public function action_edit()
{
$data['user'] = \Auth::get_profile_fields();
$data['user']['email'] = \Auth::get_email();
if (\Input::post()) {
$user = \Input::post();
$val = \Validation::forge();
$val->add_field('fullname', 'fullname', 'required');
if (\Input::post('password')) {
$val->add_field('password', 'new password', 'required|min_length[3]|max_length[10]');
$val->add_field('old_password', 'old password', 'required|min_length[3]|max_length[10]');
}
$val->add_field('email', 'email', 'required|valid_email');
if ($val->run()) {
if ($user['password'] === '') {
\Auth::update_user(array('email' => $user['email'], 'fullname' => $user['fullname']));
} else {
\Auth::update_user(array('email' => $user['email'], 'password' => $user['password'], 'old_password' => $user['old_password'], 'fullname' => $user['fullname']));
}
\Session::set_flash('success', 'The profile has been successfully updated');
\Response::redirect('/user');
} else {
// repopulate the username field and give some error text back to the view.
$data['user'] = ['fullname' => $user['fullname'], 'email' => $user['email'], 'password' => $user['password'], 'old_password' => $user['old_password']];
\Session::set_flash('error', $val->error());
}
}
$data['actions'] = ['back' => ['label' => 'Back', 'url' => '/user']];
$this->template->title = "Edit profile";
$this->template->content = View::forge('user/edit.twig', $data);
}
public function action_profile()
{
$data = null;
$data['user'] = Model_User::query()->related('user_providers')->where('id', static::$user_id)->get_one();
$data['api_key'] = Auth::get('api_key');
if (Input::Method() == 'POST') {
$new_password = Input::Post('new_password');
$current_password = Input::Post('current_password');
if (empty($new_password) === false) {
if (empty($current_password) === true) {
Session::set('error', 'You must enter your old password in first!');
$this->template->content = View::Forge('settings/profile', $data);
return;
} else {
if (Auth::change_password($current_password, $new_password) === false) {
Session::set('error', 'Wrong Password');
$this->template->content = View::Forge('settings/profile', $data);
return;
} else {
Session::delete('current_password');
}
}
}
// update the data for the current user
try {
Auth::update_user(array('email' => Input::Post('email'), 'fullname' => Input::Post('full_name')));
} catch (Exception $e) {
Session::set('error', $e->getMessage());
$this->template->content = View::Forge('settings/profile', $data);
return;
}
Session::set('success', 'Your profile has been updated');
}
$this->template->content = View::Forge('settings/profile', $data);
}
public function action_recover($hash = null)
{
if (Input::Method() === "POST") {
if ($user = \Model\Auth_User::find_by_email(Input::POST('email'))) {
// generate a recovery hash
$hash = \Auth::instance()->hash_password(\Str::random()) . $user->id;
// and store it in the user profile
\Auth::update_user(array('lostpassword_hash' => $hash, 'lostpassword_created' => time()), $user->username);
// send an email out with a reset link
\Package::load('email');
$email = \Email::forge();
$html = 'Your password recovery link <a href="' . Uri::Create('login/recover/' . $hash) . '">Recover My Password!</a>';
// use a view file to generate the email message
$email->html_body($html);
// give it a subject
$email->subject(\Settings::Get('site_name') . ' Password Recovery');
// GET ADMIN EMAIL FROM SETTINGS?
$admin_email = Settings::get('admin_email');
if (empty($admin_email) === false) {
$from = $admin_email;
} else {
$from = 'support@' . str_replace('http:', '', str_replace('/', '', Uri::Base(false)));
}
$email->from($from);
$email->to($user->email, $user->fullname);
// and off it goes (if all goes well)!
try {
// send the email
$email->send();
Session::set('success', 'Email has been sent to ' . $user->email . '! Please check your spam folder!');
} catch (\Exception $e) {
Session::Set('error', 'We failed to send the eamil , contact ' . $admin_email);
\Response::redirect_back();
}
} else {
Session::Set('error', 'Sorry there is not a matching email!');
}
} elseif (empty($hash) === false) {
$hash = str_replace(Uri::Create('login/recover/'), '', Uri::current());
$user = substr($hash, 44);
if ($user = \Model\Auth_User::find_by_id($user)) {
// do we have this hash for this user, and hasn't it expired yet , must be within 24 hours
if (isset($user->lostpassword_hash) and $user->lostpassword_hash == $hash and time() - $user->lostpassword_created < 86400) {
// invalidate the hash
\Auth::update_user(array('lostpassword_hash' => null, 'lostpassword_created' => null), $user->username);
// log the user in and go to the profile to change the password
if (\Auth::instance()->force_login($user->id)) {
Session::Set('current_password', Auth::reset_password($user->username));
Response::Redirect(Uri::Create('user/settings'));
}
}
}
Session::Set('error', 'Invalid Hash!');
}
$this->template->content = View::forge('login/recover');
}
public function before()
{
// Lets render the template
parent::before();
// Check to see if the config exsists
if (file_exists(APPPATH . 'config/production/db.php') === false) {
Response::Redirect('install');
}
if (DBUtil::field_exists('urls', array('cached_preview')) === false && file_exists(APPPATH . 'classes/controller/upgrade.php')) {
Response::Redirect(Uri::Create('upgrade'));
}
$real_base_url = Config::get('base_url');
Config::set('base_url', str_replace('public/', '', $real_base_url));
$base_url = Settings::get('different_short_url');
if (empty($base_url) === false) {
View::set_global(array('base_url' => $base_url), false, false);
}
if (trim(Uri::Base(), '/') == Settings::get('different_short_url')) {
if (count(Uri::Segments()) == 2) {
$route = Uri::to_assoc();
if (isset($route) === true && $route['core'] == '404') {
// We are good!
