/**
* Password recovery routine. The User will receive an email with an
* activation link. If clicked, he will be prompted to enter his new
* password.
*/
public function actionRecovery($email = null, $key = null)
{
$form = new YumPasswordRecoveryForm();
if ($email != null && $key != null) {
if ($profile = YumProfile::model()->find('email = :email', array('email' => $email))) {
$user = $profile->user;
if ($user->status <= 0) {
throw new CHttpException(403, 'User is not active');
} else {
if ($user->activationKey == urldecode($key)) {
$passwordform = new YumUserChangePassword();
if (isset($_POST['YumUserChangePassword'])) {
$passwordform->attributes = $_POST['YumUserChangePassword'];
if ($passwordform->validate()) {
$user->setPassword($passwordform->password);
$user->activationKey = CPasswordHelper::hashPassword(microtime() . $passwordform->password, Yum::module()->passwordHashCost);
$user->save();
Yum::setFlash('Your new password has been saved.');
if (Yum::module('registration')->loginAfterSuccessfulRecovery) {
$login = new YumUserIdentity($user->username, false);
$login->authenticate(true);
Yii::app()->user->login($login);
$this->redirect(Yii::app()->homeUrl);
} else {
$this->redirect(Yum::module()->loginUrl);
}
}
}
$this->render(Yum::module('registration')->changePasswordView, array('form' => $passwordform));
Yii::app()->end();
} else {
$form->addError('login_or_email', Yum::t('Invalid recovery key'));
Yum::log(Yum::t('Someone tried to recover a password, but entered a wrong recovery key. Email is {email}, associated user is {username} (id: {uid})', array('{email}' => $email, '{uid}' => $user->id, '{username}' => $user->username)));
}
}
}
} else {
if (isset($_POST['YumPasswordRecoveryForm'])) {
$form->attributes = $_POST['YumPasswordRecoveryForm'];
if ($form->validate()) {
if ($form->user instanceof YumUser) {
if ($form->user->status <= 0) {
throw new CHttpException(403, 'User is not active');
}
$form->user->generateActivationKey();
$recovery_url = $this->createAbsoluteUrl(Yum::module('registration')->recoveryUrl[0], array('key' => urlencode($form->user->activationKey), 'email' => $form->user->profile->email));
Yum::log(Yum::t('{username} successfully requested a new password in the password recovery form. A email with the password recovery url {recovery_url} has been sent to {email}', array('{email}' => $form->user->profile->email, '{recovery_url}' => $recovery_url, '{username}' => $form->user->username)));
$mail = array('from' => Yii::app()->params['adminEmail'], 'to' => $form->user->profile->email, 'subject' => 'You requested a new password', 'body' => strtr('You have requested a new password. Please use this URL to continue: {recovery_url}', array('{recovery_url}' => $recovery_url)));
$sent = YumMailer::send($mail);
Yum::setFlash('Instructions have been sent to you. Please check your email.');
} else {
Yum::log(Yum::t('A password has been requested, but no associated user was found in the database. Requested user/email is: {username}', array('{username}' => $form->login_or_email)));
}
$this->redirect(Yum::module()->loginUrl);
}
}
}
$this->render(Yum::module('registration')->recoverPasswordView, array('form' => $form));
}
/**
* Activation of an user account. The Email and the Activation key send
* by email needs to correct in order to continue. The Status will
* be initially set to 1 (active - first Visit) so the administrator
* can see, which accounts have been activated, but not yet logged in
* (more than once)
*/
public function actionActivation($email, $key) {
// If already logged in, we dont activate anymore
if (!Yii::app()->user->isGuest) {
Yum::setFlash('You are already logged in, please log out to activate your account');
$this->redirect(Yii::app()->user->returnUrl);
}
// If everything is set properly, let the model handle the Validation
// and do the Activation
$status = YumUser::activate($email, $key);
if($status instanceof YumUser) {
if(Yum::module('registration')->loginAfterSuccessfulActivation) {
$login = new YumUserIdentity($status->username, false);
$login->authenticate(true);
Yii::app()->user->login($login);
}
$this->render(Yum::module('registration')->activationSuccessView);
}
else
$this->render(Yum::module('registration')->activationFailureView, array(
'error' => $status));
}
public function authenticate($user)
{
$identity = new YumUserIdentity($user->username, $this->loginForm->password);
$identity->authenticate();
switch ($identity->errorCode) {
case YumUserIdentity::ERROR_NONE:
$duration = $this->loginForm->rememberMe ? 3600 * 24 * 30 : 0;
// 30 days
Yii::app()->user->login($identity, $duration);
return $user;
break;
case YumUserIdentity::ERROR_EMAIL_INVALID:
$this->loginForm->addError("password", Yum::t('Username or Password is incorrect'));
break;
case YumUserIdentity::ERROR_STATUS_INACTIVE:
$this->loginForm->addError("status", Yum::t('This account is not activated.'));
break;
case YumUserIdentity::ERROR_STATUS_BANNED:
$this->loginForm->addError("status", Yum::t('This account is blocked.'));
break;
case YumUserIdentity::ERROR_STATUS_REMOVED:
$this->loginForm->addError('status', Yum::t('Your account has been deleted.'));
break;
case YumUserIdentity::ERROR_PASSWORD_INVALID:
Yum::log(Yum::t('Password invalid for user {username} (Ip-Address: {ip})', array('{ip}' => Yii::app()->request->getUserHostAddress(), '{username}' => $this->loginForm->username)), 'error');
if (!$this->loginForm->hasErrors()) {
$this->loginForm->addError("password", Yum::t('Username or Password is incorrect'));
}
break;
return false;
}
}
public function authenticate($user)
{
$identity = new YumUserIdentity($user->username, $this->loginForm->password);
$identity->authenticate();
switch ($identity->errorCode) {
case YumUserIdentity::ERROR_EMAIL_INVALID || YumUserIdentity::ERROR_PASSWORD_INVALID:
$this->loginForm->addError("password", Yum::t('Username or Password is incorrect'));
$this->logFailedLoginAttempts($user);
break;
case YumUserIdentity::ERROR_STATUS_INACTIVE:
$this->loginForm->addError("status", Yum::t('This account is not activated.'));
break;
case YumUserIdentity::ERROR_STATUS_BANNED:
$this->loginForm->addError("status", Yum::t('This account is blocked.'));
break;
case YumUserIdentity::ERROR_STATUS_REMOVED:
$this->loginForm->addError('status', Yum::t('Your account has been deleted.'));
break;
case YumUserIdentity::ERROR_NONE:
$duration = $this->loginForm->rememberMe ? Yum::module()->cookieDuration : 0;
Yii::app()->user->login($identity, $duration);
if ($user->failedloginattempts > 0) {
Yum::setFlash(Yum::t('Warning: there have been {count} failed login attempts', array('{count}' => $user->failedloginattempts)));
$user->failedloginattempts = 0;
$user->save(false, array('failedloginattempts'));
}
return $user;
break;
}
}
