/**
* Method for allowing a user to reset their password
* @param {stdClass} $data Data passed from ActionScript
* @return {array} Returns a standard response array
*/
public function lostPassword($data)
{
$response = CodeBank_ClientAPI::responseBase();
$response['login'] = true;
$SQL_email = Convert::raw2sql($data->user);
$member = Member::get_one('Member', "\"Email\"='{$SQL_email}'");
// Allow vetoing forgot password requests
$sng = new MemberLoginForm(Controller::has_curr() ? Controller::curr() : singleton('Controller'), 'LoginForm');
$results = $sng->extend('forgotPassword', $member);
if ($results && is_array($results) && in_array(false, $results, true)) {
$response['status'] = 'HELO';
$response['message'] = _t('CodeBankAPI.PASSWORD_SENT_TEXT', "A reset link has been sent to '{email}', provided an account exists for this email address.", array('email' => $data['Email']));
}
if ($member) {
$token = $member->generateAutologinTokenAndStoreHash();
$e = Member_ForgotPasswordEmail::create();
$e->populateTemplate($member);
$e->populateTemplate(array('PasswordResetLink' => Security::getPasswordResetLink($member, $token)));
$e->setTo($member->Email);
$e->send();
$response['status'] = 'HELO';
$response['message'] = _t('CodeBankAPI.PASSWORD_SENT_TEXT', "A reset link has been sent to '{email}', provided an account exists for this email address.", array('email' => $data->user));
} else {
if (!empty($data->user)) {
$response['status'] = 'HELO';
$response['message'] = _t('CodeBankAPI.PASSWORD_SENT_TEXT', "A reset link has been sent to '{email}', provided an account exists for this email address.", array('email' => $data->user));
} else {
$response['status'] = 'EROR';
$response['message'] = _t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.');
}
}
return $response;
}
public function run()
{
$memberLoginForm = new MemberLoginForm();
if (isset($_POST['MemberLoginForm'])) {
$memberLoginForm->attributes = $_POST['MemberLoginForm'];
if ($memberLoginForm->validate() && $memberLoginForm->login()) {
$this->controller->redirect(Yii::app()->user->returnUrl);
}
}
$this->render('loginFormWidget', array('memberLoginForm' => $memberLoginForm));
}
/**
* Constructor.
*
* @param Controller $controller
* @param string $name method on the $controller
* @param FieldList $fields
* @param FieldList $actions
* @param bool $checkCurrentUser - show logout button if logged in
*/
public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
{
parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser);
// will be used to get correct Link()
$this->ldapSecController = Injector::inst()->create('LDAPSecurityController');
$usernameField = new TextField('Username', _t('Member.USERNAME', 'Username'), null, null, $this);
$this->Fields()->replaceField('Email', $usernameField);
$this->setValidator(new RequiredFields('Username', 'Password'));
if (Security::config()->remember_username) {
$usernameField->setValue(Session::get('SessionForms.MemberLoginForm.Email'));
} else {
// Some browsers won't respect this attribute unless it's added to the form
$this->setAttribute('autocomplete', 'off');
$usernameField->setAttribute('autocomplete', 'off');
}
// Users can't change passwords unless appropriate a LDAP user with write permissions is
// configured the LDAP connection binding
$this->Actions()->remove($this->Actions()->fieldByName('forgotPassword'));
$allowPasswordChange = Config::inst()->get('LDAPService', 'allow_password_change');
if ($allowPasswordChange && $name != 'LostPasswordForm' && !Member::currentUser()) {
$forgotPasswordLink = sprintf('<p id="ForgotPassword"><a href="%s">%s</a></p>', $this->ldapSecController->Link('lostpassword'), _t('Member.BUTTONLOSTPASSWORD', "I've lost my password"));
$forgotPassword = new LiteralField('forgotPassword', $forgotPasswordLink);
$this->Actions()->add($forgotPassword);
}
// Focus on the Username field when the page is loaded
Requirements::block('MemberLoginFormFieldFocus');
$js = <<<JS
\t\t\t(function() {
\t\t\t\tvar el = document.getElementById("Username");
\t\t\t\tif(el && el.focus && (typeof jQuery == 'undefined' || jQuery(el).is(':visible'))) el.focus();
\t\t\t})();
JS;
Requirements::customScript($js, 'LDAPLoginFormFieldFocus');
}
/**
* Taken from MemberLoginForm::__construct with minor changes
*/
public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
{
$customCSS = project() . '/css/member_login.css';
if (Director::fileExists($customCSS)) {
Requirements::css($customCSS);
}
if (isset($_REQUEST['BackURL'])) {
$backURL = $_REQUEST['BackURL'];
} else {
$backURL = Session::get('BackURL');
}
if ($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) {
$fields = new FieldList(new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this));
$actions = new FieldList(new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else")));
} else {
if (!$fields) {
$fields = new FieldList(new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this));
}
if (!$actions) {
$actions = new FieldList(new FormAction('dologin', _t('GoogleAuthenticator.BUTTONLOGIN', "Log in with Google")));
}
}
if (isset($backURL)) {
$fields->push(new HiddenField('BackURL', 'BackURL', $backURL));
}
// Allow GET method for callback
$this->setFormMethod('GET', true);
parent::__construct($controller, $name, $fields, $actions);
}
/**
* EmailVerificationLoginForm is the same as MemberLoginForm with the following changes:
* - The code has been cleaned up.