} else {
Response::Redirect(Settings::Get('base_url'));
}
} else {
Response::Redirect(Settings::Get('base_url'));
}
}
$data = null;
if (Auth::Check()) {
$user_id = Auth::get_user_id();
static::$user_id = $user_id[1];
$data['api_key'] = Auth::get('api_key');
if (empty($data['api_key']) === true) {
if (empty($data['api_key']) === true) {
$data['api_key'] = preg_replace('/\\+|\\/|\\=|\\?/', '', \Auth::instance()->hash_password(\Str::random()) . static::$user_id);
// invalidate the hash
\Auth::update_user(array('api_key' => $data['api_key']), Auth::get('username'));
}
}
}
// Lets set the default title , you can change it when calling the view
$this->template->title = ucwords(str_replace('controller_', '', strtolower($this->request->route->controller)));
try {
Module::load('image');
$this->template->image_js = true;
} catch (Exception $e) {
}
// Lets get the header and footer and set a variable to use within the template
$this->template->footer = View::forge('core/footer', $data);
$this->template->header = View::forge('core/header');
}
/**
* Редактирование пользователя
*
* @param integer $id id пользователя
*/
public function action_edit($id = null)
{
is_null($id) and \Response::redirect('admin/users');
$user = \Model_User::find($id);
if (!empty($user)) {
if (\Input::method() == 'POST') {
$val = \Model_User::validate('edit');
// Если ихменили E-Mail
if (\Input::post('email') != $user->email) {
$val->add_callable(new \MyRules());
$val->add_field('email', 'E-Mail', 'required|max_length[255]|unique[users.email]');
$val->set_message('unique', 'E-Mail существует.');
}
if ($val->run()) {
try {
// Сбрасіваем пароль
$new_password = \Auth::reset_password($user->username);
$arr = array('email' => \Input::post('email'));
if (trim(\Input::post('password') != '')) {
$arr['old_password'] = $new_password;
$arr['password'] = \Input::post('password');
}
$updated = \Auth::update_user($arr, $user->username);
if ($updated) {
\Session::set_flash('success', e('Пользователь отредактирован'));
\Response::redirect_back('admin/users');
} else {
// oops, creating a new user failed?
\Session::set_flash('error', e('Не удалось отредактировать данные пользователя'));
}
} catch (\SimpleUserUpdateException $e) {
// Повтор е-мэил
if ($e->getCode() == 2) {
\Session::set_flash('error', e('E-Mail существует'));
} else {
\Session::set_flash('error', $e->getMessage());
}
}
} else {
\Session::set_flash('error', $val->error());
}
}
\View::set_global('user', $user, FALSE);
$this->template->title = 'Пользователи';
$this->template->content = \View::forge('users/edit');
} else {
\Session::set_flash('error', e('Пользователь отсутствует'));
\Response::redirect('admin/users');
}
}
public function action_recover($hash = null)
{
/*
* https://myturbotax.intuit.com/account-recovery?offering_id=Intuit.cg.myturbotax&username=daniel.rodas1&locale=en-Us&offering_env=prd&confirmation_id=910855&namespace_id=50000003
*/
//email use a link
// was the lostpassword form posted?
if (\Input::method() == 'POST') {
// do we have a posted email address?
if ($email = \Input::post('email')) {
// do we know this user?
if ($user = \Model\Auth_User::find_by_email($email)) {
// generate a recovery hash
$hash = \Auth::instance()->hash_password(\Str::random()) . $user->id;
// and store it in the user profile
\Auth::update_user(array('lostpassword_hash' => $hash, 'lostpassword_created' => time()), $user->username);
\Package::load('email');
$email = \Email::forge();
$data = array();
$hash = Crypt::encode($hash, 'R@nd0mK~Y');
$data['url'] = \Uri::create('user/password/recover/' . $hash);
$data['user'] = $user;
// use a view file to generate the email message
$email->html_body(View::forge('user/password/email', $data));
// give it a subject
$email->subject('RN | WJS Password Recovery');
// $email->subject(__('user.login.password-recovery'));
// add from- and to address
// $from = \Config::get('application.email-addresses.from.website');
// $from = array('email' => '*****@*****.**', 'name' => 'RN | Wall Street Journal');
// $email->from($from['email']);
$email->from('*****@*****.**');
$email->to($user->email);
// and off it goes (if all goes well)!
