public function index($user_id = 0)
{
// Set messages to display on the login page for the user
$message = FALSE;
$message_class = 'login_error';
$auth = Auth::instance();
// If already logged in redirect to user account page
$insufficient_role = FALSE;
if ($auth->logged_in()) {
// Redirect users to the relevant dashboard
if ($auth->logged_in('login')) {
url::redirect($auth->get_user()->dashboard());
}
$insufficient_role = TRUE;
$message_class = 'login_error';
$message = Kohana::lang('ui_main.insufficient_role');
}
// setup and initialize form field names
$form = array('action' => '', 'username' => '', 'password' => '', 'password_again' => '', 'name' => '', 'email' => '', 'resetemail' => '', 'confirmation_email' => '');
// copy the form as errors, so the errors will be stored with keys corresponding to the form field names
$errors = $form;
$form_error = FALSE;
$openid_error = FALSE;
$success = FALSE;
$change_pw_success = FALSE;
$new_confirm_email_form = FALSE;
$action = isset($_POST["action"]) ? $_POST["action"] : "";
// Override success variable if change_pw_success GET var is set
if (isset($_GET["change_pw_success"])) {
$change_pw_success = TRUE;
$message_class = 'login_success';
$message = Kohana::lang('ui_main.password_changed_successfully');
}
// Show send new confirm email form
if (isset($_GET["new_confirm_email"])) {
$new_confirm_email_form = TRUE;
$message_class = 'login_error';
$message = Kohana::lang('ui_main.must_confirm_email_address');
}
// Show send new confirm email form
if (isset($_GET["confirmation_failure"])) {
$new_confirm_email_form = TRUE;
$message_class = 'login_error';
$message = Kohana::lang('ui_main.confirm_email_failed');
}
// Show that confirming the email address was a success
if (isset($_GET["confirmation_success"])) {
$message_class = 'login_success';
$message = Kohana::lang('ui_main.confirm_email_successful');
}
// Is this a password reset request? We need to show the password reset form if it is
if (isset($_GET["reset"])) {
$this->template->token = $this->uri->segment(4);
$this->template->changeid = $this->uri->segment(3);
}
// Regular Form Post for Signin
// check, has the form been submitted, if so, setup validation
if ($_POST and isset($_POST["action"]) and $_POST["action"] == "signin") {
// START: Signin Process
$post = Validation::factory($_POST);
$post->pre_filter('trim');
$post->add_rules('username', 'required');
$post->add_rules('password', 'required');
if ($post->validate(FALSE)) {
// Sanitize $_POST data removing all inputs without rules
$postdata_array = $post->safe_array();
// Flip this flag to flase to skip the login
$valid_login = TRUE;
// Load the user
$user = ORM::factory('user', $postdata_array['username']);
$remember = isset($post->remember) ? TRUE : FALSE;
// Allow a login with username or email address, but we need to figure out which is
// which so we can pass the appropriate variable on login. Mostly used for RiverID
$email = $postdata_array['username'];
if (valid::email($email) == FALSE) {
// Invalid Email, we need to grab it from the user account instead
$email = $user->email;
if (valid::email($email) == FALSE and kohana::config('riverid.enable') == TRUE) {
// We don't have any valid email for this user.
// Only skip login if we are authenticating with RiverID.
$valid_login = FALSE;
}
}
// Auth Login requires catching exceptions to properly show errors
try {
$login = $auth->login($user, $postdata_array['password'], $remember, $email);
// Attempt a login
if ($login and $valid_login) {
// Action::user_login - User Logged In
Event::run('ushahidi_action.user_login', $user);
// Exists Redirect to Dashboard
url::redirect($user->dashboard());
} else {
// If user isn't confirmed, redirect to resend confirmation page
if (Kohana::config('settings.require_email_confirmation') and ORM::factory('user', $user)->confirmed == 0) {
url::redirect("login?new_confirm_email");
}
// Generic Error if exception not passed
$post->add_error('password', 'login error');
}
} catch (Exception $e) {
$error_message = $e->getMessage();
// We use a "custom" message because of RiverID.
