/** * */ public function forgotPassword($data) { $SQL_data = Convert::raw2sql($data); $SQL_email = $SQL_data['Email']; $member = DataObject::get_one('Member', "\"Email\" = '{$SQL_email}'"); $backUrlString = ''; if (isset($data['BackURL']) && ($backURL = $data['BackURL'])) { $backUrlString = '?BackURL=' . $backURL; } if ($member) { $token = $member->generateAutologinTokenAndStoreHash(); $e = Member_ForgotPasswordEmail::create(); $e->populateTemplate($member); $e->populateTemplate(array('PasswordResetLink' => AdminSecurity::getPasswordResetLink($member, $token))); $e->setTo($member->Email); $e->send(); $this->controller->redirect('AdminSecurity/passwordsent/' . urlencode($data['Email'])); } elseif ($data['Email']) { // Avoid information disclosure by displaying the same status, // regardless wether the email address actually exists $this->controller->redirect('AdminSecurity/passwordsent/' . urlencode($data['Email'])); } else { $this->sessionMessage(_t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'), 'bad'); $this->controller->redirect('AdminSecurity/lostpassword'); } }
/** * Method for allowing a user to reset their password * @param {stdClass} $data Data passed from ActionScript * @return {array} Returns a standard response array */ public function lostPassword($data) { $response = CodeBank_ClientAPI::responseBase(); $response['login'] = true; $SQL_email = Convert::raw2sql($data->user); $member = Member::get_one('Member', "\"Email\"='{$SQL_email}'"); // Allow vetoing forgot password requests $sng = new MemberLoginForm(Controller::has_curr() ? Controller::curr() : singleton('Controller'), 'LoginForm'); $results = $sng->extend('forgotPassword', $member); if ($results && is_array($results) && in_array(false, $results, true)) { $response['status'] = 'HELO'; $response['message'] = _t('CodeBankAPI.PASSWORD_SENT_TEXT', "A reset link has been sent to '{email}', provided an account exists for this email address.", array('email' => $data['Email'])); } if ($member) { $token = $member->generateAutologinTokenAndStoreHash(); $e = Member_ForgotPasswordEmail::create(); $e->populateTemplate($member); $e->populateTemplate(array('PasswordResetLink' => Security::getPasswordResetLink($member, $token))); $e->setTo($member->Email); $e->send(); $response['status'] = 'HELO'; $response['message'] = _t('CodeBankAPI.PASSWORD_SENT_TEXT', "A reset link has been sent to '{email}', provided an account exists for this email address.", array('email' => $data->user)); } else { if (!empty($data->user)) { $response['status'] = 'HELO'; $response['message'] = _t('CodeBankAPI.PASSWORD_SENT_TEXT', "A reset link has been sent to '{email}', provided an account exists for this email address.", array('email' => $data->user)); } else { $response['status'] = 'EROR'; $response['message'] = _t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'); } } return $response; }
/** * @param Member $member * @param string $token */ protected function sendPasswordResetLinkEmail($member, $token) { /* @var $email Member_ForgotPasswordEmail */ $email = Member_ForgotPasswordEmail::create(); $email->populateTemplate($member); $email->populateTemplate(['PasswordResetLink' => AdminSecurity::getPasswordResetLink($member, $token)]); $email->setTo($member->Email); $email->send(); }
/** * Send the reset password email and return the generated link. * * @param Member $member * * @return string */ protected function sendResetPasswordEmail(Member $member) { // hack ? global $_FILE_TO_URL_MAPPING; if ($_FILE_TO_URL_MAPPING[BASE_PATH]) { $_SERVER['REQUEST_URI'] = $_FILE_TO_URL_MAPPING[BASE_PATH]; } $token = $member->generateAutologinTokenAndStoreHash(); $link = Security::getPasswordResetLink($member, $token); /* @var Member_ForgotPasswordEmail $email */ $email = Member_ForgotPasswordEmail::create(); $email->populateTemplate($member); $email->populateTemplate(['PasswordResetLink' => $link]); $email->setTo($member->Email); $email->send(); return $link; }
public function forgotPassword($data) { $email = isset($data['Email']) ? Convert::raw2sql($data['Email']) : null; try { if (empty($email)) { throw new EntityValidationException('Please enter an email address to get a password reset link.'); } $member = Member::get()->filter('Email', $email)->first(); // Allow vetoing forgot password requests $results = $this->extend('forgotPassword', $member); if ($results && is_array($results) && in_array(false, $results, true)) { return $this->controller->redirect('Security/lostpassword'); } if ($member) { $token = $this->tx_manager->transaction(function () use($member) { return $member->generateAutologinTokenAndStoreHash(); }); $e = Member_ForgotPasswordEmail::create(); $e->populateTemplate($member); $e->populateTemplate(array('PasswordResetLink' => Security::getPasswordResetLink($member, $token))); $e->setTo($member->Email); $e->send(); $this->controller->redirect('Security/passwordsent/' . urlencode($email)); } // Avoid information disclosure by displaying the same status, // regardless wether the email address actually exists $this->controller->redirect('Security/passwordsent/' . urlencode($email)); } catch (EntityValidationException $ex1) { $this->sessionMessage($ex1->getMessage(), 'bad'); SS_Log::log($ex1->getMessage(), SS_Log::WARN); $this->controller->redirect('Security/lostpassword'); } catch (Exception $ex) { $this->sessionMessage('There was an error with your request!', 'bad'); SS_Log::log($ex->getMessage(), SS_Log::ERR); $this->controller->redirect('Security/lostpassword'); } }
