/** * Password recovery routine. The User will receive an email with an * activation link. If clicked, he will be prompted to enter his new * password. */ public function actionRecovery($email = null, $key = null) { $form = new YumPasswordRecoveryForm(); if ($email != null && $key != null) { if ($profile = YumProfile::model()->find('email = :email', array('email' => $email))) { $user = $profile->user; if ($user->status <= 0) { throw new CHttpException(403, 'User is not active'); } else { if ($user->activationKey == urldecode($key)) { $passwordform = new YumUserChangePassword(); if (isset($_POST['YumUserChangePassword'])) { $passwordform->attributes = $_POST['YumUserChangePassword']; if ($passwordform->validate()) { $user->setPassword($passwordform->password); $user->activationKey = CPasswordHelper::hashPassword(microtime() . $passwordform->password, Yum::module()->passwordHashCost); $user->save(); Yum::setFlash('Your new password has been saved.'); if (Yum::module('registration')->loginAfterSuccessfulRecovery) { $login = new YumUserIdentity($user->username, false); $login->authenticate(true); Yii::app()->user->login($login); $this->redirect(Yii::app()->homeUrl); } else { $this->redirect(Yum::module()->loginUrl); } } } $this->render(Yum::module('registration')->changePasswordView, array('form' => $passwordform)); Yii::app()->end(); } else { $form->addError('login_or_email', Yum::t('Invalid recovery key')); Yum::log(Yum::t('Someone tried to recover a password, but entered a wrong recovery key. Email is {email}, associated user is {username} (id: {uid})', array('{email}' => $email, '{uid}' => $user->id, '{username}' => $user->username))); } } } } else { if (isset($_POST['YumPasswordRecoveryForm'])) { $form->attributes = $_POST['YumPasswordRecoveryForm']; if ($form->validate()) { if ($form->user instanceof YumUser) { if ($form->user->status <= 0) { throw new CHttpException(403, 'User is not active'); } $form->user->generateActivationKey(); $recovery_url = $this->createAbsoluteUrl(Yum::module('registration')->recoveryUrl[0], array('key' => urlencode($form->user->activationKey), 'email' => $form->user->profile->email)); Yum::log(Yum::t('{username} successfully requested a new password in the password recovery form. A email with the password recovery url {recovery_url} has been sent to {email}', array('{email}' => $form->user->profile->email, '{recovery_url}' => $recovery_url, '{username}' => $form->user->username))); $mail = array('from' => Yii::app()->params['adminEmail'], 'to' => $form->user->profile->email, 'subject' => 'You requested a new password', 'body' => strtr('You have requested a new password. Please use this URL to continue: {recovery_url}', array('{recovery_url}' => $recovery_url))); $sent = YumMailer::send($mail); Yum::setFlash('Instructions have been sent to you. Please check your email.'); } else { Yum::log(Yum::t('A password has been requested, but no associated user was found in the database. Requested user/email is: {username}', array('{username}' => $form->login_or_email))); } $this->redirect(Yum::module()->loginUrl); } } } $this->render(Yum::module('registration')->recoverPasswordView, array('form' => $form)); }
/** * Activation of an user account. The Email and the Activation key send * by email needs to correct in order to continue. The Status will * be initially set to 1 (active - first Visit) so the administrator * can see, which accounts have been activated, but not yet logged in * (more than once) */ public function actionActivation($email, $key) { // If already logged in, we dont activate anymore if (!Yii::app()->user->isGuest) { Yum::setFlash('You are already logged in, please log out to activate your account'); $this->redirect(Yii::app()->user->returnUrl); } // If everything is set properly, let the model handle the Validation // and do the Activation $status = YumUser::activate($email, $key); if($status instanceof YumUser) { if(Yum::module('registration')->loginAfterSuccessfulActivation) { $login = new YumUserIdentity($status->username, false); $login->authenticate(true); Yii::app()->user->login($login); } $this->render(Yum::module('registration')->activationSuccessView); } else $this->render(Yum::module('registration')->activationFailureView, array( 'error' => $status)); }
public function authenticate($user) { $identity = new YumUserIdentity($user->username, $this->loginForm->password); $identity->authenticate(); switch ($identity->errorCode) { case YumUserIdentity::ERROR_NONE: $duration = $this->loginForm->rememberMe ? 3600 * 24 * 30 : 0; // 30 days Yii::app()->user->login($identity, $duration); return $user; break; case YumUserIdentity::ERROR_EMAIL_INVALID: $this->loginForm->addError("password", Yum::t('Username or Password is incorrect')); break; case YumUserIdentity::ERROR_STATUS_INACTIVE: $this->loginForm->addError("status", Yum::t('This account is not activated.')); break; case YumUserIdentity::ERROR_STATUS_BANNED: $this->loginForm->addError("status", Yum::t('This account is blocked.')); break; case YumUserIdentity::ERROR_STATUS_REMOVED: $this->loginForm->addError('status', Yum::t('Your account has been deleted.')); break; case YumUserIdentity::ERROR_PASSWORD_INVALID: Yum::log(Yum::t('Password invalid for user {username} (Ip-Address: {ip})', array('{ip}' => Yii::app()->request->getUserHostAddress(), '{username}' => $this->loginForm->username)), 'error'); if (!$this->loginForm->hasErrors()) { $this->loginForm->addError("password", Yum::t('Username or Password is incorrect')); } break; return false; } }
public function authenticate($user) { $identity = new YumUserIdentity($user->username, $this->loginForm->password); $identity->authenticate(); switch ($identity->errorCode) { case YumUserIdentity::ERROR_EMAIL_INVALID || YumUserIdentity::ERROR_PASSWORD_INVALID: $this->loginForm->addError("password", Yum::t('Username or Password is incorrect')); $this->logFailedLoginAttempts($user); break; case YumUserIdentity::ERROR_STATUS_INACTIVE: $this->loginForm->addError("status", Yum::t('This account is not activated.')); break; case YumUserIdentity::ERROR_STATUS_BANNED: $this->loginForm->addError("status", Yum::t('This account is blocked.')); break; case YumUserIdentity::ERROR_STATUS_REMOVED: $this->loginForm->addError('status', Yum::t('Your account has been deleted.')); break; case YumUserIdentity::ERROR_NONE: $duration = $this->loginForm->rememberMe ? Yum::module()->cookieDuration : 0; Yii::app()->user->login($identity, $duration); if ($user->failedloginattempts > 0) { Yum::setFlash(Yum::t('Warning: there have been {count} failed login attempts', array('{count}' => $user->failedloginattempts))); $user->failedloginattempts = 0; $user->save(false, array('failedloginattempts')); } return $user; break; } }