* - A form action for users who have lost their verification email has been added.
*
* We add fields in the constructor so the form is generated when instantiated.
*
* @param Controller $controller The parent controller, necessary to create the appropriate form action tag.
* @param string $name The method on the controller that will return this form object.
* @param FieldList|FormField $fields All of the fields in the form - a {@link FieldList} of {@link FormField} objects.
* @param FieldList|FormAction $actions All of the action buttons in the form - a {@link FieldList} of {@link FormAction} objects
* @param bool $checkCurrentUser If set to TRUE, it will be checked if a the user is currently logged in, and if so, only a logout button will be rendered
*/
function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
{
$email_field_label = singleton('Member')->fieldLabel(Member::config()->unique_identifier_field);
$email_field = TextField::create('Email', $email_field_label, null, null, $this)->setAttribute('autofocus', 'autofocus');
$password_field = PasswordField::create('Password', _t('Member.PASSWORD', 'Password'));
$authentication_method_field = HiddenField::create('AuthenticationMethod', null, $this->authenticator_class, $this);
$remember_me_field = CheckboxField::create('Remember', 'Remember me next time?', true);
if ($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) {
$fields = FieldList::create($authentication_method_field);
$actions = FieldList::create(FormAction::create('logout', _t('Member.BUTTONLOGINOTHER', "Log in as someone else")));
} else {
if (!$fields) {
$fields = FieldList::create($authentication_method_field, $email_field, $password_field);
if (Security::config()->remember_username) {
$email_field->setValue(Session::get('SessionForms.MemberLoginForm.Email'));
} else {
// Some browsers won't respect this attribute unless it's added to the form
$this->setAttribute('autocomplete', 'off');
$email_field->setAttribute('autocomplete', 'off');
}
}
if (!$actions) {
$actions = FieldList::create(FormAction::create('doLogin', _t('Member.BUTTONLOGIN', "Log in")), new LiteralField('forgotPassword', '<p id="ForgotPassword"><a href="Security/lostpassword">' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>'), new LiteralField('resendEmail', '<p id="ResendEmail"><a href="Security/verify-email">' . _t('MemberEmailVerification.BUTTONLOSTVERIFICATIONEMAIL', "I've lost my verification email") . '</a></p>'));
}
}
if (isset($_REQUEST['BackURL'])) {
$fields->push(HiddenField::create('BackURL', 'BackURL', $_REQUEST['BackURL']));
}
// Reduce attack surface by enforcing POST requests
$this->setFormMethod('POST', true);
parent::__construct($controller, $name, $fields, $actions);
$this->setValidator(RequiredFields::create('Email', 'Password'));
}
public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
{
if ($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) {
} else {
}
$backURL = isset($_REQUEST['BackURL']) ? $_REQUEST['BackURL'] : Session::get('BackURL');
if (isset($backURL)) {
$fields->push(new HiddenField('BackURL', 'BackURL', $backURL));
}
return parent::__construct($controller, $name, $fields, $actions);
}
public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
{
// This is now set on the class directly to make it easier to create subclasses
// $this->authenticator_class = $authenticatorClassName;
$customCSS = project() . '/css/member_login.css';
if (Director::fileExists($customCSS)) {
Requirements::css($customCSS);
}
if (isset($_REQUEST['BackURL'])) {
$backURL = $_REQUEST['BackURL'];
} else {
$backURL = Session::get('BackURL');
}
if ($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) {
$fields = new FieldList(new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this));
$actions = new FieldList(new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else")));
} else {
if (!$fields) {
$label = singleton('Member')->fieldLabel(Member::config()->unique_identifier_field);
$fields = new FieldList(new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this), $emailField = new TextField("Email", $label, null, null, $this), new PasswordField("Password", _t('Member.PASSWORD', 'Password')));
if (Security::config()->remember_username) {
$emailField->setValue(Session::get('SessionForms.MemberLoginForm.Email'));
