public function checkexists($attribute, $params)
 {
     $user = null;
     // we only want to authenticate when there are no input errors so far
     if (!$this->hasErrors()) {
         if (strpos($this->login_or_email, "@")) {
             $profile = YumProfile::model()->findByAttributes(array('email' => $this->login_or_email));
             $this->user = $profile && $profile->user && $profile->user instanceof YumUser ? $profile->user : null;
         } else {
             $this->user = YumUser::model()->findByAttributes(array('username' => $this->login_or_email));
         }
     }
 }
 public function actionDelete()
 {
     $this->layout = Yum::module()->adminLayout;
     if (Yii::app()->request->isPostRequest) {
         // we only allow deletion via POST request
         $model = $this->loadModel('YumProfileField');
         $sql = 'ALTER TABLE ' . YumProfile::model()->tableName() . ' DROP `' . $model->varname . '`';
         if ($model->dbConnection->createCommand($sql)->execute()) {
             $model->delete();
         }
         if (!isset($_POST['ajax'])) {
             $this->redirect(array('index'));
         }
     } else {
         throw new CHttpException(400, 'Invalid request. Please do not repeat this request again.');
     }
 }
 public function authenticate($without_password = false)
 {
     $user = YumUser::model()->find('username = :username', array(':username' => $this->username));
     // try to authenticate via email
     if (Yum::hasModule('profile') && Yum::module()->loginType & UserModule::LOGIN_BY_EMAIL && !$user) {
         if ($profile = YumProfile::model()->find('email = :email', array(':email' => $this->username))) {
             if ($profile->user) {
                 $user = $profile->user;
             }
         }
     }
     if (!$user) {
         return self::ERROR_STATUS_USER_DOES_NOT_EXIST;
     }
     if ($user->status == YumUser::STATUS_INACTIVE) {
         $this->errorCode = self::ERROR_STATUS_INACTIVE;
     } else {
         if ($user->status == YumUser::STATUS_BANNED) {
             $this->errorCode = self::ERROR_STATUS_BANNED;
         } else {
             if ($user->status == YumUser::STATUS_REMOVED) {
                 $this->errorCode = self::ERROR_STATUS_REMOVED;
             } else {
                 if ($without_password) {
                     $this->credentialsConfirmed($user);
                 } else {
                     if (!CPasswordHelper::verifyPassword($this->password, $user->password)) {
                         $this->errorCode = self::ERROR_PASSWORD_INVALID;
                     } else {
                         $this->credentialsConfirmed($user);
                     }
                 }
             }
         }
     }
     return !$this->errorCode;
 }
 /**
  * Password recovery routine. The User will receive an email with an
  * activation link. If clicked, he will be prompted to enter his new
  * password.
  */
 public function actionRecovery($email = null, $key = null)
 {
     $form = new YumPasswordRecoveryForm();
     if ($email != null && $key != null) {
         if ($profile = YumProfile::model()->find('email = :email', array('email' => $email))) {
             $user = $profile->user;
             if ($user->status <= 0) {
                 throw new CHttpException(403, 'User is not active');
             } else {
                 if ($user->activationKey == urldecode($key)) {
                     $passwordform = new YumUserChangePassword();
                     if (isset($_POST['YumUserChangePassword'])) {
                         $passwordform->attributes = $_POST['YumUserChangePassword'];
                         if ($passwordform->validate()) {
                             $user->setPassword($passwordform->password);
                             $user->activationKey = CPasswordHelper::hashPassword(microtime() . $passwordform->password, Yum::module()->passwordHashCost);
                             $user->save();
                             Yum::setFlash('Your new password has been saved.');
                             if (Yum::module('registration')->loginAfterSuccessfulRecovery) {
                                 $login = new YumUserIdentity($user->username, false);
                                 $login->authenticate(true);
                                 Yii::app()->user->login($login);
                                 $this->redirect(Yii::app()->homeUrl);
                             } else {
                                 $this->redirect(Yum::module()->loginUrl);
                             }
                         }
                     }
                     $this->render(Yum::module('registration')->changePasswordView, array('form' => $passwordform));
                     Yii::app()->end();
                 } else {
                     $form->addError('login_or_email', Yum::t('Invalid recovery key'));
                     Yum::log(Yum::t('Someone tried to recover a password, but entered a wrong recovery key. Email is {email}, associated user is {username} (id: {uid})', array('{email}' => $email, '{uid}' => $user->id, '{username}' => $user->username)));
                 }
             }
         }
     } else {
         if (isset($_POST['YumPasswordRecoveryForm'])) {
             $form->attributes = $_POST['YumPasswordRecoveryForm'];
             if ($form->validate()) {
                 if ($form->user instanceof YumUser) {
                     if ($form->user->status <= 0) {
                         throw new CHttpException(403, 'User is not active');
                     }
                     $form->user->generateActivationKey();
                     $recovery_url = $this->createAbsoluteUrl(Yum::module('registration')->recoveryUrl[0], array('key' => urlencode($form->user->activationKey), 'email' => $form->user->profile->email));
                     Yum::log(Yum::t('{username} successfully requested a new password in the password recovery form. A email with the password recovery url {recovery_url} has been sent to {email}', array('{email}' => $form->user->profile->email, '{recovery_url}' => $recovery_url, '{username}' => $form->user->username)));
                     $mail = array('from' => Yii::app()->params['adminEmail'], 'to' => $form->user->profile->email, 'subject' => 'You requested a new password', 'body' => strtr('You have requested a new password. Please use this URL to continue: {recovery_url}', array('{recovery_url}' => $recovery_url)));
                     $sent = YumMailer::send($mail);
                     Yum::setFlash('Instructions have been sent to you. Please check your email.');
                 } else {
                     Yum::log(Yum::t('A password has been requested, but no associated user was found in the database. Requested user/email is: {username}', array('{username}' => $form->login_or_email)));
                 }
                 $this->redirect(Yum::module()->loginUrl);
             }
         }
     }
     $this->render(Yum::module('registration')->recoverPasswordView, array('form' => $form));
 }
 public function loginByEmail()
 {
     if (Yum::hasModule('profile')) {
         Yii::import('application.modules.profile.models.*');
         $profile = YumProfile::model()->find('email = :email', array(':email' => $this->loginForm->username));
         if ($profile && $profile->user) {
             return $this->authenticate($profile->user);
         }
     } else {
         throw new CException(Yum::t('The profile submodule must be enabled to allow login by Email'));
     }
 }
	public function authenticate($without_password = false)
	{
		$user = YumUser::model()->find('username = :username', array(
					':username' => $this->username));