$post->add_error('password', $error_message);
}
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
// We need to already have created an error message file, for Kohana to use
// Pass the error message file name to the errors() method
$errors = arr::merge($errors, $post->errors('auth'));
$form_error = TRUE;
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
// We need to already have created an error message file, for Kohana to use
// Pass the error message file name to the errors() method
$errors = arr::merge($errors, $post->errors('auth'));
$form_error = TRUE;
}
// END: Signin Process
} elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "new") {
// START: New User Process
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
$post->add_rules('password', 'required', 'length[' . kohana::config('auth.password_length') . ']', 'alpha_dash');
$post->add_rules('name', 'required', 'length[3,100]');
$post->add_rules('email', 'required', 'email', 'length[4,64]');
$post->add_callbacks('username', array($this, 'username_exists_chk'));
$post->add_callbacks('email', array($this, 'email_exists_chk'));
// If Password field is not blank
if (!empty($post->password)) {
$post->add_rules('password', 'required', 'length[' . kohana::config('auth.password_length') . ']', 'alpha_dash', 'matches[password_again]');
}
//pass the post object to any plugins that care to know.
Event::run('ushahidi_action.users_add_login_form', $post);
if ($post->validate()) {
$riverid_id = false;
if (kohana::config('riverid.enable') == true) {
$riverid = new RiverID();
$riverid->email = $post->email;
$riverid->password = $post->password;
$riverid->register();
$riverid_id = $riverid->user_id;
}
$user = User_Model::create_user($post->email, $post->password, $riverid_id, $post->name);
//pass the new user on to any plugins that care to know
Event::run('ushahidi_action.user_edit', $user);
// Send Confirmation email
$email_sent = $this->_send_email_confirmation($user);
if ($email_sent) {
$message_class = 'login_success';
$message = Kohana::lang('ui_main.login_confirmation_sent');
} else {
$message_class = 'login_success';
$message = Kohana::lang('ui_main.login_account_creation_successful');
}
$success = TRUE;
$action = "";
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::merge($errors, $post->errors('auth'));
$form_error = TRUE;
}
// END: New User Process
} elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "forgot") {
// START: Forgot Password Process
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
$post->add_callbacks('resetemail', array($this, 'email_exists_chk'));
if ($post->validate()) {
$user = ORM::factory('user', $post->resetemail);
// Existing User??
if ($user->loaded) {
$email_sent = FALSE;
// Determine which reset method to use. The options are to use the RiverID server
// or to use the normal method which just resets the password locally.
if (Kohana::config('riverid.enable') == TRUE and !empty($user->riverid)) {
// Reset on RiverID Server
$secret_link = url::site('login/index/' . $user->id . '/%token%?reset');
$message = $this->_email_resetlink_message($user->name, $secret_link);
$riverid = new RiverID();
$riverid->email = $post->resetemail;
$email_sent = $riverid->requestpassword($message);
} else {
// Reset locally
$secret = $user->forgot_password_token();
$secret_link = url::site('login/index/' . $user->id . '/' . urlencode($secret) . '?reset');
$email_sent = $this->_email_resetlink($post->resetemail, $user->name, $secret_link);
}
if ($email_sent == TRUE) {
$message_class = 'login_success';
$message = Kohana::lang('ui_main.login_confirmation_sent');
} else {
$message_class = 'login_error';
$message = Kohana::lang('ui_main.unable_send_email');
}
$success = TRUE;
$action = "";
}
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::merge($errors, $post->errors('auth'));
$form_error = TRUE;
}
// END: Forgot Password Process
} elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "changepass") {
// START: Password Change Process
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
$post->add_rules('token', 'required');
$post->add_rules('changeid', 'required');
$post->add_rules('password', 'required', 'length[' . Kohana::config('auth.password_length') . ']', 'alpha_dash');
$post->add_rules('password', 'required', 'length[' . Kohana::config('auth.password_length') . ']', 'alpha_dash', 'matches[password_again]');
if ($post->validate()) {
$success = $this->_new_password($post->changeid, $post->password, $post->token);
if ($success == TRUE) {