} else {
// Some browsers won't respect this attribute unless it's added to the form
$this->setAttribute('autocomplete', 'off');
$emailField->setAttribute('autocomplete', 'off');
}
if (Security::config()->autologin_enabled) {
$fields->push(new CheckboxField("Remember", _t('Member.REMEMBERME', "Remember me next time?")));
}
}
if (!$actions) {
$actions = new FieldList(new FormAction('dologin', _t('Member.BUTTONLOGIN', "Log in")), new LiteralField('forgotPassword', '<p id="ForgotPassword"><a href="Security/lostpassword">' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>'));
}
}
if (isset($backURL)) {
$fields->push(new HiddenField('BackURL', 'BackURL', $backURL));
}
// Reduce attack surface by enforcing POST requests
$this->setFormMethod('POST', true);
parent::__construct($controller, $name, $fields, $actions);
$this->setValidator(new RequiredFields());
// Focus on the email input when the page is loaded
$js = <<<JS
\t\t\t(function() {
\t\t\t\tvar el = document.getElementById("MemberLoginForm_LoginForm_Email");
\t\t\t\tif(el && el.focus && (typeof jQuery == 'undefined' || jQuery(el).is(':visible'))) el.focus();
\t\t\t})();
JS;
Requirements::customScript($js, 'MemberLoginFormFieldFocus');
}
public function Fields()
{
if (!Session::get('TOTP.ID')) {
return parent::Fields();
}
$security_token = $this->getSecurityToken();
$fields = \FieldList::create(\TextField::create('TOTP', 'Security Token'), \HiddenField::create('BackURL', null, Session::get('BackURL')), \HiddenField::create($security_token->getName(), null, $security_token->getSecurityID()));
foreach ($this->getExtraFields() as $field) {
if (!$fields->fieldByName($field->getName())) {
$fields->push($field);
}
}
return $fields;
}
public function __construct($controller = null, $name = null, $fields = null, $actions = null, $checkCurrentUser = true)
{
if (!$controller) {
$controller = Controller::curr();
}
if (!$name) {
$name = "LoginForm";
}
parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser);
$this->Fields()->bootstrapify();
$this->Actions()->bootstrapify();
$this->setTemplate("BootstrapForm");
$this->invokeWithExtensions('updateBoostrapMemberLoginForm', $this);
}
public function __construct($controller = null, $name = null, $fields = null, $actions = null, $checkCurrentUser = true)
{
if (!$controller) {
$controller = Controller::curr();
}
if (!$name) {
$name = "LoginForm";
}
parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser);
$this->Fields()->bootstrapify();
$this->Actions()->bootstrapify();
$this->setTemplate("FoundationForm");
$this->invokeWithExtensions('updateFoundationMemberLoginForm', $this);
Requirements::css(FOUNDATIONFORMS_DIR . '/css/foundationforms.css');
}
public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
{
if ($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) {
$fields = new FieldList(new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this));
$actions = new FieldList(new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else")));
} else {
$fields = new FieldList(new LiteralField('FacebookLoginIn', "<fb:login-button scope='" . $controller->getFacebookPermissions() . "'></fb:login-button>"));
$actions = new FieldList(new LiteralField('FacebookLoginLink', "<!-- <a href='" . $controller->getFacebookLoginLink() . "'>" . _t('FacebookLoginForm.LOGIN', 'Login') . "</a> -->"));
}
$backURL = isset($_REQUEST['BackURL']) ? $_REQUEST['BackURL'] : Session::get('BackURL');
if (isset($backURL)) {
$fields->push(new HiddenField('BackURL', 'BackURL', $backURL));
}
return parent::__construct($controller, $name, $fields, $actions);
}
/**
* Constructor
*
* @param Controller $controller The parent controller, necessary to
* create the appropriate form action tag.
* @param string $name The method on the controller that will return this
* form object.
* @param FieldList|FormField $fields All of the fields in the form - a
* {@link FieldList} of {@link FormField}
* objects.
* @param FieldList|FormAction $actions All of the action buttons in the
* form - a {@link FieldList} of
* {@link FormAction} objects
* @param bool $checkCurrentUser If set to TRUE, it will be checked if a
* the user is currently logged in, and if
* so, only a logout button will be rendered
* @param string $authenticatorClassName Name of the authenticator class that this form uses.
