/**
* Replaces variables inside an email template according to {@link TEMPLATE_NOTE}.
*
* @param string $string
* @param Member $member
* @return string
*/
public static function get_parsed_string($string, $member, $page)
{
$variables = array('$SiteName' => SiteConfig::current_site_config()->Title, '$LoginLink' => Director::absoluteURL(Security::Link('login')), '$ConfirmLink' => Director::absoluteURL(Controller::join_links($page->Link('confirm'), $member->ID, "?key={$member->ValidationKey}")), '$LostPasswordLink' => Director::absoluteURL(Security::Link('lostpassword')), '$Member.Created' => $member->obj('Created')->Nice());
foreach (array('Name', 'FirstName', 'Surname', 'Email') as $field) {
$variables["\$Member.{$field}"] = $member->{$field};
}
return str_replace(array_keys($variables), array_values($variables), $string);
}
/**
* Change the password
*
* @param array $data The user submitted data
*/
function doChangePassword(array $data)
{
if ($member = Member::currentUser()) {
// The user was logged in, check the current password
if (isset($data['OldPassword']) && $member->checkPassword($data['OldPassword']) == false) {
$this->clearMessage();
$this->sessionMessage(_t('Member.ERRORPASSWORDNOTMATCH', "Your current password does not match, please try again"), "bad");
Director::redirectBack();
return;
}
}
if (!$member) {
if (Session::get('AutoLoginHash')) {
$member = Member::member_from_autologinhash(Session::get('AutoLoginHash'));
}
// The user is not logged in and no valid auto login hash is available
if (!$member) {
Session::clear('AutoLoginHash');
Director::redirect('loginpage');
return;
}
}
// Check the new password
if ($data['NewPassword1'] == $data['NewPassword2']) {
$isValid = $member->changePassword($data['NewPassword1']);
if ($isValid->valid()) {
$this->clearMessage();
$this->sessionMessage(_t('Member.PASSWORDCHANGED', "Your password has been changed, and a copy emailed to you."), "good");
Session::clear('AutoLoginHash');
$redirectURL = HTTP::setGetVar('BackURL', urlencode(Director::absoluteBaseURL()), Security::Link('login'));
Director::redirect($redirectURL);
} else {
$this->clearMessage();
$this->sessionMessage(nl2br("We couldn't accept that password:\n" . $isValid->starredList()), "bad");
Director::redirectBack();
}
} else {
$this->clearMessage();
$this->sessionMessage(_t('Member.ERRORNEWPASSWORD', "Your have entered your new password differently, try again"), "bad");
Director::redirectBack();
}
}
/**
* Change the password
*
* @param array $data The user submitted data
*/
function doChangePassword(array $data)
{
if ($member = Member::currentUser()) {
// The user was logged in, check the current password
if ($member->checkPassword($data['OldPassword']) == false) {
$this->clearMessage();
$this->sessionMessage(_t('Member.ERRORPASSWORDNOTMATCH', "Your current password does not match, please try again"), "bad");
Director::redirectBack();
}
}
if (!$member) {
if (Session::get('AutoLoginHash')) {
$member = Member::autoLoginHash(Session::get('AutoLoginHash'));
}
// The user is not logged in and no valid auto login hash is available
if (!$member) {
Session::clear('AutoLoginHash');
Director::redirect('loginpage');
}
}
// Check the new password
if ($data['NewPassword1'] == $data['NewPassword2']) {
$member->Password = $data['NewPassword1'];
$member->AutoLoginHash = null;
$member->write();
$member->sendinfo('changePassword', array('CleartextPassword' => $data['NewPassword1']));
$this->clearMessage();
$this->sessionMessage(_t('Member.PASSWORDCHANGED', "Your password has been changed, and a copy emailed to you."), "good");
Session::clear('AutoLoginHash');
Director::redirect(Security::Link('login'));
} else {
$this->clearMessage();
$this->sessionMessage(_t('Member.ERRORNEWPASSWORD', "Your have entered your new password differently, try again"), "bad");
Director::redirectBack();
}
}
/**
* @covers MemberConfirmationEmail::get_parsed_string
*/