// We don't need to see this page anymore if we were successful. We want to go
// to the login form and let the user know that they were successful at
// changing their password
url::redirect("login?change_pw_success");
exit;
}
$post->add_error('token', 'invalid');
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::merge($errors, $post->errors('auth'));
$form_error = TRUE;
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::merge($errors, $post->errors('auth'));
$form_error = TRUE;
}
// END: Password Change Process
} elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "resend_confirmation") {
// START: Confirmation Email Resend Process
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
$post->add_callbacks('confirmation_email', array($this, 'email_exists_chk'));
if ($post->validate()) {
$user = ORM::factory('user', $post->confirmation_email);
if ($user->loaded) {
// Send Confirmation email
$email_sent = $this->_send_email_confirmation($user);
if ($email_sent) {
$message_class = 'login_success';
$message = Kohana::lang('ui_main.login_confirmation_sent');
$success = TRUE;
} else {
$message_class = 'login_error';
$message = Kohana::lang('ui_main.unable_send_email');
$success = FALSE;
}
} else {
// ERROR: User doesn't exist
$message_class = 'login_error';
$message = Kohana::lang('ui_main.login_email_doesnt_exist');
$success = FALSE;
}
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::merge($errors, $post->errors('auth'));
$form_error = TRUE;
}
}
// Only if we allow OpenID, should we even try this
if (Kohana::config('config.allow_openid') == TRUE) {
// START: OpenID Shenanigans
// OpenID Post
try {
$openid = new OpenID();
// Retrieve the Name (if available) and Email
$openid->required = array("namePerson", "contact/email");
if (!$openid->mode) {
if (isset($_POST["openid_identifier"])) {
$openid->identity = $_POST["openid_identifier"];
header("Location: " . $openid->authUrl());
}
} elseif ($openid->mode == "cancel") {
$openid_error = TRUE;
$message_class = 'login_error';
$message = "You have canceled authentication!";
} else {
if ($openid->validate()) {
// Does User Exist?
$openid_user = ORM::factory("openid")->where("openid", $openid->identity)->find();
if ($openid_user->loaded and $openid_user->user) {
// First log all other sessions out
$auth->logout();
// Initiate Ushahidi side login + AutoLogin
$auth->force_login($openid_user->user->username);
// Exists Redirect to Dashboard
url::redirect($user->dashboard());
} else {
// Does this openid have the required email??
$new_openid = $openid->getAttributes();
if (!isset($new_openid["contact/email"]) or empty($new_openid["contact/email"])) {
$openid_error = TRUE;
$message_class = 'login_error';
$message = $openid->identity . " has not been logged in. No Email Address Found.";
} else {
// Create new User and save OpenID
$user = ORM::factory("user");
// But first... does this email address already exist
// in the system?
if ($user->email_exists($new_openid["contact/email"])) {
$openid_error = TRUE;
$message_class = 'login_error';
$message = $new_openid["contact/email"] . " is already registered in our system.";
} else {
$username = "******" . time();
// Random User Name from TimeStamp - can be changed later
$password = text::random("alnum", 16);
// Create Random Strong Password
// Name Available?
$user->name = (isset($new_openid["namePerson"]) and !empty($new_openid["namePerson"])) ? $new_openid["namePerson"] : $username;
$user->username = $username;
$user->password = $password;
$user->email = $new_openid["contact/email"];
// Add New Roles
$user->add(ORM::factory('role', 'login'));
$user->add(ORM::factory('role', 'member'));
$user->save();
// Save OpenID and Association
$openid_user->user_id = $user->id;
$openid_user->openid = $openid->identity;
$openid_user->openid_email = $new_openid["contact/email"];
$openid_user->openid_server = $openid->server;
$openid_user->openid_date = date("Y-m-d H:i:s");
$openid_user->save();
// Initiate Ushahidi side login + AutoLogin
$auth->login($username, $password, TRUE);
// Redirect to Dashboard
url::redirect($user->dashboard());
}
}
}
} else {
$openid_error = TRUE;
$message_class = 'login_error';
$message = $openid->identity . "has not been logged in.";
}
}
} catch (ErrorException $e) {
$openid_error = TRUE;
$message_class = 'login_error';
$message = $e->getMessage();
}
// END: OpenID Shenanigans
}
// Set the little badge under the form informing users that their logins are being managed
// by an external service.