		// try to authenticate via email
		if(!$user && (Yum::module()->loginType & 2) && Yum::hasModule('profile')) {
			if($profile = YumProfile::model()->find('email = :email', array(
							':email' => $this->username)))
				if($profile->user)
					$user = $profile->user;
		}

		if(!$user)
			return self::ERROR_STATUS_USER_DOES_NOT_EXIST;

		if($without_password)
			$this->credentialsConfirmed($user);
		else if(YumUser::encrypt($this->password)!==$user->password)
			$this->errorCode=self::ERROR_PASSWORD_INVALID;
		else if($user->status == YumUser::STATUS_INACTIVE)
			$this->errorCode=self::ERROR_STATUS_INACTIVE;
		else if($user->status == YumUser::STATUS_BANNED)
			$this->errorCode=self::ERROR_STATUS_BANNED;
		else if($user->status == YumUser::STATUS_REMOVED)
			$this->errorCode=self::ERROR_STATUS_REMOVED;
		else
			$this->credentialsConfirmed($user);
		return !$this->errorCode;

	}
 /**
  * Activation of an user account.
  * If everything is set properly, and the emails exists in the database,
  * and is associated with a correct user, and this user has the status
  * NOTACTIVE and the given activationKey is identical to the one in the
  * database then generate a new Activation key to avoid double activation,
  * set the status to ACTIVATED and save the data
  * Error Codes:
  * -1 : User is not inactive, it can not be activated
  * -2 : Wrong activation key
  * -3 : Profile found, but no user - database inconsistency?
  */
 public static function activate($email, $key)
 {
     Yii::import('application.modules.profile.models.*');
     if ($profile = YumProfile::model()->find("email = :email", array(':email' => $email))) {
         if ($user = $profile->user) {
             if ($user->status != self::STATUS_INACTIVE) {
                 return -1;
             }
             if ($user->activationKey == $key) {
                 $user->activationKey = $user->generateActivationKey(true);
                 $user->status = self::STATUS_ACTIVE;
                 if ($user->save(false, array('activationKey', 'status'))) {
                     Yum::log(Yum::t('User {username} has been activated', array('{username}' => $user->username)));
                     if (Yum::hasModule('messages') && Yum::module('registration')->enableActivationConfirmation) {
                         Yii::import('application.modules.messages.models.YumMessage');
                         YumMessage::write($user, 1, Yum::t('Your activation succeeded'), strtr('The activation of the account {username} succeeded. Please use <a href="{link_login}">this link</a> to go to the login page', array('{username}' => $user->username, '{link_login}' => Yii::app()->controller->createUrl('//user/user/login'))));
                     }
                     return $user;
                 }
             } else {
                 return -2;
             }
         } else {
             return -3;
         }
     }
     return false;
 }
	/**
	 * Password recovery routine. The User will receive an email with an
	 * activation link. If clicked, he will be prompted to enter his new
	 * password.
	 */
	public function actionRecovery($email = null, $key = null) {
		$form = new YumPasswordRecoveryForm;

