/** * @Request({"user": "******"}, csrf=true) */ public function saveAction($data) { if (!$this->user->isAuthenticated()) { $this->getApplication()->abort(404); } try { $user = $this->users->find($this->user->getId()); $name = trim(@$data['name']); $email = trim(@$data['email']); $passNew = @$data['password_new']; $passOld = @$data['password_old']; if (strlen($name) < 3) { throw new Exception(__('Name is invalid.')); } if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { throw new Exception(__('Email is invalid.')); } if ($this->users->where(['email = ?', 'id <> ?'], [$email, $user->getId()])->first()) { throw new Exception(__('Email not available.')); } if ($passNew) { if (!$this['auth']->getUserProvider()->validateCredentials($this->user, ['password' => $passOld])) { throw new Exception(__('Invalid Password.')); } if (trim($passNew) != $passNew || strlen($passNew) < 3) { throw new Exception(__('New Password is invalid.')); } $user->setPassword($this['auth.password']->hash($passNew)); } if ($email != $user->getEmail()) { $user->set('verified', false); } $user->setName($name); $user->setEmail($email); $this['events']->dispatch('system.user.profile.save', new ProfileSaveEvent($user, $data)); $this->users->save($user); $this['events']->dispatch('system.user.profile.saved', new ProfileSaveEvent($user, $data)); $this['message']->success(__('Profile updated.')); } catch (Exception $e) { $this['message']->error($e->getMessage()); } return $this->redirect('@system/profile'); }
/** * Gets the user roles. * * @param User $user * @return array */ protected function getRoles(User $user = null) { $roles = $this->roles->where(['id <> ?'], [Role::ROLE_ANONYMOUS])->orderBy('priority')->get(); foreach ($roles as $role) { if ($role->isAuthenticated()) { $role->disabled = true; } if ($user && $user->getId() == $this['user']->getId() && $user->isAdministrator() && $role->isAdministrator()) { $role->disabled = true; } } return $roles; }
/** * {@inheritdoc} */ public function boot(Application $app) { if (!(isset($this['config']) ? $this['config']['app.debug'] : true)) { $app['events']->addSubscriber(new ExceptionListener('Pagekit\\System\\Exception\\ExceptionController::showAction')); } $app['events']->addSubscriber(new AccessListener()); $app['events']->addSubscriber(new AdminMenuListener()); $app['events']->addSubscriber(new AliasListener()); $app['events']->addSubscriber(new AuthorizationListener()); $app['events']->addSubscriber(new CanonicalListener()); $app['events']->addSubscriber(new FrontpageListener()); $app['events']->addSubscriber(new LocaleListener()); $app['events']->addSubscriber(new LoginAttemptListener()); $app['events']->addSubscriber(new MaintenanceListener()); $app['events']->addSubscriber(new MenuListener()); $app['events']->addSubscriber(new MigrationListener()); $app['events']->addSubscriber(new ResponseListener()); $app['events']->addSubscriber(new SystemListener()); $app['events']->addSubscriber(new UserListener()); $app['events']->addSubscriber(new WidgetListener()); $app['events']->addSubscriber(new ThemeListener()); $app['events']->addSubscriber(new ThemeWidgetListener()); parent::boot($app); $this->mergeOptions(); $app['system'] = $this; $app['menus'] = function () { return new MenuProvider(); }; $app['user'] = function ($app) { if (!($user = $app['auth']->getUser())) { $user = new UserEntity(); $roles = $app['users']->getRoleRepository()->where(['id' => RoleInterface::ROLE_ANONYMOUS])->get(); $user->setRoles($roles); } return $user; }; $app['users'] = function () { return new UserProvider(); }; $app['permissions'] = function ($app) { return $app['events']->dispatch('system.permission', new PermissionEvent())->getPermissions(); }; $app['content'] = function () { return new ContentHelper(); }; $app['languages'] = function () { return new LanguageHelper(); }; $app['countries'] = function () { return new CountryHelper(); }; $app['system.info'] = function () { return new SystemInfoHelper(); }; $app['oauth'] = function () { return new OAuthHelper(); }; $app['dates'] = function ($app) { $manager = new DateHelper(); $manager->setTimezone($app['option']->get('system:app.timezone', 