$this->template->riverid_information = '';
if (kohana::config('riverid.enable') == TRUE) {
$riverid = new RiverID();
$this->template->riverid_information = Kohana::lang('ui_main.riverid_information', $riverid->name);
$this->template->riverid_url = $riverid->url;
}
$this->template->errors = $errors;
$this->template->success = $success;
$this->template->change_pw_success = $change_pw_success;
$this->template->form = $form;
$this->template->form_error = $form_error;
$this->template->new_confirm_email_form = $new_confirm_email_form;
// Message to user
$this->template->message_class = $message_class;
$this->template->message = $message;
// This just means the user isn't a member or an admin, so they have nowhere to go, but they are logged in.
$this->template->insufficient_role = $insufficient_role;
$this->template->site_name = Kohana::config('settings.site_name');
$this->template->site_tagline = Kohana::config('settings.site_tagline');
// Javascript Header
$this->template->js = new View('login/login_js');
$this->template->js->action = $action;
// Header Nav
$header_nav = new View('header_nav');
$this->template->header_nav = $header_nav;
$this->template->header_nav->loggedin_user = FALSE;
if (isset(Auth::instance()->get_user()->id)) {
// Load User
$this->template->header_nav->loggedin_role = Auth::instance()->get_user()->dashboard();
$this->template->header_nav->loggedin_user = Auth::instance()->get_user();
}
$this->template->header_nav->site_name = Kohana::config('settings.site_name');
}
public function index($user_id = 0)
{
$auth = Auth::instance();
// If already logged in redirect to user account page
// Otherwise attempt to auto login if autologin cookie can be found
// (Set when user previously logged in and ticked 'stay logged in')
if ($auth->logged_in() or $auth->auto_login()) {
if ($user = Session::instance()->get('auth_user', FALSE) and $auth->logged_in('member')) {
url::redirect('members/dashboard');
}
}
// setup and initialize form field names
$form = array('action' => '', 'username' => '', 'password' => '', 'password_again' => '', 'name' => '', 'email' => '', 'resetemail' => '');
// copy the form as errors, so the errors will be stored with keys corresponding to the form field names
$errors = $form;
$form_error = FALSE;
$openid_error = FALSE;
$success = FALSE;
$action = isset($_POST["action"]) ? $_POST["action"] : "";
// Is this a password reset request?
if (isset($_GET["reset"])) {
$this->_new_password($user_id, $this->uri->segment(5));
$success = TRUE;
}
// Regular Form Post for Signin
// check, has the form been submitted, if so, setup validation
if ($_POST and isset($_POST["action"]) and $_POST["action"] == "signin") {
$post = Validation::factory($_POST);
$post->pre_filter('trim');
$post->add_rules('username', 'required');
$post->add_rules('password', 'required');
if ($post->validate()) {
// Sanitize $_POST data removing all inputs without rules
$postdata_array = $post->safe_array();
// Load the user
$user = ORM::factory('user', $postdata_array['username']);
// If no user with that username found
if (!$user->id) {
$post->add_error('username', 'login error');
} else {
$remember = isset($post->remember) ? TRUE : FALSE;
// Attempt a login
if ($auth->login($user, $postdata_array['password'], $remember)) {
// Exists Redirect to Dashboard
url::redirect("members/dashboard");
} else {
$post->add_error('password', 'login error');
}
}
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
// We need to already have created an error message file, for Kohana to use
// Pass the error message file name to the errors() method
$errors = arr::overwrite($errors, $post->errors('auth'));
$form_error = TRUE;
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
// We need to already have created an error message file, for Kohana to use
// Pass the error message file name to the errors() method
$errors = arr::overwrite($errors, $post->errors('auth'));
$form_error = TRUE;
}
} elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "new") {
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
$post->add_rules('username', 'required', 'length[3,16]', 'alpha_numeric');
$post->add_rules('password', 'required', 'length[5,30]', 'alpha_numeric');
$post->add_rules('name', 'required', 'length[3,100]');
$post->add_rules('email', 'required', 'email', 'length[4,64]');
$post->add_callbacks('username', array($this, 'username_exists_chk'));
$post->add_callbacks('email', array($this, 'email_exists_chk'));
// If Password field is not blank
if (!empty($post->password)) {
$post->add_rules('password', 'required', 'length[5,16]', 'alpha_numeric', 'matches[password_again]');
}
if ($post->validate()) {
$user = ORM::factory('user');
$user->name = $post->name;
$user->email = $post->email;
$user->username = $post->username;
$user->password = $post->password;
// Add New Roles
$user->add(ORM::factory('role', 'login'));
$user->add(ORM::factory('role', 'member'));
$user->save();
// Send Confirmation email
$this->_send_email_confirmation($user);
$success = TRUE;
$action = "";
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::overwrite($errors, $post->errors('auth'));
$form_error = TRUE;
}
} elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "forgot") {
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
$post->add_callbacks('resetemail', array($this, 'email_exists_chk'));
if ($post->validate()) {
$user = ORM::factory('user', $post->resetemail);
// Existing User??
