form', array('legend' => "CONTACT"));
}
$frmContact->setAction($this->_request->getBaseUrl() . "/contact/contact/view");
$this->view->frmContact = $frmContact;
} catch (Exception $e) {
#$this->_helper->flashMessenger->addMessage( array('type'=>'error', 'header'=>'', 'message' => $e->getMessage() ) );
#$this->_helper->redirector( "index", "contact", "contact" );
echo $e->getMessage();
}
return;
}
public function resetpasswordAction()
{
/* @var $translate Zend_Translate */
$translate = Zend_Registry::get('Zend_Translate');
try {
$frmAccount = new Acl_Form_Account();
$this->view->frmAccount = $frmAccount;
$frmAccount->removeElement('fullname');
$frmAccount->removeElement('email_alternative');
$frmAccount->removeElement('role_id');
$frmAccount->getElement('email')->removeValidator('Db_NoRecordExists');
$frmAccount->getElement('submit')->setLabel('ACL_SEND');
$change = intval($this->getRequest()->getParam('change', 0));
if ($change == 1) {
$hashtoken = $frmAccount->createElement('textarea', 'ht');
$hashtoken->setAttrib('cols', 10);
$hashtoken->setAttrib('rows', 5);
$hashtoken->setLabel('ACL_VERIFICATION_CODE');
$hashtoken->addFilter(new Zend_Filter_StringTrim());
$hashtoken->addFilter(new Zend_Filter_Alnum());
$hashtoken->addValidator(new Zend_Validate_Alnum());
$hashtoken->addValidator(new Zend_Validate_NotEmpty());
$hashtoken->setOrder($frmAccount->getElement('email')->getOrder() + 1);
$frmAccount->addElement($hashtoken);
$frmAccount->getElement('password')->setLabel("ACL_NEW_PASSWORD");
$frmAccount->setAction($this->_request->getBaseUrl() . "/changepassword");
} else {
$frmAccount->removeElement('password');
$frmAccount->removeElement('password2');
$frmAccount->setAction($this->_request->getBaseUrl() . "/resetpassword");
}
if ($this->getRequest()->isPost()) {
if ($frmAccount->isValid($_POST)) {
$mdlAccount = new Acl_Model_Account();
$account = $mdlAccount->getByEmail($frmAccount->getValue('email'));
if ($account) {
if ($change == 0) {
$salt = hash('SHA512', md5($account->email . '.' . uniqid(rand(), TRUE)) . time() . '.' . $account->id);
$account->recoverpwdtoken = $salt;
$account->save();
$options = Zend_Registry::get('options');
$projectName = $options['resources']['layout']['projectname'];
$emailSupport = $options['resources']['layout']['email_support'];
$emailSupportName = $options['resources']['layout']['email_support_name'];
$serverurl = new Zend_View_Helper_ServerUrl();
$msg = sprintf($translate->translate("ACL_PASSWORD_RESET_REQUEST_BODY"), $projectName, $serverurl->serverUrl() . '/changepassword', $salt, $emailSupport);
$mail = new Zend_Mail();
$mail->setBodyHtml($msg);
$mail->setFrom($emailSupport, $emailSupportName);
$mail->addTo($account->email, $account->fullname);
$mail->setSubject($translate->translate('ACL_PASSWORD_RESET_EMAIL_SUBJECT'));
$mail->send();
$this->_helper->flashMessenger->addMessage(array('type' => 'info', 'header' => '', 'message' => $translate->translate("ACL_VALIDATION_CODE_SENT_MESSAGE")));
$this->_helper->redirector("changepassword", "account", "acl");
} else {
if (strcasecmp($account->recoverpwdtoken, $frmAccount->getValue('ht')) == 0) {
$account->password = crypt($frmAccount->getValue('password'), '$6$5000$' . $salt . '$');
$account->recoverpwdtoken = "";
$account->save();
$this->_helper->flashMessenger->addMessage(array('type' => 'info', 'header' => '', 'message' => $translate->translate("ACL_PASSWORD_CHANGED")));
$this->_helper->redirector("login", "authentication", "acl");
} else {
$account->recoverpwdtoken = "";
$account->save();
$this->_helper->flashMessenger->addMessage(array('type' => 'error', 'header' => '', 'message' => $translate->translate("ACL_VALIDATION_CODE_INVALID")));
$this->_helper->redirector("resetpassword", "account", "acl");
}
}
} else {
throw new Exception("");
}
}
}
} catch (Exception $e) {
#echo $e->getMessage();
$this->_helper->flashMessenger->addMessage(array('type' => 'error', 'header' => '', 'message' => $translate->translate("ACL_ERROR_ON_RESET_PASSWORD")));
$this->_helper->redirector("resetpassword", "account", "acl");
}
return;
}
