/**
* Change the password
*
* @param array $data The user submitted data
* @return SS_HTTPResponse
*/
public function doChangePassword(array $data)
{
if ($member = Member::currentUser()) {
// The user was logged in, check the current password
if (empty($data['OldPassword']) || !$member->checkPassword($data['OldPassword'])->valid()) {
$this->clearMessage();
$this->sessionMessage(_t('Member.ERRORPASSWORDNOTMATCH', "Your current password does not match, please try again"), "bad");
// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
return $this->controller->redirect($this->controller->Link('changepassword'));
}
}
if (!$member) {
if (Session::get('AutoLoginHash')) {
$member = Member::member_from_autologinhash(Session::get('AutoLoginHash'));
}
// The user is not logged in and no valid auto login hash is available
if (!$member) {
Session::clear('AutoLoginHash');
return $this->controller->redirect($this->controller->Link('login'));
}
}
// Check the new password
if (empty($data['NewPassword1'])) {
$this->clearMessage();
$this->sessionMessage(_t('Member.EMPTYNEWPASSWORD', "The new password can't be empty, please try again"), "bad");
// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
return $this->controller->redirect($this->controller->Link('changepassword'));
} else {
if ($data['NewPassword1'] == $data['NewPassword2']) {
$isValid = $member->changePassword($data['NewPassword1']);
if ($isValid->valid()) {
$member->logIn();
// TODO Add confirmation message to login redirect
Session::clear('AutoLoginHash');
// Clear locked out status
$member->LockedOutUntil = null;
$member->FailedLoginCount = null;
$member->write();
if (!empty($_REQUEST['BackURL']) && Director::is_site_url($_REQUEST['BackURL'])) {
$url = Director::absoluteURL($_REQUEST['BackURL']);
return $this->controller->redirect($url);
} else {
// Redirect to default location - the login form saying "You are logged in as..."
$redirectURL = HTTP::setGetVar('BackURL', Director::absoluteBaseURL(), $this->controller->Link('login'));
return $this->controller->redirect($redirectURL);
}
} else {
$this->clearMessage();
$this->sessionMessage(_t('Member.INVALIDNEWPASSWORD', "We couldn't accept that password: {password}", array('password' => nl2br("\n" . $isValid->starredList()))), "bad");
// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
return $this->controller->redirect($this->controller->Link('changepassword'));
}
} else {
$this->clearMessage();
$this->sessionMessage(_t('Member.ERRORNEWPASSWORD', "You have entered your new password differently, try again"), "bad");
// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
return $this->controller->redirect($this->controller->Link('changepassword'));
}
}
}
/**
* @param array $data
* @return SS_HTTPResponse|void
*/
function doChangePassword(array $data)
{
try {
$token = Session::get('AutoLoginHash');
$this->password_manager->changePassword($token, @$data['NewPassword1'], @$data['NewPassword2']);
$member = Member::currentUser();
if (!$member) {
if (empty($token)) {
throw new InvalidResetPasswordTokenException();
}
$member = Member::member_from_autologinhash($token);
}
Session::clear('AutoLoginHash');
$back_url = isset($_REQUEST['BackURL']) ? $_REQUEST['BackURL'] : '/';
return OpenStackIdCommon::loginMember($member, $back_url);
} catch (InvalidResetPasswordTokenException $ex1) {
Session::clear('AutoLoginHash');
Controller::curr()->redirect('login');
} catch (EmptyPasswordException $ex2) {
$this->clearMessage();
$this->sessionMessage(_t('Member.EMPTYNEWPASSWORD', "The new password can't be empty, please try again"), "bad");
Controller::curr()->redirectBack();
} catch (PasswordMismatchException $ex3) {
$this->clearMessage();
$this->sessionMessage(_t('Member.ERRORNEWPASSWORD', "You have entered your new password differently, try again"), "bad");
Controller::curr()->redirectBack();
} catch (InvalidPasswordException $ex4) {
$this->clearMessage();
$this->sessionMessage(sprintf(_t('Member.INVALIDNEWPASSWORD', "We couldn't accept that password: %s"), nl2br("\n" . $ex4->getMessage())), "bad");
Controller::curr()->redirectBack();
}
}
/**
* @param string $token
* @param string $password
* @param string $password_confirmation
* @throws InvalidResetPasswordTokenException
* @throws EmptyPasswordException
* @throws InvalidPasswordException
* @throws PasswordMismatchException
*/
public function changePassword($token, $password, $password_confirmation)
{
$member = Member::currentUser();
if (!$member) {
if (empty($token)) {
throw new InvalidResetPasswordTokenException();
}
