public function index($user_id = 0) { // Set messages to display on the login page for the user $message = FALSE; $message_class = 'login_error'; $auth = Auth::instance(); // If already logged in redirect to user account page $insufficient_role = FALSE; if ($auth->logged_in()) { // Redirect users to the relevant dashboard if ($auth->logged_in('login')) { url::redirect($auth->get_user()->dashboard()); } $insufficient_role = TRUE; $message_class = 'login_error'; $message = Kohana::lang('ui_main.insufficient_role'); } // setup and initialize form field names $form = array('action' => '', 'username' => '', 'password' => '', 'password_again' => '', 'name' => '', 'email' => '', 'resetemail' => '', 'confirmation_email' => ''); // copy the form as errors, so the errors will be stored with keys corresponding to the form field names $errors = $form; $form_error = FALSE; $openid_error = FALSE; $success = FALSE; $change_pw_success = FALSE; $new_confirm_email_form = FALSE; $action = isset($_POST["action"]) ? $_POST["action"] : ""; // Override success variable if change_pw_success GET var is set if (isset($_GET["change_pw_success"])) { $change_pw_success = TRUE; $message_class = 'login_success'; $message = Kohana::lang('ui_main.password_changed_successfully'); } // Show send new confirm email form if (isset($_GET["new_confirm_email"])) { $new_confirm_email_form = TRUE; $message_class = 'login_error'; $message = Kohana::lang('ui_main.must_confirm_email_address'); } // Show send new confirm email form if (isset($_GET["confirmation_failure"])) { $new_confirm_email_form = TRUE; $message_class = 'login_error'; $message = Kohana::lang('ui_main.confirm_email_failed'); } // Show that confirming the email address was a success if (isset($_GET["confirmation_success"])) { $message_class = 'login_success'; $message = Kohana::lang('ui_main.confirm_email_successful'); } // Is this a password reset request? We need to show the password reset form if it is if (isset($_GET["reset"])) { $this->template->token = $this->uri->segment(4); $this->template->changeid = $this->uri->segment(3); } // Regular Form Post for Signin // check, has the form been submitted, if so, setup validation if ($_POST and isset($_POST["action"]) and $_POST["action"] == "signin") { // START: Signin Process $post = Validation::factory($_POST); $post->pre_filter('trim'); $post->add_rules('username', 'required'); $post->add_rules('password', 'required'); if ($post->validate(FALSE)) { // Sanitize $_POST data removing all inputs without rules $postdata_array = $post->safe_array(); // Flip this flag to flase to skip the login $valid_login = TRUE; // Load the user $user = ORM::factory('user', $postdata_array['username']); $remember = isset($post->remember) ? TRUE : FALSE; // Allow a login with username or email address, but we need to figure out which is // which so we can pass the appropriate variable on login. Mostly used for RiverID $email = $postdata_array['username']; if (valid::email($email) == FALSE) { // Invalid Email, we need to grab it from the user account instead $email = $user->email; if (valid::email($email) == FALSE and kohana::config('riverid.enable') == TRUE) { // We don't have any valid email for this user. // Only skip login if we are authenticating with RiverID. $valid_login = FALSE; } } // Auth Login requires catching exceptions to properly show errors try { $login = $auth->login($user, $postdata_array['password'], $remember, $email); // Attempt a login if ($login and $valid_login) { // Action::user_login - User Logged In Event::run('ushahidi_action.user_login', $user); // Exists Redirect to Dashboard url::redirect($user->dashboard()); } else { // If user isn't confirmed, redirect to resend confirmation page if (Kohana::config('settings.require_email_confirmation') and ORM::factory('user', $user)->confirmed == 0) { url::redirect("login?new_confirm_email"); } // Generic Error if exception not passed $post->add_error('password', 'login error'); } } catch (Exception $e) { $error_message = $e->getMessage(); // We use a "custom" message because of RiverID. $post->add_error('password', $error_message); } // repopulate the form fields $form = arr::overwrite($form, $post->as_array()); // populate the error fields, if any // We need to already have created an error message file, for Kohana to use // Pass the error message file name to the errors() method $errors = arr::merge($errors, $post->errors('auth')); $form_error = TRUE; } else { // repopulate the form fields $form = arr::overwrite($form, $post->as_array()); // populate the error fields, if any // We need to already have created an error