/** * @Route(methods="POST", defaults={"_maintenance" = true}) * @Request({"credentials": "array", "remember_me": "boolean", "redirect": "string"}) */ public function authenticateAction($credentials, $remember = false, $redirect = '') { try { if (!App::csrf()->validate()) { throw new CsrfException(__('Invalid token. Please try again.')); } App::auth()->authorize($user = App::auth()->authenticate($credentials, false)); if (($event = App::auth()->login($user, $remember)) && $event->hasResponse()) { return $event->getResponse(); } if (App::request()->isXmlHttpRequest()) { return App::response()->json(['csrf' => App::csrf()->generate()]); } else { return App::redirect(preg_replace('#(https?:)?//[^/]+#', '', $redirect)); } } catch (CsrfException $e) { if (App::request()->isXmlHttpRequest()) { return App::response()->json(['csrf' => App::csrf()->generate()], 401); } $error = $e->getMessage(); } catch (BadCredentialsException $e) { $error = __('Invalid username or password.'); } catch (AuthException $e) { $error = $e->getMessage(); } if (App::request()->isXmlHttpRequest()) { App::abort(401, $error); } else { App::message()->error($error); return App::redirect(preg_replace('#(https?:)?//[^/]+#', '', App::url()->previous())); } }
/** * @Request({"user", "key"}) */ public function confirmAction($username = "", $activation = "") { if (empty($username) || empty($activation) || !($user = User::where(compact('username', 'activation'))->first())) { return $this->messageView(__('Invalid key.'), $success = false); } if ($user->isBlocked()) { return $this->messageView(__('Your account has not been activated or is blocked.'), $success = false); } $error = ''; if ('POST' === App::request()->getMethod()) { try { if (!App::csrf()->validate()) { throw new Exception(__('Invalid token. Please try again.')); } $password = App::request()->request->get('password'); if (empty($password)) { throw new Exception(__('Enter password.')); } if ($password != trim($password)) { throw new Exception(__('Invalid password.')); } $user->password = App::get('auth.password')->hash($password); $user->activation = null; $user->save(); App::message()->success(__('Your password has been reset.')); return App::redirect('@user/login'); } catch (Exception $e) { $error = $e->getMessage(); } } return ['$view' => ['title' => __('Reset Confirm'), 'name' => 'system/user/reset-confirm.php'], 'username' => $username, 'activation' => $activation, 'error' => $error]; }
/** * @Route(methods="POST", defaults={"_maintenance" = true}) * @Request({"credentials": "array", "_remember_me": "boolean"}) */ public function authenticateAction($credentials, $remember = false) { $isXml = App::request()->isXmlHttpRequest(); try { if (!App::csrf()->validate()) { throw new AuthException(__('Invalid token. Please try again.')); } App::auth()->authorize($user = App::auth()->authenticate($credentials, false)); if (!$isXml) { return App::auth()->login($user, $remember); } else { App::auth()->setUser($user, $remember); return ['success' => true]; } } catch (BadCredentialsException $e) { $error = __('Invalid username or password.'); } catch (AuthException $e) { $error = $e->getMessage(); } if (!$isXml) { App::message()->error($error); return App::redirect(App::url()->previous()); } else { App::abort(400, $error); } }
/** * @Route(methods="POST", defaults={"_maintenance" = true}) * @Request({"credentials": "array"}) */ public function authenticateAction($credentials) { try { if (!App::csrf()->validate()) { throw new AuthException(__('Invalid token. Please try again.')); } App::auth()->authorize($user = App::auth()->authenticate($credentials, false)); return App::auth()->login($user, App::request()->get(Auth::REMEMBER_ME_PARAM)); } catch (BadCredentialsException $e) { App::message()->error(__('Invalid username or password.')); } catch (AuthException $e) { App::message()->error($e->getMessage()); } return App::redirect(App::url()->previous()); }
/** * @Request({"user": "******"}) */ public function registerAction($data) { $message = ''; try { if (App::user()->isAuthenticated() || $this->module->config('registration') == 'admin') { return App::redirect(); } if (!App::csrf()->validate()) { throw new Exception(__('Invalid token. Please try again.')); } $password = @$data['password']; if (trim($password) != $password || strlen($password) < 6) { throw new Exception(__('Password must be 6 characters or longer.')); } $user = User::create(['registered' => new \DateTime(), 'name' => @$data['name'], 'username' => @$data['username'], 'email' => @$data['email'], 'password' => App::get('auth.password')->hash($password), 'status' => User::STATUS_BLOCKED]); $token = App::get('auth.random')->generateString(32); $admin = $this->module->config('registration') == 'approval'; if ($verify = $this->module->config('require_verification')) { $user->activation = $token; } elseif ($admin) { $user->activation = $token; $user->set('verified', true); } else { $user->status = User::STATUS_ACTIVE; } $user->validate(); $user->save(); if ($verify) { $this->sendVerificationMail($user); $message = __('Complete your registration by clicking the link provided in the mail that has been sent to you.'); } elseif ($admin) { $this->sendApproveMail($user); $message = __('Your user account has been created and is pending approval by the site administrator.'); } else { $this->sendWelcomeEmail($user); $message = __('Your user account has been created.'); } } catch (Exception $e) { App::abort(400, $e->getMessage()); } App::message()->success($message); return ['message' => $message, 'redirect' => App::url('@user/login', [], true)]; }