/** * Forgot password form handler method. * * Called when the user clicks on "I've lost my password". * * Extensions can use the 'forgotPassword' method to veto executing * the logic, by returning FALSE. In this case, the user will be redirected back * to the form without further action. It is recommended to set a message * in the form detailing why the action was denied. * * Overridden because we need to generate a link to the LDAPSecurityController * instead of the SecurityController * * @param array $data Submitted data * @return SS_HTTPResponse */ public function forgotPassword($data) { // No need to protect against injections, LDAPService will ensure that this is safe $login = trim($data['Login']); $service = Injector::inst()->get('LDAPService'); if (Email::validEmailAddress($login)) { if (Config::inst()->get('LDAPAuthenticator', 'allow_email_login') != 'yes') { $this->sessionMessage(_t('LDAPLoginForm.USERNAMEINSTEADOFEMAIL', 'Please enter your username instead of your email to get a password reset link.'), 'bad'); $this->controller->redirect($this->controller->Link('lostpassword')); return; } $userData = $service->getUserByEmail($login); } else { $userData = $service->getUserByUsername($login); } // Avoid information disclosure by displaying the same status, // regardless whether the email address actually exists if (!isset($userData['objectguid'])) { return $this->controller->redirect($this->controller->Link('passwordsent/') . urlencode($data['Login'])); } $member = Member::get()->filter('GUID', $userData['objectguid'])->limit(1)->first(); // User haven't been imported yet so do that now if (!($member && $member->exists())) { $member = new Member(); $member->GUID = $userData['objectguid']; $member->write(); } // Allow vetoing forgot password requests $results = $this->extend('forgotPassword', $member); if ($results && is_array($results) && in_array(false, $results, true)) { return $this->controller->redirect($this->ldapSecController->Link('lostpassword')); } // update the users from LDAP so we are sure that the email is correct $service->updateMemberFromLDAP($member); if ($member) { $token = $member->generateAutologinTokenAndStoreHash(); $e = Member_ForgotPasswordEmail::create(); $e->populateTemplate($member); $e->populateTemplate(array('PasswordResetLink' => LDAPSecurityController::getPasswordResetLink($member, $token))); $e->setTo($member->Email); $e->send(); $this->controller->redirect($this->controller->Link('passwordsent/') . urlencode($data['Login'])); } elseif ($data['Login']) { // Avoid information disclosure by displaying the same status, // regardless whether the email address actually exists $this->controller->redirect($this->controller->Link('passwordsent/') . urlencode($data['Login'])); } else { if (Config::inst()->get('LDAPAuthenticator', 'allow_email_login') === 'yes') { $this->sessionMessage(_t('LDAPLoginForm.ENTERUSERNAMEOREMAIL', 'Please enter your username or your email address to get a password reset link.'), 'bad'); } else { $this->sessionMessage(_t('LDAPLoginForm.ENTERUSERNAME', 'Please enter your username to get a password reset link.'), 'bad'); } $this->controller->redirect($this->controller->Link('lostpassword')); } }
/** * Sends password recovery email * * @param SS_HTTPRequest $request HTTP request containing 'email' vars * @return array 'email' => false if email fails (Member doesn't exist will not be reported) */ public function lostPassword(SS_HTTPRequest $request) { $email = Convert::raw2sql($request->requestVar('email')); $member = DataObject::get_one('Member', "\"Email\" = '{$email}'"); $sent = true; if ($member) { $token = $member->generateAutologinTokenAndStoreHash(); $e = Member_ForgotPasswordEmail::create(); $e->populateTemplate($member); $e->populateTemplate(array('PasswordResetLink' => Security::getPasswordResetLink($member, $token))); $e->setTo($member->Email); $sent = $e->send(); } return array('email' => $sent); }