message file, for Kohana to use // Pass the error message file name to the errors() method $errors = arr::merge($errors, $post->errors('auth')); $form_error = TRUE; } // END: Signin Process } elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "new") { // START: New User Process $post = Validation::factory($_POST); // Add some filters $post->pre_filter('trim', TRUE); $post->add_rules('password', 'required', 'length[' . kohana::config('auth.password_length') . ']', 'alpha_dash'); $post->add_rules('name', 'required', 'length[3,100]'); $post->add_rules('email', 'required', 'email', 'length[4,64]'); $post->add_callbacks('username', array($this, 'username_exists_chk')); $post->add_callbacks('email', array($this, 'email_exists_chk')); // If Password field is not blank if (!empty($post->password)) { $post->add_rules('password', 'required', 'length[' . kohana::config('auth.password_length') . ']', 'alpha_dash', 'matches[password_again]'); } //pass the post object to any plugins that care to know. Event::run('ushahidi_action.users_add_login_form', $post); if ($post->validate()) { $riverid_id = false; if (kohana::config('riverid.enable') == true) { $riverid = new RiverID(); $riverid->email = $post->email; $riverid->password = $post->password; $riverid->register(); $riverid_id = $riverid->user_id; } $user = User_Model::create_user($post->email, $post->password, $riverid_id, $post->name); //pass the new user on to any plugins that care to know Event::run('ushahidi_action.user_edit', $user); // Send Confirmation email $email_sent = $this->_send_email_confirmation($user); if ($email_sent) { $message_class = 'login_success'; $message = Kohana::lang('ui_main.login_confirmation_sent'); } else { $message_class = 'login_success'; $message = Kohana::lang('ui_main.login_account_creation_successful'); } $success = TRUE; $action = ""; } else { // repopulate the form fields $form = arr::overwrite($form, $post->as_array()); // populate the error fields, if any $errors = arr::merge($errors, $post->errors('auth')); $form_error = TRUE; } // END: New User Process } elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "forgot") { // START: Forgot Password Process $post = Validation::factory($_POST); // Add some filters $post->pre_filter('trim', TRUE); $post->add_callbacks('resetemail', array($this, 'email_exists_chk')); if ($post->validate()) { $user = ORM::factory('user', $post->resetemail); // Existing User?? if ($user->loaded) { $email_sent = FALSE; // Determine which reset method to use. The options are to use the RiverID server // or to use the normal method which just resets the password locally. if (Kohana::config('riverid.enable') == TRUE and !empty($user->riverid)) { // Reset on RiverID Server $secret_link = url::site('login/index/' . $user->id . '/%token%?reset'); $message = $this->_email_resetlink_message($user->name, $secret_link); $riverid = new RiverID(); $riverid->email = $post->resetemail; $email_sent = $riverid->requestpassword($message); } else { // Reset locally $secret = $user->forgot_password_token(); $secret_link = url::site('login/index/' . $user->id . '/' . urlencode($secret) . '?reset'); $email_sent = $this->_email_resetlink($post->resetemail, $user->name, $secret_link); } if ($email_sent == TRUE) { $message_class = 'login_success'; $message = Kohana::lang('ui_main.login_confirmation_sent'); } else { $message_class = 'login_error'; $message = Kohana::lang('ui_main.unable_send_email'); } $success = TRUE; $action = ""; } } else { // repopulate the form fields $form = arr::overwrite($form, $post->as_array()); // populate the error fields, if any $errors = arr::merge($errors, $post->errors('auth')); $form_error = TRUE; } // END: Forgot Password Process } elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "changepass") { // START: Password Change Process $post = Validation::factory($_POST); // Add some filters $post->pre_filter('trim', TRUE); $post->add_rules('token', 'required'); $post->add_rules('changeid', 'required'); $post->add_rules('password', 'required', 'length[' . Kohana::config('auth.password_length') . ']', 'alpha_dash'); $post->add_rules('password', 'required', 'length[' . Kohana::config('auth.password_length') . ']', 'alpha_dash', 'matches[password_again]'); if ($post->validate()) { $success = $this->_new_password($post->changeid, $post->password, $post->token); if ($success == TRUE) { // We don't need to see this page anymore if we were successful. We want to go // to the login form and let the user know that they were successful at // changing their password url::redirect("login?change_pw_success"); exit; } $post->add_error('token', 