$member = Member::member_from_autologinhash($token);
}
if (!$member) {
throw new InvalidResetPasswordTokenException();
}
if (empty($password)) {
throw new EmptyPasswordException();
}
if ($password !== $password_confirmation) {
throw new PasswordMismatchException();
}
$isValid = $member->changePassword($password);
if (!$isValid->valid()) {
throw new InvalidPasswordException($isValid->starredList());
}
//invalidate former auto login token
$member->generateAutologinTokenAndStoreHash();
//send confirmation email
$email = EmailFactory::getInstance()->buildEmail(CHANGE_PASSWORD_EMAIL_FROM, $member->Email, CHANGE_PASSWORD_EMAIL_SUBJECT);
$email->setTemplate('ChangedPasswordEmail');
$email->populateTemplate(array('MemberName' => $member->getFullName()));
$email->send();
}
/**
* Change the password
*
* @param array $data The user submitted data
*/
function doChangePassword(array $data)
{
if ($member = Member::currentUser()) {
// The user was logged in, check the current password
if (empty($data['OldPassword']) || !$member->checkPassword($data['OldPassword'])->valid()) {
$this->clearMessage();
$this->sessionMessage(_t('Member.ERRORPASSWORDNOTMATCH', "Your current password does not match, please try again"), "bad");
Director::redirectBack();
return;
}
}
if (!$member) {
if (Session::get('AutoLoginHash')) {
$member = Member::member_from_autologinhash(Session::get('AutoLoginHash'));
}
// The user is not logged in and no valid auto login hash is available
if (!$member) {
Session::clear('AutoLoginHash');
Director::redirect('loginpage');
return;
}
}
// Check the new password
if (empty($data['NewPassword1'])) {
$this->clearMessage();
$this->sessionMessage(_t('Member.EMPTYNEWPASSWORD', "The new password can't be empty, please try again"), "bad");
Director::redirectBack();
return;
} else {
if ($data['NewPassword1'] == $data['NewPassword2']) {
$isValid = $member->changePassword($data['NewPassword1']);
if ($isValid->valid()) {
$this->clearMessage();
$this->sessionMessage(_t('Member.PASSWORDCHANGED', "Your password has been changed, and a copy emailed to you."), "good");
Session::clear('AutoLoginHash');
if (isset($_REQUEST['BackURL']) && $_REQUEST['BackURL'] && Director::is_site_url($_REQUEST['BackURL'])) {
Director::redirect($_REQUEST['BackURL']);
} else {
// Redirect to default location - the login form saying "You are logged in as..."
$redirectURL = HTTP::setGetVar('BackURL', Director::absoluteBaseURL(), Security::Link('login'));
Director::redirect($redirectURL);
}
} else {
$this->clearMessage();
$this->sessionMessage(sprintf(_t('Member.INVALIDNEWPASSWORD', "We couldn't accept that password: %s"), nl2br("\n" . $isValid->starredList())), "bad");
Director::redirectBack();
}
} else {
$this->clearMessage();
$this->sessionMessage(_t('Member.ERRORNEWPASSWORD', "You have entered your new password differently, try again"), "bad");
Director::redirectBack();
}
}
}
/**
* Change the password
*
* @param array $data The user submitted data
*/
function doChangePassword(array $data)
{
if ($member = Member::currentUser()) {
// The user was logged in, check the current password
if (isset($data['OldPassword']) && $member->checkPassword($data['OldPassword']) == false) {
$this->clearMessage();
$this->sessionMessage(_t('Member.ERRORPASSWORDNOTMATCH', "Your current password does not match, please try again"), "bad");
Director::redirectBack();
return;
}
}
if (!$member) {
if (Session::get('AutoLoginHash')) {
$member = Member::member_from_autologinhash(Session::get('AutoLoginHash'));
}
// The user is not logged in and no valid auto login hash is available
if (!$member) {
Session::clear('AutoLoginHash');
Director::redirect('loginpage');
return;
}
}
// Check the new password
if ($data['NewPassword1'] == $data['NewPassword2']) {
$isValid = $member->changePassword($data['NewPassword1']);
if ($isValid->valid()) {
$this->clearMessage();
$this->sessionMessage(_t('Member.PASSWORDCHANGED', "Your password has been changed, and a copy emailed to you."), "good");
Session::clear('AutoLoginHash');
$redirectURL = HTTP::setGetVar('BackURL', urlencode(Director::absoluteBaseURL()), Security::Link('login'));
Director::redirect($redirectURL);
} else {
$this->clearMessage();
$this->sessionMessage(nl2br("We couldn't accept that password:\n" . $isValid->starredList()), "bad");
Director::redirectBack();
}
} else {
$this->clearMessage();
$this->sessionMessage(_t('Member.ERRORNEWPASSWORD', "Your have entered your new password differently, try again"), "bad");
Director::redirectBack();
}
}
/**
* Show the "change password" page.
