/**
* Set new password for current user.
*
* @since 2.0.0
* @access public
*/
public function password()
{
$this->permission('Garden.SignIn.Allow');
// Don't allow password editing if using SSO Connect ONLY.
// This is for security. We encountered the case where a customer charges
// for membership using their external application and use SSO to let
// their customers into Vanilla. If you allow those people to change their
// password in Vanilla, they will then be able to log into Vanilla using
// Vanilla's login form regardless of the state of their membership in the
// external app.
if (c('Garden.Registration.Method') == 'Connect') {
Gdn::dispatcher()->dispatch('DefaultPermission');
exit;
}
Gdn::userModel()->addPasswordStrength($this);
// Get user data and set up form
$this->getUserInfo();
$this->Form->setModel($this->UserModel);
$this->addDefinition('Username', $this->User->Name);
if ($this->Form->authenticatedPostBack() === true) {
$this->Form->setFormValue('UserID', $this->User->UserID);
$this->UserModel->defineSchema();
// $this->UserModel->Validation->AddValidationField('OldPassword', $this->Form->formValues());
// No password may have been set if they have only signed in with a connect plugin
if (!$this->User->HashMethod || $this->User->HashMethod == "Vanilla") {
$this->UserModel->Validation->applyRule('OldPassword', 'Required');
$this->UserModel->Validation->applyRule('OldPassword', 'OldPassword', 'Your old password was incorrect.');
}
$this->UserModel->Validation->applyRule('Password', 'Required');
$this->UserModel->Validation->applyRule('Password', 'Strength');
$this->UserModel->Validation->applyRule('Password', 'Match');
if ($this->Form->save()) {
$this->informMessage(sprite('Check', 'InformSprite') . t('Your password has been changed.'), 'Dismissable AutoDismiss HasSprite');
$this->Form->clearInputs();
Logger::event('password_change', Logger::INFO, '{InsertName} changed password.');
} else {
Logger::event('password_change_failure', Logger::INFO, '{InsertName} failed to change password.', array('Error' => $this->Form->errorString()));
}
}
$this->title(t('Change My Password'));
$this->_setBreadcrumbs(t('Change My Password'), '/profile/password');
$this->render();
}
/**
*
*
* @param bool $UserID
* @throws Exception
* @throws Gdn_UserException
*/
public function sso($UserID = false)
{
$this->permission('Garden.Users.Edit');
$ProviderModel = new Gdn_AuthenticationProviderModel();
$Form = new Gdn_Form();
if ($this->Request->isAuthenticatedPostBack()) {
// Make sure everything has been posted.
$Form->validateRule('ClientID', 'ValidateRequired');
$Form->validateRule('UniqueID', 'ValidateRequired');
if (!validateRequired($Form->getFormValue('Username')) && !validateRequired($Form->getFormValue('Email'))) {
$Form->addError('Username or Email is required.');
}
$Provider = $ProviderModel->getProviderByKey($Form->getFormValue('ClientID'));
if (!$Provider) {
$Form->addError(sprintf('%1$s "%2$s" not found.', t('Provider'), $Form->getFormValue('ClientID')));
}
if ($Form->errorCount() > 0) {
throw new Gdn_UserException($Form->errorString());
}
// Grab the user.
$User = false;
if ($Email = $Form->getFormValue('Email')) {
$User = Gdn::userModel()->GetByEmail($Email);
}
if (!$User && ($Username = $Form->getFormValue('Username'))) {
$User = Gdn::userModel()->GetByUsername($Username);
}
if (!$User) {
throw new Gdn_UserException(sprintf(t('User not found.'), strtolower(t(UserModel::SigninLabelCode()))), 404);
}
// Validate the user's password.
$PasswordHash = new Gdn_PasswordHash();
$Password = $this->Form->getFormValue('Password', null);
if ($Password !== null && !$PasswordHash->CheckPassword($Password, val('Password', $User), val('HashMethod', $User))) {
throw new Gdn_UserException(t('Invalid password.'), 401);
}
// Okay. We've gotten this far. Let's save the authentication.