'invalid'); // repopulate the form fields $form = arr::overwrite($form, $post->as_array()); // populate the error fields, if any $errors = arr::merge($errors, $post->errors('auth')); $form_error = TRUE; } else { // repopulate the form fields $form = arr::overwrite($form, $post->as_array()); // populate the error fields, if any $errors = arr::merge($errors, $post->errors('auth')); $form_error = TRUE; } // END: Password Change Process } elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "resend_confirmation") { // START: Confirmation Email Resend Process $post = Validation::factory($_POST); // Add some filters $post->pre_filter('trim', TRUE); $post->add_callbacks('confirmation_email', array($this, 'email_exists_chk')); if ($post->validate()) { $user = ORM::factory('user', $post->confirmation_email); if ($user->loaded) { // Send Confirmation email $email_sent = $this->_send_email_confirmation($user); if ($email_sent) { $message_class = 'login_success'; $message = Kohana::lang('ui_main.login_confirmation_sent'); $success = TRUE; } else { $message_class = 'login_error'; $message = Kohana::lang('ui_main.unable_send_email'); $success = FALSE; } } else { // ERROR: User doesn't exist $message_class = 'login_error'; $message = Kohana::lang('ui_main.login_email_doesnt_exist'); $success = FALSE; } } else { // repopulate the form fields $form = arr::overwrite($form, $post->as_array()); // populate the error fields, if any $errors = arr::merge($errors, $post->errors('auth')); $form_error = TRUE; } } // Only if we allow OpenID, should we even try this if (Kohana::config('config.allow_openid') == TRUE) { // START: OpenID Shenanigans // OpenID Post try { $openid = new OpenID(); // Retrieve the Name (if available) and Email $openid->required = array("namePerson", "contact/email"); if (!$openid->mode) { if (isset($_POST["openid_identifier"])) { $openid->identity = $_POST["openid_identifier"]; header("Location: " . $openid->authUrl()); } } elseif ($openid->mode == "cancel") { $openid_error = TRUE; $message_class = 'login_error'; $message = "You have canceled authentication!"; } else { if ($openid->validate()) { // Does User Exist? $openid_user = ORM::factory("openid")->where("openid", $openid->identity)->find(); if ($openid_user->loaded and $openid_user->user) { // First log all other sessions out $auth->logout(); // Initiate Ushahidi side login + AutoLogin $auth->force_login($openid_user->user->username); // Exists Redirect to Dashboard url::redirect($user->dashboard()); } else { // Does this openid have the required email?? $new_openid = $openid->getAttributes(); if (!isset($new_openid["contact/email"]) or empty($new_openid["contact/email"])) { $openid_error = TRUE; $message_class = 'login_error'; $message = $openid->identity . " has not been logged in. No Email Address Found."; } else { // Create new User and save OpenID $user = ORM::factory("user"); // But first... does this email address already exist // in the system? if ($user->email_exists($new_openid["contact/email"])) { $openid_error = TRUE; $message_class = 'login_error'; $message = $new_openid["contact/email"] . " is already registered in our system."; } else { $username = "******" . time(); // Random User Name from TimeStamp - can be changed later $password = text::random("alnum", 16); // Create Random Strong Password // Name Available? $user->name = (isset($new_openid["namePerson"]) and !empty($new_openid["namePerson"])) ? $new_openid["namePerson"] : $username; $user->username = $username; $user->password = $password; $user->email = $new_openid["contact/email"]; // Add New Roles $user->add(ORM::factory('role', 'login')); $user->add(ORM::factory('role', 'member')); $user->save(); // Save OpenID and Association $openid_user->user_id = $user->id; $openid_user->openid = $openid->identity; $openid_user->openid_email = $new_openid["contact/email"]; $openid_user->openid_server = $openid->server; $openid_user->openid_date = date("Y-m-d H:i:s"); $openid_user->save(); // Initiate Ushahidi side login + AutoLogin $auth->login($username, $password, TRUE); // Redirect to Dashboard url::redirect($user->dashboard()); } } } } else { $openid_error = TRUE; $message_class = 'login_error'; $message = $openid->identity . "has not been logged in."; } } } catch (ErrorException $e) { $openid_error = TRUE; $message_class = 'login_error'; $message = $e->getMessage(); } // END: OpenID Shenanigans } // Set the little badge under the form informing users that their logins are being managed // by an external service. $this->template->riverid_information = ''; if (kohana::config('riverid.enable') == TRUE) { $riverid = new RiverID(); $this->template->riverid_information = Kohana::lang('ui_main.riverid_information', $riverid->name); $this->template->riverid_url = $riverid->url; } $this->template->errors = $errors; $this->template->success = $success; $this->template->change_pw_success = $change_pw_success; $this->template->form = $form; $this->template->form_error = $form_error; $this->template->new_confirm_email_form = $new_confirm_email_form; // Message to user $this->template->message_class = $message_class; $this->template->message = $message; // This just means the user isn't a member or an admin, so they have nowhere to go, but they are logged in. $this->template->insufficient_role = $insufficient_role; $this->template->site_name = Kohana::config('settings.site_name'); $this->template->site_tagline = Kohana::config('settings.site_tagline'); // Javascript Header $this->template->js = new View('login/login_js'); $this->template->js->action = $action; // Header Nav $header_nav = new View('header_nav'); $this->template->header_nav = $header_nav; $this->template->header_nav->loggedin_user = FALSE; if (isset(Auth::instance()->get_user()->id)) { // Load User $this->template->header_nav->loggedin_role = Auth::instance()->get_user()->dashboard(); $this->template->header_nav->loggedin_user = Auth::instance()->get_user(); } $this->template->header_nav->site_name = Kohana::config('settings.site_name'); }
public function index($user_id = 0) { $auth = Auth::instance(); // If already logged in redirect to user account page // Otherwise attempt to auto login if autologin cookie can be found // (Set when user previously logged in and ticked 'stay logged in') if ($auth->logged_in() or $auth->auto_login()) { if ($user = Session::instance()->get('auth_user', FALSE) and $auth->logged_in('member')) { url::redirect('members/dashboard'); } } // setup and initialize form field names $form = array('action' => '', 'username' => '', 'password' => '', 'password_again' => '', 'name' => '', 'email' => '', 'resetemail' => ''); // copy the form as errors, so the errors will be stored with keys corresponding to the form field names $errors = $form; $form_error = FALSE; $openid_error = FALSE; $success = FALSE; $action = isset($_POST["action"]) ? $_POST["action"] : ""; // Is this a password reset request? if (isset($_GET["reset"])) { $this->_new_password($user_id, $this->uri->segment(5)); $success = TRUE; } // Regular Form Post for Signin // check, has the form been submitted, if so, setup validation if ($_POST and isset($_POST["action"]) and $_POST["action"] == "signin") { $post = Validation::factory($_POST); $post->pre_filter('trim'); $post->add_rules('username', 'required'); $post->add_rules('password', 'required'); if ($post->validate()) { // Sanitize $_POST data removing all inputs without rules $postdata_array = $post->safe_array(); // Load the user $user = ORM::factory('user', $postdata_array['username']); // If no user with that username found if (!$user->id) { $post->add_error('username', 'login error'); } else { $remember = isset($post->remember) ? TRUE : FALSE; // Attempt a login if ($auth->login($user, $postdata_array['password'], $remember)) { // Exists Redirect to Dashboard url::redirect("members/dashboard"); } else { $post->add_error('password', 'login error'); } } // repopulate the form fields $form = arr::overwrite($form, $post->as_array()); // populate the error fields, if any // We need to already have created an error message file, for Kohana to use // Pass the error message file name to the errors() method $errors = arr::overwrite($errors, $post->errors('auth')); $form_error = TRUE; } else { // repopulate the form fields $form = arr::overwrite($form, $post->as_array()); // populate the error fields, if any // We need to already have created an error message file, for Kohana to use // Pass the error message file name to the errors() method $errors = arr::overwrite($errors, $post->errors('auth')); $form_error = TRUE; } } elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "new") { $post = Validation::factory($_POST); // Add some filters $post->pre_filter('trim', TRUE); $post->add_rules('username', 'required', 'length[3,16]', 'alpha_numeric'); $post->add_rules('password', 'required', 'length[5,30]', 'alpha_numeric'); $post->add_rules('name', 'required', 'length[3,100]'); $post->add_rules('email', 'required', 'email', 'length[4,64]'); $post->add_callbacks('username', array($this, 'username_exists_chk')); $post->add_callbacks('email', array($this, 'email_exists_chk')); // If Password field is not blank if (!empty($post->password)) { $post->add_rules('password', 'required', 