* This page can either be called directly by logged-in users
* (in which case they need to provide their old password),
* or through a link emailed through {@link lostpassword()}.
* In this case no old password is required, authentication is ensured
* through the Member.AutoLoginHash property.
*
* @see ChangePasswordForm
*
* @return string Returns the "change password" page as HTML code.
*/
public function changepassword()
{
if (class_exists('SiteTree')) {
$tmpPage = new Page();
$tmpPage->Title = _t('Security.CHANGEPASSWORDHEADER', 'Change your password');
$tmpPage->URLSegment = 'Security';
$tmpPage->ID = -1;
// Set the page ID to -1 so we dont get the top level pages as its children
$controller = new Page_Controller($tmpPage);
$controller->init();
} else {
$controller = $this;
}
// First load with hash: Redirect to same URL without hash to avoid referer leakage
if (isset($_REQUEST['h']) && Member::member_from_autologinhash($_REQUEST['h'])) {
// The auto login hash is valid, store it for the change password form.
// Temporary value, unset in ChangePasswordForm
Session::set('AutoLoginHash', $_REQUEST['h']);
return $this->redirect($this->Link('changepassword'));
// Redirection target after "First load with hash"
} elseif (Session::get('AutoLoginHash')) {
$customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.ENTERNEWPASSWORD', 'Please enter a new password.') . '</p>', 'Form' => $this->ChangePasswordForm()));
} elseif (Member::currentUser()) {
// let a logged in user change his password
$customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.CHANGEPASSWORDBELOW', 'You can change your password below.') . '</p>', 'Form' => $this->ChangePasswordForm()));
} else {
// show an error message if the auto login hash is invalid and the
// user is not logged in
if (isset($_REQUEST['h'])) {
$customisedController = $controller->customise(array('Content' => sprintf(_t('Security.NOTERESETLINKINVALID', '<p>The password reset link is invalid or expired.</p><p>You can request a new one <a href="%s">here</a> or change your password after you <a href="%s">logged in</a>.</p>'), $this->Link('lostpassword'), $this->link('login'))));
} else {
self::permissionFailure($this, _t('Security.ERRORPASSWORDPERMISSION', 'You must be logged in in order to change your password!'));
return;
}
}
return $customisedController->renderWith(array('Security_changepassword', 'Security', $this->stat('template_main'), 'BlankPage'));
}
/**
* Show the "change password" page
*
* @return string Returns the "change password" page as HTML code.
*/
public function changepassword() {
$tmpPage = new Page();
$tmpPage->Title = _t('Security.CHANGEPASSWORDHEADER', 'Change your password');
$tmpPage->URLSegment = 'Security';
$controller = new Page_Controller($tmpPage);
$controller->init();
if(isset($_REQUEST['h']) && Member::member_from_autologinhash($_REQUEST['h'])) {
// The auto login hash is valid, store it for the change password form
Session::set('AutoLoginHash', $_REQUEST['h']);
$customisedController = $controller->customise(array(
'Content' =>
'<p>' .