public function testGetParsedString()
{
$page = new MemberProfilePage();
$member = new Member();
$member->Email = 'Test Email';
$member->FirstName = 'Test';
$member->LastName = 'User';
$member->write();
$raw = '<ul>
<li>Cost: $10</li>
<li>Site Name: $SiteName</li>
<li>Login Link: $LoginLink</li>
<li>Member:
<ul>
<li>Since: $Member.Created</li>
<li>Email: $Member.Email</li>
<li>Name: $Member.Name</li>
<li>Surname: $Member.Surname</li>
</ul>
</li>
</ul>';
$expected = "<ul>\n\t\t\t<li>Cost: \$10</li>\n\t\t\t<li>Site Name: " . SiteConfig::current_site_config()->Title . "</li>\n\t\t\t<li>Login Link: " . Director::absoluteURL(Security::Link('login')) . "</li>\n\t\t\t<li>Member:\n\t\t\t\t<ul>\n\t\t\t\t\t<li>Since: " . $member->obj('Created')->Nice() . "</li>\n\t\t\t\t\t<li>Email: {$member->Email}</li>\n\t\t\t\t\t<li>Name: {$member->Name}</li>\n\t\t\t\t\t<li>Surname: {$member->Surname}</li>\n\t\t\t\t</ul>\n\t\t\t</li>\n\t\t</ul>";
$this->assertEquals($expected, MemberConfirmationEmail::get_parsed_string($raw, $member, $page), 'All allowed variables are parsed into the string.');
}
/**
* Login form handler method
*
* This method is called when the user clicks on "Log in"
*
* @param array $data Submitted data
*/
public function dologin($data)
{
if ($this->performLogin($data)) {
Session::clear('SessionForms.MemberLoginForm.Email');
Session::clear('SessionForms.MemberLoginForm.Remember');
if (Member::currentUser()->isPasswordExpired()) {
if (isset($_REQUEST['BackURL']) && ($backURL = $_REQUEST['BackURL'])) {
Session::set('BackURL', $backURL);
}
$cp = new ChangePasswordForm($this->controller, 'ChangePasswordForm');
$cp->sessionMessage('Your password has expired. Please choose a new one.', 'good');
Director::redirect('Security/changepassword');
} elseif (isset($_REQUEST['BackURL']) && $_REQUEST['BackURL'] && Director::is_site_url($_REQUEST['BackURL'])) {
Director::redirect($_REQUEST['BackURL']);
} elseif (Security::default_login_dest()) {
Director::redirect(Director::absoluteBaseURL() . Security::default_login_dest());
} else {
$member = Member::currentUser();
if ($member) {
$firstname = Convert::raw2xml($member->FirstName);
if (!empty($data['Remember'])) {
Session::set('SessionForms.MemberLoginForm.Remember', '1');
$member->logIn(true);
} else {
$member->logIn();
}
Session::set('Security.Message.message', sprintf(_t('Member.WELCOMEBACK', "Welcome Back, %s"), $firstname));
Session::set("Security.Message.type", "good");
}
Director::redirectBack();
}
} else {
Session::set('SessionForms.MemberLoginForm.Email', $data['Email']);
Session::set('SessionForms.MemberLoginForm.Remember', isset($data['Remember']));
if (isset($_REQUEST['BackURL'])) {
$backURL = $_REQUEST['BackURL'];
} else {
$backURL = null;
}
if ($backURL) {
Session::set('BackURL', $backURL);
}
if ($badLoginURL = Session::get("BadLoginURL")) {
Director::redirect($badLoginURL);
} else {
// Show the right tab on failed login
$loginLink = Director::absoluteURL(Security::Link("login"));
if ($backURL) {
$loginLink .= '?BackURL=' . urlencode($backURL);
}
Director::redirect($loginLink . '#' . $this->FormName() . '_tab');
}
}
}
/**
* @param string $context
* @return FieldSet
*/
protected function getProfileFields($context)
{
$profileFields = $this->Fields();
$fields = new FieldSet();
// depending on the context, load fields from the current member
if (Member::currentUser() && $context != 'Add') {
$memberFields = Member::currentUser()->getMemberFormFields();
} else {
$memberFields = singleton('Member')->getMemberFormFields();
}
if ($context == 'Registration') {
$fields->push(new HeaderField('LogInHeader', _t('MemberProfiles.LOGIN_HEADER', 'Log In')));
$fields->push(new LiteralField('LogInNote', '<p>' . sprintf(_t('MemberProfiles.LOGIN', 'If you already have an account you can <a href="%s">log in here</a>.'), Security::Link('login') . '?BackURL=' . $this->Link()) . '</p>'));
$fields->push(new HeaderField('RegisterHeader', _t('MemberProfiles.REGISTER', 'Register')));