'length[5,16]', 'alpha_numeric', 'matches[password_again]'); } if ($post->validate()) { $user = ORM::factory('user'); $user->name = $post->name; $user->email = $post->email; $user->username = $post->username; $user->password = $post->password; // Add New Roles $user->add(ORM::factory('role', 'login')); $user->add(ORM::factory('role', 'member')); $user->save(); // Send Confirmation email $this->_send_email_confirmation($user); $success = TRUE; $action = ""; } else { // repopulate the form fields $form = arr::overwrite($form, $post->as_array()); // populate the error fields, if any $errors = arr::overwrite($errors, $post->errors('auth')); $form_error = TRUE; } } elseif ($_POST and isset($_POST["action"]) and $_POST["action"] == "forgot") { $post = Validation::factory($_POST); // Add some filters $post->pre_filter('trim', TRUE); $post->add_callbacks('resetemail', array($this, 'email_exists_chk')); if ($post->validate()) { $user = ORM::factory('user', $post->resetemail); // Existing User?? if ($user->loaded == true) { // Secret consists of email and the last_login field. // So as soon as the user logs in again, // the reset link expires automatically. $secret = $auth->hash_password($user->email . $user->last_login); $secret_link = url::site('members/login/index/' . $user->id . '/' . $secret . "?reset"); $details_sent = $this->_email_resetlink($post->resetemail, $user->name, $secret_link); if ($details_sent) { $password_reset = TRUE; } $success = TRUE; $action = ""; } } else { // repopulate the form fields $form = arr::overwrite($form, $post->as_array()); // populate the error fields, if any $errors = arr::overwrite($errors, $post->errors('auth')); $form_error = TRUE; } } // OpenID Post try { $openid = new OpenID(); // Retrieve the Name (if available) and Email $openid->required = array("namePerson", "contact/email"); if (!$openid->mode) { if (isset($_POST["openid_identifier"])) { $openid->identity = $_POST["openid_identifier"]; header("Location: " . $openid->authUrl()); } } elseif ($openid->mode == "cancel") { $openid_error = "You have canceled authentication!"; } else { if ($openid->validate()) { // Does User Exist? $openid_user = ORM::factory("openid")->where("openid", $openid->identity)->find(); if ($openid_user->loaded and $openid_user->user) { // First log all other sessions out $auth->logout(); // Initiate Ushahidi side login + AutoLogin $auth->force_login($openid_user->user->username); // Exists Redirect to Dashboard url::redirect("members/dashboard"); } else { // Does this openid have the required email?? $new_openid = $openid->getAttributes(); if (!isset($new_openid["contact/email"]) or empty($new_openid["contact/email"])) { $openid_error = $openid->identity . " has not been logged in. No Email Address Found."; } else { // Create new User and save OpenID $user = ORM::factory("user"); // But first... does this email address already exist // in the system? if ($user->email_exists($new_openid["contact/email"])) { $openid_error = $new_openid["contact/email"] . " is already registered in our system."; } else { $username = "******" . time(); // Random User Name from TimeStamp - can be changed later $password = text::random("alnum", 16); // Create Random Strong Password // Name Available? $user->name = (isset($new_openid["namePerson"]) and !empty($new_openid["namePerson"])) ? $new_openid["namePerson"] : $username; $user->username = $username; $user->password = $password; $user->email = $new_openid["contact/email"]; // Add New Roles $user->add(ORM::factory('role', 'login')); $user->add(ORM::factory('role', 'member')); $user->save(); // Save OpenID and Association $openid_user->user_id = $user->id; $openid_user->openid = $openid->identity; $openid_user->openid_email = $new_openid["contact/email"]; $openid_user->openid_server = $openid->server; $openid_user->openid_date = date("Y-m-d H:i:s"); $openid_user->save(); // Initiate Ushahidi side login + AutoLogin $auth->login($username, $password, TRUE); // Redirect to Dashboard url::redirect("members/dashboard"); } } } } else { $openid_error = $openid->identity . "has not been logged in."; } } } catch (ErrorException $e) { $openid_error = $e->getMessage(); } $this->template->errors = $errors; $this->template->success = $success; $this->template->form = $form; $this->template->form_error = $form_error; $this->template->openid_error = $openid_error; $this->template->site_name = Kohana::config('settings.site_name'); $this->template->site_tagline = Kohana::config('settings.site_tagline'); // Javascript Header $this->template->js = new View('members/login_js'); $this->template->js->action = $action; }