if ($user->loaded == true) {
// Secret consists of email and the last_login field.
// So as soon as the user logs in again,
// the reset link expires automatically.
$secret = $auth->hash_password($user->email . $user->last_login);
$secret_link = url::site('members/login/index/' . $user->id . '/' . $secret . "?reset");
$details_sent = $this->_email_resetlink($post->resetemail, $user->name, $secret_link);
if ($details_sent) {
$password_reset = TRUE;
}
$success = TRUE;
$action = "";
}
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::overwrite($errors, $post->errors('auth'));
$form_error = TRUE;
}
}
// OpenID Post
try {
$openid = new OpenID();
// Retrieve the Name (if available) and Email
$openid->required = array("namePerson", "contact/email");
if (!$openid->mode) {
if (isset($_POST["openid_identifier"])) {
$openid->identity = $_POST["openid_identifier"];
header("Location: " . $openid->authUrl());
}
} elseif ($openid->mode == "cancel") {
$openid_error = "You have canceled authentication!";
} else {
if ($openid->validate()) {
// Does User Exist?
$openid_user = ORM::factory("openid")->where("openid", $openid->identity)->find();
if ($openid_user->loaded and $openid_user->user) {
// First log all other sessions out
$auth->logout();
// Initiate Ushahidi side login + AutoLogin
$auth->force_login($openid_user->user->username);
// Exists Redirect to Dashboard
url::redirect("members/dashboard");
} else {
// Does this openid have the required email??
$new_openid = $openid->getAttributes();
if (!isset($new_openid["contact/email"]) or empty($new_openid["contact/email"])) {
$openid_error = $openid->identity . " has not been logged in. No Email Address Found.";
} else {
// Create new User and save OpenID
$user = ORM::factory("user");
// But first... does this email address already exist
// in the system?
if ($user->email_exists($new_openid["contact/email"])) {
$openid_error = $new_openid["contact/email"] . " is already registered in our system.";
} else {
$username = "******" . time();
// Random User Name from TimeStamp - can be changed later
$password = text::random("alnum", 16);
// Create Random Strong Password
// Name Available?
$user->name = (isset($new_openid["namePerson"]) and !empty($new_openid["namePerson"])) ? $new_openid["namePerson"] : $username;
$user->username = $username;
$user->password = $password;
$user->email = $new_openid["contact/email"];
// Add New Roles
$user->add(ORM::factory('role', 'login'));
$user->add(ORM::factory('role', 'member'));
$user->save();
// Save OpenID and Association
$openid_user->user_id = $user->id;
$openid_user->openid = $openid->identity;
$openid_user->openid_email = $new_openid["contact/email"];
$openid_user->openid_server = $openid->server;
$openid_user->openid_date = date("Y-m-d H:i:s");
$openid_user->save();
// Initiate Ushahidi side login + AutoLogin
$auth->login($username, $password, TRUE);
// Redirect to Dashboard
url::redirect("members/dashboard");
}
}
}
} else {
$openid_error = $openid->identity . "has not been logged in.";
}
}
} catch (ErrorException $e) {
$openid_error = $e->getMessage();
}
$this->template->errors = $errors;
$this->template->success = $success;
$this->template->form = $form;
$this->template->form_error = $form_error;
$this->template->openid_error = $openid_error;
$this->template->site_name = Kohana::config('settings.site_name');
$this->template->site_tagline = Kohana::config('settings.site_tagline');
// Javascript Header
$this->template->js = new View('members/login_js');
$this->template->js->action = $action;
}