_t('Security.ENTERNEWPASSWORD', 'Please enter a new password.') .
'</p>',
'Form' => $this->ChangePasswordForm(),
));
} elseif(Member::currentUser()) {
// let a logged in user change his password
$customisedController = $controller->customise(array(
'Content' => '<p>' . _t('Security.CHANGEPASSWORDBELOW', 'You can change your password below.') . '</p>',
'Form' => $this->ChangePasswordForm()));
} else {
// show an error message if the auto login hash is invalid and the
// user is not logged in
if(isset($_REQUEST['h'])) {
$customisedController = $controller->customise(
array('Content' =>
sprintf(
_t('Security.NOTERESETLINKINVALID',
'<p>The password reset link is invalid or expired.</p><p>You can request a new one <a href="%s">here</a> or change your password after you <a href="%s">logged in</a>.</p>'
),
$this->Link('lostpassword'),
$this->link('login')
)
)
);
} else {
self::permissionFailure(
$this,
_t('Security.ERRORPASSWORDPERMISSION', 'You must be logged in in order to change your password!')
);
return;
}
}
//Controller::$currentController = $controller;
return $customisedController->renderWith(array('Security_changepassword', 'Security', $this->stat('template_main')));
}
/**
* Change the password
*
* @param array $data The user submitted data
* @return SS_HTTPResponse
*/
public function doChangePassword(array $data)
{
/**
* @var LDAPService $service
*/
$service = Injector::inst()->get('LDAPService');
if ($member = Member::currentUser()) {
try {
$userData = $service->getUserByGUID($member->GUID);
} catch (Exception $e) {
SS_Log::log($e->getMessage(), SS_Log::ERR);
$this->clearMessage();
$this->sessionMessage(_t('LDAPAuthenticator.NOUSER', 'Your account hasn\'t been setup properly, please contact an administrator.'), 'bad');
return $this->controller->redirect($this->controller->Link('changepassword'));
}
$loginResult = $service->authenticate($userData['samaccountname'], $data['OldPassword']);
if (!$loginResult['success']) {
$this->clearMessage();
$this->sessionMessage(_t('Member.ERRORPASSWORDNOTMATCH', "Your current password does not match, please try again"), "bad");
// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
return $this->controller->redirect($this->controller->Link('changepassword'));
}
}
if (!$member) {
if (Session::get('AutoLoginHash')) {
$member = Member::member_from_autologinhash(Session::get('AutoLoginHash'));
}
// The user is not logged in and no valid auto login hash is available
if (!$member) {
Session::clear('AutoLoginHash');
return $this->controller->redirect($this->controller->Link('login'));
}
}
// Check the new password
if (empty($data['NewPassword1'])) {
$this->clearMessage();
$this->sessionMessage(_t('Member.EMPTYNEWPASSWORD', "The new password can't be empty, please try again"), "bad");
// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
return $this->controller->redirect($this->controller->Link('changepassword'));
} else {
if ($data['NewPassword1'] == $data['NewPassword2']) {
$isValid = $service->setPassword($member, $data['NewPassword1']);
// try to catch connection and other errors that the ldap service can through
if ($isValid->valid()) {
$member->logIn();
Session::clear('AutoLoginHash');
// Clear locked out status
$member->LockedOutUntil = null;
$member->FailedLoginCount = null;
$member->write();
if (!empty($_REQUEST['BackURL']) && Director::is_site_url($_REQUEST['BackURL'])) {
$url = Director::absoluteURL($_REQUEST['BackURL']);
return $this->controller->redirect($url);
} else {
// Redirect to default location - the login form saying "You are logged in as..."
$redirectURL = HTTP::setGetVar('BackURL', Director::absoluteBaseURL(), $this->controller->Link('login'));
return $this->controller->redirect($redirectURL);
}
} else {
$this->clearMessage();
$this->sessionMessage($isValid->message(), "bad");
// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
return $this->controller->redirect($this->controller->Link('changepassword'));
}
} else {
$this->clearMessage();
$this->sessionMessage(_t('Member.ERRORNEWPASSWORD', "You have entered your new password differently, try again"), "bad");
// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
return $this->controller->redirect($this->controller->Link('changepassword'));
}
}
}