try {
// send the email
// $email->send();
\Messages::success('Please check your email for instructions to reset your password');
// \Messages::success(__('user.login.recovery-email-send'));
\Response::redirect('user/password/confirm/' . $user->id);
} catch (\EmailValidationFailedException $e) {
\Messages::error('INVALID EMAIL !');
\Messages::error($e->getMessage());
// \Messages::error(__('user.login.invalid-email-address'));
\Response::redirect_back();
} catch (\Exception $e) {
// log the error so an administrator can have a look
logger(\Fuel::L_ERROR, '*** Error sending email (' . __FILE__ . '#' . __LINE__ . '): ' . $e->getMessage());
// \Messages::error($e->getMessage());
\Messages::error('ERROR SENDING EMAIL !');
// \Messages::error(__('user.login.error-sending-email'));
}
}
} else {
// inform the user and fall through to the form
\Messages::error(__('user.login.error-missing-email'));
}
// inform the user an email is on the way (or not ;-))
\Messages::info(__('user.login.recovery-email-send'));
\Response::redirect_back();
} elseif ($hash !== null) {
$hash = Crypt::decode($hash, 'R@nd0mK~Y');
// get the userid from the hash
$user = substr($hash, 44);
// and find the user with this id
if ($user = \Model\Auth_User::find_by_id($user)) {
// do we have this hash for this user, and hasn't it expired yet (we allow for 24 hours response)?
if (isset($user->lostpassword_hash) and $user->lostpassword_hash == $hash and time() - $user->lostpassword_created < 86400) {
// invalidate the hash
\Auth::update_user(array('lostpassword_hash' => null, 'lostpassword_created' => null), $user->username);
// log the user in and go to the profile to change the password
if (\Auth::instance()->force_login($user->id)) {
// \Messages::info('LOGGED IN');
$tempPass = \Auth::instance()->reset_password($user->username);
if ($tempPass) {
// \Messages::info(__('user.login.password-recovery-accepted'));
\Messages::info("Your temporary password is : {$tempPass} ");
\Response::redirect('backend/account/index/password');
} else {
return 'Something went wrong resetting password';
// something wrong with the hash
// \Messages::error(__('user.login.recovery-hash-invalid'));
// \Response::redirect_back();
}
}
}
}
// something wrong with the hash
\Messages::error(__('user.login.recovery-hash-invalid'));
\Response::redirect_back();
} else {
// display the login page
$this->template->content = View::forge('user/password/recover');
}
}
public function action_edit()
{
$lUserData = Input::post('user', null);
$lAvatar = Input::post('avatar', null);
$lDeleteAvatar = Input::post('delete_avatar', null);
if (empty($lUserData)) {
die(json_encode(['status' => 'error', 'message' => 'Empty data for updating user'], JSON_UNESCAPED_UNICODE));
}
$lIsOwner = $lUserData['username'] == $this->current_user['username'];
if ((empty($lUserData['username']) || !$lIsOwner) && !$this->is_admin) {
die(json_encode(['status' => 'error', 'message' => 'Access denied'], JSON_UNESCAPED_UNICODE));
}
$lUserName = $lUserData['username'];
unset($lUserData['username']);
try {
DB::start_transaction();
$lOldData = Auth::get_profile_fields();
if (!empty($lAvatar)) {
$lNewAvatar = FileHandler::prepareFiles($lAvatar, FileHandler::tempFolder());
foreach ($lNewAvatar as $lVal) {
$lUserData['avatar_id'] = Model_Avatars::add(['file_name' => $lVal]);
break;
}
if (!empty($lOldData['avatar_id'])) {
$lToDeleteAvatar = Model_Avatars::getById($lOldData['avatar_id']);
Model_Avatars::delete($lOldData['avatar_id']);
}
}
if (!empty($lDeleteAvatar) && empty($lAvatar)) {
$lOldAvatar = Model_Avatars::getById($lOldData['avatar_id']);
foreach ($lDeleteAvatar as $lVal) {
if ($lVal != $lOldData['avatar_id']) {
break;
}
$lToDeleteAvatar = $lOldAvatar;
Model_Avatars::delete($lVal);
$lUserData['avatar_id'] = '';
break;
}
}
$lResult = Auth::update_user($lUserData, $lUserName);
if (!empty($lNewAvatar)) {
FileHandler::moveFiles($lNewAvatar, FileHandler::tempFolder(), FileHandler::AVATAR_FOLDER);
}
if (!empty($lToDeleteAvatar)) {
FileHandler::deleteFiles([FileHandler::AVATAR_FOLDER . $lToDeleteAvatar['file_name']]);
}
DB::commit_transaction();
} catch (Exception $e) {
DB::rollback_transaction();
die(json_encode(['status' => 'error', 'message' => 'Error ' . $e], JSON_UNESCAPED_UNICODE));
}
if ($lResult) {
die(json_encode(['status' => 'ok'], JSON_UNESCAPED_UNICODE));
}
die(json_encode(['status' => 'error', 'message' => 'Fields not were updated'], JSON_UNESCAPED_UNICODE));
}