*/
function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
{
// This is now set on the class directly to make it easier to create subclasses
// $this->authenticator_class = $authenticatorClassName;
$customCSS = project() . '/css/member_login.css';
if (Director::fileExists($customCSS)) {
Requirements::css($customCSS);
}
if (isset($_REQUEST['BackURL'])) {
$_REQUEST['BackURL'] = str_replace("/RegistrationForm", "", $_REQUEST['BackURL']);
$backURL = $_REQUEST['BackURL'];
} else {
if (strpos(Session::get('BackURL'), "/RegistrationForm") > 0) {
Session::set('BackURL', str_replace("/RegistrationForm", "", Session::get('BackURL')));
}
$backURL = str_replace("/RegistrationForm", "", Session::get('BackURL'));
}
if ($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) {
$fields = new FieldList(new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this));
$actions = new FieldList(new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else")));
} else {
if (!$fields) {
$label = singleton('Member')->fieldLabel(Member::get_unique_identifier_field());
$fields = new FieldList(new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this), new TextField("Email", $label, Session::get('SessionForms.MemberLoginForm.Email'), null, $this), new PasswordField("Password", _t('Member.PASSWORD', 'Password')));
if (Security::$autologin_enabled) {
$fields->push(new CheckboxField("Remember", _t('Member.REMEMBERME', "Remember me next time?")));
}
}
if (!$actions) {
$actions = new FieldList(new FormAction('dologin', _t('Member.BUTTONLOGIN', "Log in")), new LiteralField('forgotPassword', '<p id="ForgotPassword"><a href="Security/lostpassword">' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>'), new LiteralField('resendEmail', '<p id="ResendEmail"><a href="Security/verifyemail">' . _t('EmailVerifiedMember.BUTTONRESENDEMAIL', "I've lost my verification email") . '</a></p>'));
}
}
if (isset($backURL)) {
$fields->push(new HiddenField('BackURL', 'BackURL', $backURL));
}
parent::__construct($controller, $name, $fields, $actions);
// Focus on the email input when the page is loaded
// Only include this if other form JS validation is enabled
/* if($this->getValidator()->getJavascriptValidationHandler() != 'none') {
Requirements::customScript(<<<JS
(function() {
var el = document.getElementById("MemberLoginForm_LoginForm_Email");
if(el && el.focus) el.focus();
})();
JS
);
}*/
}
public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
{
parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser);
if ($this->Actions()->fieldByName('forgotPassword')) {
// replaceField won't work, since it's a dataless field
$this->Actions()->removeByName('forgotPassword');
$this->Actions()->push(new LiteralField('forgotPassword', '<p id="ForgotPassword"><a href="AdminSecurity/lostpassword">' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>'));
}
Requirements::customScript(<<<'JS'
(function() {
var el = document.getElementById("AdminLoginForm_LoginForm_Email");
if(el && el.focus) el.focus();
})();
JS
);
}
public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
{
$form_action_url = Controller::join_links(BASE_URL, "Security", $name);
$lost_password_url = Controller::join_links(BASE_URL, "Security", "lostpassword");
if (isset($_REQUEST['BackURL'])) {
$backURL = $_REQUEST['BackURL'];
} else {
$backURL = Session::get('BackURL');
}
$fields = new FieldList(HiddenField::create("AuthenticationMethod", null, $this->authenticator_class, $this), TextField::create('Identity', 'Username or Email'), PasswordField::create("Password", _t('Member.PASSWORD', 'Password')));
if (Security::config()->autologin_enabled) {
$fields->push(new CheckboxField("Remember", _t('Member.REMEMBERME', "Remember me?")));
}
$actions = new FieldList(FormAction::create('dologin', 'Login'), LiteralField::create('forgotPassword', '<p id="ForgotPassword"><a href="' . $lost_password_url . '">' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>'));
// LoginForm does its magic
parent::__construct($controller, $name, $fields, $actions);
$this->setAttribute("action", $form_action_url);
}
public function Fields()
{
if (!Session::get('TOTP.ID')) {
return parent::Fields();
}
$actions = $this->Actions();
$field = $actions->fieldByName('action_forgotPassword');
if ($field) {
return parent::Fields();
}
$fields = \FieldList::create(\TextField::create('TOTP', 'Security Token'), \HiddenField::create('BackURL', null, Session::get('BackURL')));
foreach ($this->getExtraFields() as $field) {
if (!$fields->fieldByName($field->getName())) {
$fields->push($field);
}
}
return $fields;
}
public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
{
parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser);
$this->fields->renameField('Email', 'Username');
}
/**
* Factory method for the lost password form
*
* @return Form Returns the lost password form
*/
public function LostPasswordForm()
{
return MemberLoginForm::create($this, 'LostPasswordForm', new FieldList(new EmailField('Email', _t('Member.EMAIL', 'Email'))), new FieldList(new FormAction('forgotPassword', _t('Security.BUTTONSEND', 'Send me the password reset link'))), false);
}
public function dologin($data)
{
parent::dologin($data);
$this->controller->response->removeHeader('Location');
Director::redirect(Director::baseURL() . "assets/membership");
}
public function LoginForm()
{
$form = MemberLoginForm::create($this->owner, 'LoginForm');
$this->owner->extend('updateLoginForm', $form);
return $form;
}
/**
* Method that creates the login form for this authentication method
*
* @param Controller The parent controller, necessary to create the
* appropriate form action tag
* @return Form Returns the login form to use with this authentication
* method
*/
public static function get_login_form(Controller $controller)
{
return MemberLoginForm::create($controller, "LoginForm");
}
/**
* Get message from session
*/
protected function getMessageFromSession()
{
parent::getMessageFromSession();
$this->message = '';
}