$User = (array) $User;
Gdn::userModel()->saveAuthentication(array('UserID' => $User['UserID'], 'Provider' => $Form->getFormValue('ClientID'), 'UniqueID' => $Form->getFormValue('UniqueID')));
$Row = Gdn::userModel()->getAuthentication($Form->getFormValue('UniqueID'), $Form->getFormValue('ClientID'));
if ($Row) {
$this->setData('Result', $Row);
} else {
throw new Gdn_UserException(t('There was an error saving the data.'));
}
} else {
$User = Gdn::userModel()->getID($UserID);
if (!$User) {
throw notFoundException('User');
}
$Result = Gdn::sql()->select('ua.ProviderKey', '', 'ClientID')->select('ua.ForeignUserKey', '', 'UniqueID')->select('ua.UserID')->select('p.Name')->select('p.AuthenticationSchemeAlias', '', 'Type')->from('UserAuthentication ua')->join('UserAuthenticationProvider p', 'ua.ProviderKey = p.AuthenticationKey')->where('UserID', $UserID)->get()->resultArray();
$this->setData('Result', $Result);
}
$this->render('Blank', 'Utility', 'Dashboard');
}
/**
* Mobile Themes management screen.
*
* @since 2.2.10.3
* @access public
* @param string $ThemeName Unique ID.
* @param string $TransientKey Security token.
*/
public function mobileThemes($ThemeName = '', $TransientKey = '')
{
$IsMobile = true;
$this->addJsFile('addons.js');
$this->addJsFile('addons.js');
$this->setData('Title', t('Mobile Themes'));
$this->permission('Garden.Settings.Manage');
$this->addSideMenu('dashboard/settings/mobilethemes');
// Get currently enabled theme.
$EnabledThemeName = Gdn::ThemeManager()->MobileTheme();
$ThemeInfo = Gdn::themeManager()->getThemeInfo($EnabledThemeName);
$this->setData('EnabledThemeInfo', $ThemeInfo);
$this->setData('EnabledThemeFolder', val('Folder', $ThemeInfo));
$this->setData('EnabledTheme', $ThemeInfo);
$this->setData('EnabledThemeName', val('Name', $ThemeInfo, val('Index', $ThemeInfo)));
// Get all themes.
$Themes = Gdn::themeManager()->availableThemes();
// Filter themes.
foreach ($Themes as $ThemeKey => $ThemeData) {
// Only show mobile themes.
if (empty($ThemeData['IsMobile'])) {
unset($Themes[$ThemeKey]);
}
// Remove themes that are archived
if (!empty($ThemeData['Archived'])) {
unset($Themes[$ThemeKey]);
}
}
uasort($Themes, array('SettingsController', '_NameSort'));
$this->setData('AvailableThemes', $Themes);
// Process self-post.
if ($ThemeName != '' && Gdn::session()->validateTransientKey($TransientKey)) {
try {
$ThemeInfo = Gdn::themeManager()->getThemeInfo($ThemeName);
if ($ThemeInfo === false) {
throw new Exception(sprintf(t("Could not find a theme identified by '%s'"), $ThemeName));
}
Gdn::session()->setPreference(array('PreviewThemeName' => '', 'PreviewThemeFolder' => ''));
// Clear out the preview
Gdn::themeManager()->enableTheme($ThemeName, $IsMobile);
$this->EventArguments['ThemeName'] = $ThemeName;
$this->EventArguments['ThemeInfo'] = $ThemeInfo;
$this->fireEvent('AfterEnableTheme');
} catch (Exception $Ex) {
$this->Form->addError($Ex);
}
$AsyncRequest = $this->deliveryType() === DELIVERY_TYPE_VIEW ? true : false;
if ($this->Form->errorCount() == 0) {
if ($AsyncRequest) {
echo 'Success';
$this->render('Blank', 'Utility', 'Dashboard');
exit;
} else {
redirect('/settings/mobilethemes');
}
} else {
if ($AsyncRequest) {
echo $this->Form->errorString();
$this->render('Blank', 'Utility', 'Dashboard');
exit;
}
}
}
$this->render();
}