'UTC')); $manager->setFormats([DateHelper::NONE => '', DateHelper::FULL => __('DATE_FULL'), DateHelper::LONG => __('DATE_LONG'), DateHelper::MEDIUM => __('DATE_MEDIUM'), DateHelper::SHORT => __('DATE_SHORT'), DateHelper::INTERVAL => __('DATE_INTERVAL')]); return $manager; }; $app->extend('mailer', function ($mailer, $app) { $address = $app['config']->get('mail.from.address'); $name = $app['config']->get('mail.from.name'); $mailer->registerPlugin(new ImpersonatePlugin($address, $name)); return $mailer; }); if (isset($app['profiler'])) { $app->on('system.init', function () use($app) { $app['profiler']->add(new SystemDataCollector($app['system.info']), 'extension://system/views/profiler/toolbar/system.php', 'extension://system/views/profiler/panel/system.php', 50); $app['profiler']->add(new UserDataCollector($app['auth']), 'extension://system/views/profiler/toolbar/user.php', null, -20); }); } }
/** * @Request({"user": "******"}) * @Response("json") */ public function registerAction($data) { $response = ['success' => false]; $errors = []; try { if ($this['user']->isAuthenticated() || $this['option']->get('system:user.registration', 'admin') == 'admin') { return $this->redirect('/'); } if (!$this['csrf']->validate($this['request']->request->get('_csrf'))) { throw new Exception(__('Invalid token. Please try again.')); } $name = trim(@$data['name']); $username = trim(@$data['username']); $email = trim(@$data['email']); $password = @$data['password']; if (empty($name)) { $errors[] = ['field' => 'name', 'message' => __('Name required.')]; } if (empty($password)) { $errors[] = ['field' => 'password', 'message' => __('Password required.')]; } if (strlen($username) < 3 || !preg_match('/^[a-zA-Z0-9_\\-]+$/', $username)) { $errors[] = ['field' => 'username', 'message' => __('Username is invalid.')]; } if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { $errors[] = ['field' => 'email', 'message' => __('Email is invalid.')]; } if ($this->users->query()->orWhere(['username = :username', 'email = :username'], ['username' => $username])->first()) { $errors[] = ['field' => 'username', 'message' => __('Username not available.'), 'dynamic' => true]; } if ($this->users->query()->orWhere(['username = :email', 'email = :email'], ['email' => $email])->first()) { $errors[] = ['field' => 'email', 'message' => __('Email not available.'), 'dynamic' => true]; } if (count($errors)) { throw new Exception(__('Signup failed')); } $user = new User(); $user->setRegistered(new \DateTime()); $user->setName($name); $user->setUsername($username); $user->setEmail($email); $user->setPassword($this['auth.password']->hash($password)); $user->setStatus(UserInterface::STATUS_BLOCKED); $user->setRoles($this->roles->where(['id' => RoleInterface::ROLE_AUTHENTICATED])->get()); $token = $this['auth.random']->generateString(32); $admin = $this['option']->get('system:user.registration') == 'approval'; if ($verify = $this['option']->get('system:user.require_verification')) { $user->setActivation($token); } elseif ($admin) { $user->setActivation($token); $user->set('verified', true); } else { $user->setStatus(UserInterface::STATUS_ACTIVE); } $this->users->save($user); if ($verify) { $this->sendVerificationMail($user); $response['success'] = __('Your user account has been created. Complete your registration, by clicking the link provided in the mail that has been sent to you.'); } elseif ($admin) { $this->sendApproveMail($user); $response['success'] = __('Your user account has been created and is pending approval by the site administrator.'); } else { $this->sendWelcomeEmail($user); $response['success'] = __('Your user account has been created.'); } if (!$response['success']) { $response['success'] = true; } if (!$this['request']->isXmlHttpRequest()) { $this['message']->success($response['success']); return $this->redirect('@system/auth/login'); } } catch (Exception $e) { if (!$this['request']->isXmlHttpRequest()) { foreach ($errors as $error) { $this['message']->error($error['message']); } } else { $response['errors'] = $errors; } } return $this['request']->isXmlHttpRequest() ? $response : $this->redirect(count($errors) ? '@system/registration' : '@system/auth/login'); }