/** * Send signup, change password or forgot password informations to an user * * @param string $type Information type to send ("signup", "changePassword" or "forgotPassword") * @param array $data Additional data to pass to the email (can be used in the template) */ function sendInfo($type = 'signup', $data = null) { switch($type) { case "signup": $e = Member_SignupEmail::create(); break; case "changePassword": $e = Member_ChangePasswordEmail::create(); break; case "forgotPassword": $e = Member_ForgotPasswordEmail::create(); break; } if(is_array($data)) { foreach($data as $key => $value) $e->$key = $value; } $e->populateTemplate($this); $e->setTo($this->Email); $e->send(); }
/** * Send signup, change password or forgot password informations to an user * * @param string $type Information type to send ("signup", "changePassword" or "forgotPassword") * @param array $data Additional data to pass to the email (can be used in the template) */ public function sendInfo($type = 'signup', $data = null) { Deprecation::notice('3.0', 'Please use Member_ChangePasswordEmail or Member_ForgotPasswordEmail directly instead'); switch ($type) { case "changePassword": $e = Member_ChangePasswordEmail::create(); break; case "forgotPassword": $e = Member_ForgotPasswordEmail::create(); break; } if (is_array($data)) { foreach ($data as $key => $value) { $e->{$key} = $value; } } $e->populateTemplate($this); $e->setTo($this->Email); $e->send(); }
/** * Forgot password form handler method. * Called when the user clicks on "I've lost my password". * Extensions can use the 'forgotPassword' method to veto executing * the logic, by returning FALSE. In this case, the user will be redirected back * to the form without further action. It is recommended to set a message * in the form detailing why the action was denied. * * @param array $data Submitted data */ public function forgotPassword($data) { // Ensure password is given if (empty($data['Email'])) { $this->sessionMessage(_t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'), 'bad'); $this->controller->redirect('Security/lostpassword'); return; } // Find existing member $member = Member::get()->filter("Email", $data['Email'])->first(); // Allow vetoing forgot password requests $results = $this->extend('forgotPassword', $member); if ($results && is_array($results) && in_array(false, $results, true)) { return $this->controller->redirect('Security/lostpassword'); } if ($member) { $token = $member->generateAutologinTokenAndStoreHash(); $e = Member_ForgotPasswordEmail::create(); $e->populateTemplate($member); $e->populateTemplate(array('PasswordResetLink' => Security::getPasswordResetLink($member, $token))); $e->setTo($member->Email); $e->send(); $this->controller->redirect('Security/passwordsent/' . urlencode($data['Email'])); } elseif ($data['Email']) { // Avoid information disclosure by displaying the same status, // regardless wether the email address actually exists $this->controller->redirect('Security/passwordsent/' . rawurlencode($data['Email'])); } else { $this->sessionMessage(_t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'), 'bad'); $this->controller->redirect('Security/lostpassword'); } }
/** * Forgot password form handler method. * Called when the user clicks on "I've lost my password". * Extensions can use the 'forgotPassword' method to veto executing * the logic, by returning FALSE. In this case, the user will be redirected back * to the form without further action. It is recommended to set a message * in the form detailing why the action was denied. * * @param array $data Submitted data */ public function forgotPassword($data) { $SQL_data = Convert::raw2sql($data); $SQL_email = $SQL_data['Email']; $member = DataObject::get_one('Member', "\"Email\" = '{$SQL_email}'"); // Allow vetoing forgot password requests $results = $this->extend('forgotPassword', $member); if ($results && is_array($results) && in_array(false, $results, true)) { return $this->controller->redirect('Security/lostpassword'); } if ($member) { $token = $member->generateAutologinTokenAndStoreHash(); $e = Member_ForgotPasswordEmail::create(); $e->populateTemplate($member); $e->populateTemplate(array('PasswordResetLink' => Security::getPasswordResetLink($member, $token))); $e->setTo($member->Email); $e->send(); $this->controller->redirect('Security/passwordsent/' . urlencode($data['Email'])); } elseif ($data['Email']) { // Avoid information disclosure by displaying the same status, // regardless wether the email address actually exists $this->controller->redirect('Security/passwordsent/' . urlencode($data['Email'])); } else { $this->sessionMessage(_t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'), 'bad'); $this->controller->redirect('Security/lostpassword'); } }
/** * changes from for Member_ForgotPasswordEmail to SilvercartConfig email sender * converts subject to ISO-8859-1 * * @return void * * @author Patrick Schneider <*****@*****.**> * @since 16.08.2012 */ public function __construct() { parent::__construct(); $this->setSubject(iconv("UTF-8", "ISO-8859-1", $this->Subject())); // convert to iso because of some old mail clients $this->setFrom(SilvercartConfig::EmailSender()); }