public static function unassign_role($role_id, $user = null) { if (empty($user)) { $user = \Warden::current_user(); } else { if (!is_object($user)) { $user = \Warden\Model_User::find($user); } } if (!$user || !is_object($user)) { throw new \Exception("Cannot assign role to a user that doesn't exist"); } try { if (isset($user->roles[$role_id])) { unset($user->roles[$role_id]); $user->save(); } } catch (\Exception $e) { throw $e; } }
public function action_unlock() { if (!\Access::can('unlock_any_user', $this->user)) { //user must either be editing their own account, or have special privileges to edit someone else's \Response::redirect('/welcome/404'); } $post = \Input::post(); if (empty($post) || empty($post['user_id'])) { //user_id of user to unlock must be posted \Response::redirect('/welcome/404'); } $user_id = $post['user_id']; try { //load the user, assign the new roles and save $user = $user_id == $this->user->id ? $this->user : \Warden\Model_User::find($user_id); if (!$user->is_access_locked()) { throw new Exception('User is not locked.'); } $user->unlock_access(true); Session::set_flash('success', 'User is unlocked.'); } catch (\MongoOrm\ValidationFailed $ex) { Session::set_flash('error', $ex->getMessage()); } catch (Exception $ex) { $msg = $ex->getMessage(); Session::set_flash('error', $msg ? $msg : 'Oops, something went wrong.'); } \Response::redirect('/member/view/' . $user_id); }
public function action_reset_password($token = null) { $post = Input::post(); if (empty($post)) { if ($token) { $this->template->title = 'User » Reset Password'; $this->template->content = View::forge('user/reset_password'); $this->template->content->token = $token; $this->include_client_scripts('jquery_forms'); } else { if ($this->user) { $this->user->send_reset_password_instructions(); Session::set_flash('success', 'An email was sent to you with instructions to reset your password.'); Response::redirect('/member/view'); } else { Response::redirect('/welcome/404'); //page not found } } } else { $validation = Validation::forge(); $validation->add('password', 'Password')->add_rule('required')->add_rule('match_pattern', '#^\\S{8,}$#'); $validation->add('password_confirm', 'Confirm Password')->add_rule('required')->add_rule('match_field', 'password'); $validation->add('token', 'Token')->add_rule('required'); if ($validation->run()) { $success = false; $msg = array(); try { $user = \Warden\Model_User::reset_password_by_token($validation->validated('token'), $validation->validated('password')); if ($user) { $msg[] = $user->username . ', your password has been changed.'; $success = true; } else { $msg[] = 'Invalid token.'; } } catch (\Warden\Failure $ex) { // token has expired (if enabled) $msg[] = $ex->getMessage(); } catch (Exception $ex) { // Server/DB error $msg[] = 'Oops, something went wrong.'; } if ($success) { $msg[] = 'Please login again with your new password.'; \Session::set_flash('success', $msg); Response::redirect('/user/login'); } else { \Session::set_flash('error', $msg); Response::redirect('/welcome'); } } else { //in case client-side validation didn't run, server-side validation will fail as well, so display the errors if that happens $errors = $validation->error(); $error_messages = array(); foreach ($errors as $field => $error) { switch ($field) { case 'password': $error_messages[] = 'Your password must contain at least 8 characters (case-sensitive, no spaces)'; break; default: $error_messages[] = $error->get_message(); } } Session::set_flash('error', $error_messages); } } }