/**
* @auth-groups users
*/
public function saveAction()
{
if (!empty($_POST['password_new'])) {
try {
v::length(6)->check($_POST['password_new']);
} catch (ValidationException $e) {
$this->flasher->error('Please make sure new password is longer than 6 characters!');
}
if ($_POST['password_new'] !== $_POST['password_new_confirm']) {
$this->flasher->error('New password fields were not identical!');
}
if (!Gatekeeper::authenticate(['username' => $this->user->username, 'password' => $_POST['password_old']])) {
$this->flasher->error('Invalid password. Changes ignored.');
} else {
$this->user->password = $_POST['password_new'];
$this->user->save();
$this->flasher->success('Password updated!');
}
}
if ($_POST['firstname'] != '-') {
try {
v::alnum(' ')->check($_POST['firstname']);
$this->user->firstName = $_POST['firstname'];
$this->user->save();
$this->flasher->success('First name changed.');
} catch (ValidationException $e) {
$this->flasher->error('Name contains invalid characters. ' . $e->getMainMessage());
}
}
if ($_POST['lastname'] != '-') {
try {
v::alnum(' ')->check($_POST['lastname']);
$this->user->lastName = $_POST['lastname'];
$this->user->save();
$this->flasher->success('Last name changed.');
} catch (ValidationException $e) {
$this->flasher->error('Last name contains invalid characters. ' . $e->getMainMessage());
}
}
$this->redirect('/account');
}
/**
* Authenticate a user given the username/password credentials
*
* @param array $credentials Credential information (must include "username" and "password")
* @param boolean $remember Flag to activate the "remember me" functionality
* @return boolean Pass/fail of authentication
*/
public static function authenticate(array $credentials, $remember = false)
{
$username = $credentials['username'];
$user = new UserModel(self::$datasource);
$user->findByUsername($username);
self::getLogger()->info('Authenticating user.', array('username' => $username));
// If they're inactive, they can't log in
if ($user->status === UserModel::STATUS_INACTIVE) {
self::getLogger()->error('User is inactive and cannot login.', array('username' => $username));
throw new Exception\UserInactiveException('User "' . $username . '" is inactive and cannot log in.');
}
// Handle some throttle logic, if it's turned on
if (self::$throttleStatus === true) {
// Set up our default throttle restriction
$instance = new \Psecio\Gatekeeper\Restrict\Throttle(array('userId' => $user->id));
self::$restrictions[] = $instance;
}
// Check any restrictions
if (!empty(self::$restrictions)) {
foreach (self::$restrictions as $restriction) {
if ($restriction->evaluate() === false) {
self::getLogger()->error('Restriction failed.', array('restriction' => get_class($restriction)));
throw new Exception\RestrictionFailedException('Restriction ' . get_class($restriction) . ' failed.');
}
}
}
// Verify the password!
$result = password_verify($credentials['password'], $user->password);
if (self::$throttleStatus === true && $result === true) {
self::getLogger()->info('User login verified.', array('username' => $username));
// If throttling is enabled, set the user back to allow
if (isset($instance)) {
$instance->model->allow();
}
$user->updateLastLogin();
if ($remember === true) {
self::getLogger()->info('Activating remember me.', array('username' => $username));
self::rememberMe($user);
}
}
return $result;
}
