/** * @Request({"user", "key"}) * @Response("extension://system/views/user/reset/confirm.razr") */ public function confirmAction($username = "", $activation = "") { if (empty($username) or empty($activation) or !($user = $this->users->where(compact('username', 'activation'))->first())) { $this['message']->error(__('Invalid key.')); return $this->redirect('/'); } if ($user->isBlocked()) { $this['message']->error(__('Your account has not been activated or is blocked.')); return $this->redirect('/'); } if ('POST' === $this['request']->getMethod()) { try { if (!$this['csrf']->validate($this['request']->request->get('_csrf'))) { throw new Exception(__('Invalid token. Please try again.')); } $password = $this['request']->request->get('password'); if (empty($password)) { throw new Exception(__('Enter password.')); } if ($password != trim($password)) { throw new Exception(__('Invalid password.')); } $user->setPassword($this['auth.password']->hash($password)); $user->setActivation(null); $this->users->save($user); $this['message']->success(__('Your password has been reset.')); return $this->redirect('/'); } catch (Exception $e) { $this['message']->error($e->getMessage()); } } return ['head.title' => __('Reset Confirm'), 'username' => $username, 'activation' => $activation]; }
/** * @Request({"user": "******"}, csrf=true) */ public function saveAction($data) { if (!$this->user->isAuthenticated()) { $this->getApplication()->abort(404); } try { $user = $this->users->find($this->user->getId()); $name = trim(@$data['name']); $email = trim(@$data['email']); $passNew = @$data['password_new']; $passOld = @$data['password_old']; if (strlen($name) < 3) { throw new Exception(__('Name is invalid.')); } if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { throw new Exception(__('Email is invalid.')); } if ($this->users->where(['email = ?', 'id <> ?'], [$email, $user->getId()])->first()) { throw new Exception(__('Email not available.')); } if ($passNew) { if (!$this['auth']->getUserProvider()->validateCredentials($this->user, ['password' => $passOld])) { throw new Exception(__('Invalid Password.')); } if (trim($passNew) != $passNew || strlen($passNew) < 3) { throw new Exception(__('New Password is invalid.')); } $user->setPassword($this['auth.password']->hash($passNew)); } if ($email != $user->getEmail()) { $user->set('verified', false); } $user->setName($name); $user->setEmail($email); $this['events']->dispatch('system.user.profile.save', new ProfileSaveEvent($user, $data)); $this->users->save($user); $this['events']->dispatch('system.user.profile.saved', new ProfileSaveEvent($user, $data)); $this['message']->success(__('Profile updated.')); } catch (Exception $e) { $this['message']->error($e->getMessage()); } return $this->redirect('@system/profile'); }
/** * @Request({"id": "int"}) * @Response("extension://blog/views/admin/post/edit.razr") */ public function editAction($id) { try { if (!($post = $this->posts->query()->where(compact('id'))->related('user')->first())) { throw new Exception(__('Invalid post id.')); } } catch (Exception $e) { $this['message']->error($e->getMessage()); return $this->redirect('@blog/post'); } return ['head.title' => __('Edit Post'), 'post' => $post, 'statuses' => Post::getStatuses(), 'roles' => $this->roles->findAll(), 'users' => $this->users->findAll()]; }
/** * @Request({"status": "int", "ids": "int[]"}, csrf=true) * @Response("json") */ public function statusAction($status, $ids = []) { if ($status == User::STATUS_BLOCKED && in_array($this->user->getId(), $ids)) { return ['message' => __('Unable to block yourself.'), 'error' => true]; } foreach ($ids as $id) { if ($user = $this->users->find($id)) { $user->setActivation(''); if ($status != $user->getStatus()) { $this->users->save($user, compact('status')); } } } if ($status == User::STATUS_BLOCKED) { $message = _c('{1} User blocked.|]1,Inf[ Users blocked.', count($ids)); } else { $message = _c('{1} User activated.|]1,Inf[ Users activated.', count($ids)); } return ['message' => $message]; }
/** * @Request({"user", "key"}) */ public function activateAction($username, $activation) { if (empty($username) or empty($activation) or !($user = $this->users->where(['username' => $username, 'activation' => $activation, 'status' => UserInterface::STATUS_BLOCKED, 'access IS NULL'])->first())) { $this['message']->error(__('Invalid key.')); return $this->redirect('/'); } if ($admin = $this['option']->get('system:user.registration') == 'approval' and !$user->get('verified')) { $user->setActivation($this['auth.random']->generateString(32)); $this->sendApproveMail($user); $this['message']->success(__('Your email has been verified. Once an administrator approves your account, you will be notified by email.')); } else { $user->set('verified', true); $user->setStatus(UserInterface::STATUS_ACTIVE); $user->setActivation(''); $this->sendWelcomeEmail($user); if ($admin) { $this['message']->success(__('The user\'s account has been activated and the user has been notified about it.')); } else { $this['message']->success(__('Your account has been activated.')); } } $this->users->save($user); return $this->redirect('@system/auth/login'); }