}
if ($context == 'Profile' && $this->AllowAdding && singleton('Member')->canCreate()) {
$fields->push(new HeaderField('AddHeader', _t('MemberProfiles.ADDUSER', 'Add User')));
$fields->push(new LiteralField('AddMemberNote', '<p>' . sprintf(_t('MemberProfiles.ADDMEMBERNOTE', 'You can use this page to <a href="%s">add a new member</a>.'), $this->Link('add')) . '</p>'));
$fields->push(new HeaderField('YourProfileHeader', _t('MemberProfiles.YOURPROFILE', 'Your Profile')));
}
// use the default registration fields for adding members
if ($context == 'Add') {
$context = 'Registration';
}
if ($this->AllowProfileViewing && $profileFields->find('PublicVisibility', 'MemberChoice')) {
$fields->push(new LiteralField('VisibilityNote', '<p>' . _t('MemberProfiles.CHECKVISNOTE', 'Check fields below to make them visible on your public ' . 'profile.') . '</p>'));
}
foreach ($profileFields as $profileField) {
$visibility = $profileField->{$context . 'Visibility'};
$name = $profileField->MemberField;
$memberField = $memberFields->dataFieldByName($name);
// handle the special case of the Groups control so that only allowed groups can be selected
if ($name == 'Groups') {
$availableGroups = $this->data()->SelectableGroups();
$memberField->setSource($availableGroups);
}
if (!$memberField || $visibility == 'Hidden') {
continue;
}
$field = clone $memberField;
if ($visibility == 'Readonly') {
$field = $field->performReadonlyTransformation();
}
$field->setTitle($profileField->Title);
$field->setRightTitle($profileField->Note);
if ($context == 'Registration' && $profileField->DefaultValue) {
$field->setValue($profileField->DefaultValue);
}
if ($profileField->CustomError) {
$field->setCustomValidationMessage($profileField->CustomError);
}
$canSetVisibility = $this->AllowProfileViewing && $profileField->PublicVisibility != 'Hidden';
if ($canSetVisibility) {
$field = new CheckableVisibilityField($field);
if ($profileField->PublicVisibility == 'Display') {
$field->makeAlwaysVisible();
} else {
$field->getCheckbox()->setValue($profileField->PublicVisibilityDefault);
}
}
$fields->push($field);
}
$this->extend('updateProfileFields', $fields);
return $fields;
}
/**
* Login form handler method
*
* This method is called when the user clicks on "Log in"
*
* @param array $data Submitted data
*/
public function createorupdateaccount($data, $form)
{
$passwordOK = true;
if (!$passwordOK) {
Session::set('Security.Message.message', _t('Member.PASSWORDINVALID', "Your password is not valid."));
$loginLink = Director::absoluteURL(Security::Link("login"));
if ($backURL) {
$loginLink .= '?BackURL=' . urlencode($backURL);
}
Director::redirect($loginLink . '#' . $this->FormName() . '_tab');
}
if ($this->createOrUpdateUser($data, $form)) {
Session::clear('SessionForms.MemberLoginForm.EmailSignup');
Session::clear('SessionForms.MemberLoginForm.FirstNameSignup');
Session::clear('SessionForms.MemberLoginForm.SurnameSignup');
Session::clear('SessionForms.MemberLoginForm.RememberSignup');
if (!isset($_REQUEST['BackURL'])) {
if (Session::get("BackURL")) {
$_REQUEST['BackURL'] = Session::get("BackURL");
}
}
Session::clear("BackURL");
if (isset($_REQUEST['BackURL']) && $_REQUEST['BackURL'] && Director::is_site_url($_REQUEST['BackURL'])) {
Director::redirect($_REQUEST['BackURL']);
} elseif (Security::default_login_dest()) {
Director::redirect(Director::absoluteBaseURL() . Security::default_login_dest());
} else {
$member = Member::currentUser();
if ($member) {
$firstname = Convert::raw2xml($member->FirstName);
if (!empty($data['RememberSignup'])) {
Session::set('SessionForms.MemberLoginForm.RememberSignup', '1');
$member->logIn(true);
} else {
$member->logIn();
}
Session::set('Security.Message.message', sprintf(_t('Member.THANKYOUFORCREATINGACCOUNT', "Thank you for creating an account, %s"), $firstname));
Session::set("Security.Message.type", "good");
}
Director::redirectBack();
}
} else {
Session::set('Security.Message.message', _t('Member.MEMBERALREADYEXISTS', "A member with this email already exists."));
Session::set("Security.Message.type", "error");
Session::set('SessionForms.MemberLoginFormWithSignup.EmailSignupSignup', $data['EmailSignup']);
Session::set('SessionForms.MemberLoginFormWithSignup.FirstNameSignup', $data['FirstNameSignup']);
Session::set('SessionForms.MemberLoginFormWithSignup.SurnameSignup', $data['SurnameSignup']);
Session::set('SessionForms.MemberLoginFormWithSignup.RememberSignup', isset($data['RememberSignup']));
if (isset($_REQUEST['BackURL'])) {
$backURL = $_REQUEST['BackURL'];
} else {
$backURL = null;
}
if ($backURL) {
Session::set('BackURL', $backURL);
}
if ($badLoginURL = Session::get("BadLoginURL")) {
Director::redirect($badLoginURL);
} else {
// Show the right tab on failed login
$loginLink = Director::absoluteURL(Security::Link("login"));
if ($backURL) {
$loginLink .= '?BackURL=' . urlencode($backURL);
}
Director::redirect($loginLink . '#' . $this->FormName() . '_tab');
}
}
}
/**
* Login form handler method
*
* This method is called when the user clicks on "Log in"
*
* @param array $data Submitted data
*/
public function dologin($data)
{
if ($this->performLogin($data)) {
Session::clear('SessionForms.ExternalLoginForm.External_Anchor');
Session::clear('SessionForms.ExternalLoginForm.External_MailAddr');
Session::clear('SessionForms.ExternalLoginForm.External_SourceID');
Session::clear('SessionForms.ExternalLoginForm.Remember');
if (isset($_REQUEST['BackURL'])) {
$backURL = $_REQUEST['BackURL'];
Session::clear('BackURL');
Controller::curr()->redirect($backURL);
} else {
Controller::curr()->redirectBack();
}
} else {
Session::set('SessionForms.ExternalLoginForm.External_Anchor', $data['External_Anchor']);
Session::set('SessionForms.ExternalLoginForm.External_MailAddr', $data['External_MailAddr']);
Session::set('SessionForms.ExternalLoginForm.External_SourceID', $data['External_SourceID']);
Session::set('SessionForms.ExternalLoginForm.Remember', isset($data['Remember']));
if ($badLoginURL = Session::get("BadLoginURL")) {
Controller::curr()->redirect($badLoginURL);
} else {
// Show the right tab on failed login
Controller::curr()->redirect(Director::absoluteURL(Security::Link('login')) . '#' . $this->FormName() . '_tab');
}
}
}
/**
* Change the password
*
* @param array $data The user submitted data
*/
function doChangePassword(array $data)
{
if ($member = Member::currentUser()) {
// The user was logged in, check the current password
if (empty($data['OldPassword']) || !$member->checkPassword($data['OldPassword'])->valid()) {
$this->clearMessage();
$this->sessionMessage(_t('Member.ERRORPASSWORDNOTMATCH', "Your current password does not match, please try again"), "bad");
Director::redirectBack();
return;
}
}
if (!$member) {
if (Session::get('AutoLoginHash')) {
$member = Member::member_from_autologinhash(Session::get('AutoLoginHash'));
}
// The user is not logged in and no valid auto login hash is available
if (!$member) {
Session::clear('AutoLoginHash');
Director::redirect('loginpage');
return;
}
}
// Check the new password
if (empty($data['NewPassword1'])) {
$this->clearMessage();
$this->sessionMessage(_t('Member.EMPTYNEWPASSWORD', "The new password can't be empty, please try again"), "bad");
Director::redirectBack();
return;
} else {
if ($data['NewPassword1'] == $data['NewPassword2']) {
$isValid = $member->changePassword($data['NewPassword1']);
if ($isValid->valid()) {
$this->clearMessage();
$this->sessionMessage(_t('Member.PASSWORDCHANGED', "Your password has been changed, and a copy emailed to you."), "good");
Session::clear('AutoLoginHash');
if (isset($_REQUEST['BackURL']) && $_REQUEST['BackURL'] && Director::is_site_url($_REQUEST['BackURL'])) {
Director::redirect($_REQUEST['BackURL']);
} else {
// Redirect to default location - the login form saying "You are logged in as..."
$redirectURL = HTTP::setGetVar('BackURL', Director::absoluteBaseURL(), Security::Link('login'));
Director::redirect($redirectURL);
}
} else {
$this->clearMessage();
$this->sessionMessage(sprintf(_t('Member.INVALIDNEWPASSWORD', "We couldn't accept that password: %s"), nl2br("\n" . $isValid->starredList())), "bad");
Director::redirectBack();
}
} else {
$this->clearMessage();
$this->sessionMessage(_t('Member.ERRORNEWPASSWORD', "You have entered your new password differently, try again"), "bad");
Director::redirectBack();
}
}
}
/**
* Login form handler method
*
* This method is called when the user clicks on "Log in"
*
* @param array $data Submitted data
*/
public function dologin($data)
{
Session::set('SessionForms.OpenIDLoginForm.Remember', isset($data['Remember']));
OpenIDAuthenticator::authenticate($data, $this);
// If the OpenID authenticator returns, an error occured!
Session::set('SessionForms.OpenIDLoginForm.OpenIDURL', $data['OpenIDURL']);
if (isset($_REQUEST['BackURL']) && ($backURL = $_REQUEST['BackURL'])) {
Session::set('BackURL', $backURL);
}
if ($badLoginURL = Session::get("BadLoginURL")) {
Director::redirect($badLoginURL);
} else {
// Show the right tab on failed login
Director::redirect(Director::absoluteURL(Security::Link("login")) . '#' . $this->FormName() . '_tab');
}
}
/**
* LogoutLink
* Return a logout link
*
* @param String $location The location to direct to. i.e. storefront, basket, placeorder
* @return URL
*/
public function LogoutLink($location = null)
{
$security = new Security();
/* Set $BackURL based on $location */
switch ($location) {
/* Basket */
case "basket":
$Store_BasketController = new Store_BasketController();
$BackURL = $Store_BasketController->link();
break;
/* Order Step 1 */
/* Order Step 1 */
case "placeorder":
$Store_OrderController = new Store_OrderController();
$BackURL = $Store_OrderController->link() . "/place/one";
break;
/* Storefront */
/* Storefront */
default:
$BackURL = self::get_link();
break;
}
return $security->Link('logout') . "?BackURL=" . $BackURL;
}
/**
* Login form handler method
*
* This method is called when the user clicks on "Log in"
*
* @param array $data Submitted data
*/
public function dologin($data)
{
if ($this->performLogin($data)) {
Session::clear('SessionForms.MemberLoginForm.Email');
Session::clear('SessionForms.MemberLoginForm.Remember');
if (isset($_REQUEST['BackURL']) && ($backURL = $_REQUEST['BackURL'])) {
Session::clear("BackURL");
Director::redirect($backURL);
} else {
Director::redirectBack();
}
} else {
Session::set('SessionForms.MemberLoginForm.Email', $data['Email']);
Session::set('SessionForms.MemberLoginForm.Remember', isset($data['Remember']));
if (isset($_REQUEST['BackURL']) && ($backURL = $_REQUEST['BackURL'])) {
Session::set('BackURL', $backURL);
}
if ($badLoginURL = Session::get("BadLoginURL")) {
Director::redirect($badLoginURL);
} else {
// Show the right tab on failed login
Director::redirect(Director::absoluteURL(Security::Link("login")) . '#' . $this->FormName() . '_tab');
}
}
}