		if ($email != null && $key != null) {
			if($profile = YumProfile::model()->find('email = :email', array(
							'email' =>  $email))) {
				$user = $profile->user;
				if($user->activationKey == $key) {
					$passwordform = new YumUserChangePassword;
					if (isset($_POST['YumUserChangePassword'])) {
						$passwordform->attributes = $_POST['YumUserChangePassword'];
						if ($passwordform->validate()) {
							$user->password = YumUser::encrypt($passwordform->password);
							$user->activationKey = YumUser::encrypt(microtime() . $passwordform->password);
							$user->save();
							Yum::setFlash('Your new password has been saved.');
							$this->redirect(Yum::module()->loginUrl);
						}
					}
					$this->render(
							Yum::module('registration')->changePasswordView, array(
								'form' => $passwordform));
					Yii::app()->end();
				} else {
					$form->addError('login_or_email', Yum::t('Invalid recovery key'));
					Yum::log(Yum::t(
								'Someone tried to recover a password, but entered a wrong recovery key. Email is {email}, associated user is {username} (id: {uid})', array(
									'{email}' => $email,
									'{uid}' => $user->id,
									'{username}' => $user->username)));
				}
			}
		} else {
			if (isset($_POST['YumPasswordRecoveryForm'])) {
				$form->attributes = $_POST['YumPasswordRecoveryForm'];

				if ($form->validate()) {
					Yum::setFlash(
							'Instructions have been sent to you. Please check your email.');

					if($form->user instanceof YumUser) {
						$form->user->generateActivationKey();
						$recovery_url = $this->createAbsoluteUrl(
								Yum::module('registration')->recoveryUrl[0], array(
									'key' => $form->user->activationKey,
									'email' => $form->user->profile->email));

						Yum::log(Yum::t(
									'{username} successfully requested a new password in the password recovery form. A email with the password recovery url {recovery_url} has been sent to {email}', array(
										'{email}' => $form->user->profile->email,
										'{recovery_url}' => $recovery_url,
										'{username}' => $form->user->username)));

						$content = YumTextSettings::model()->find(
								'language = :lang', array('lang' => Yii::app()->language));
						$sent = null;

						if (is_object($content)) {
							$mail = array(
									'from' => Yii::app()->params['adminEmail'],
									'to' => $form->user->profile->email,
									'subject' => $content->subject_email_registration,
									'body' => strtr($content->text_email_recovery, array(
											'{recovery_url}' => $recovery_url)),
									);
							$sent = YumMailer::send($mail);
						} else {
							throw new CException(Yum::t('The messages for your application language are not defined.'));
						}
					} else
						Yum::log(Yum::t(
									'A password has been requested, but no associated user was found in the database. Requested user/email is: {username}', array(
										'{username}' => $form->login_or_email)));
					$this->redirect(Yum::module()->loginUrl);
				}
			}
		}
		$this->render(Yum::module('registration')->recoverPasswordView, array(
					'form' => $form));

	}
Esempio n. 9
0
	/**
	 * Activation of an user account.
	 * If everything is set properly, and the emails exists in the database,
	 * and is associated with a correct user, and this user has the status
	 * NOTACTIVE and the given activationKey is identical to the one in the
	 * database then generate a new Activation key to avoid double activation,
	 * set the status to ACTIVATED and save the data
	 * Error Codes:
	 * -1 : User is not inactive, it can not be activated
	 * -2 : Wrong activation key
	 * -3 : Profile found, but no user - database inconsistency?
	 */
	public static function activate($email, $key)
	{
		Yii::import('application.modules.profile.models.*');

		if ($profile = YumProfile::model()->find("email = :email", array(
						':email' => $email))
			 ) {
			if ($user = $profile->user) {
				if ($user->status != self::STATUS_INACTIVE)
					return -1;
				if ($user->activationKey == $key) {
					$user->activationKey = $user->generateActivationKey(true);
					$user->status = self::STATUS_ACTIVE;
					if ($user->save(false, array('activationKey', 'status'))) {
						Yum::log(Yum::t('User {username} has been activated', array(
										'{username}' => $user->username)));
						if (Yum::hasModule('messages')
								&& Yum::module('registration')->enableActivationConfirmation
							 ) {
							Yii::import('application.modules.messages.models.YumMessage');
							YumMessage::write($user, 1,
									Yum::t('Your activation succeeded'),
									YumTextSettings::getText('text_email_activation', array(
											'{username}' => $user->username,
											'{link_login}' =>
											Yii::app()->controller->createUrl('//user/user/login'))));
						}

						return $user;
					}
				} else return -2;
			} else return -3;
		}
		return false;
	}
 public function loginByHybridAuth($provider)
 {
     if (!Yum::module()->loginType & UserModule::LOGIN_BY_HYBRIDAUTH) {
         throw new CException(400, 'Hybrid authentification is not allowed');
     }
     if (!Yum::hasModule('profile')) {
         throw new CException(400, 'Hybrid auth needs the profile submodule to be enabled');
     }
     Yii::import('user.vendors.hybridauth.Hybrid.Auth', true);
     Yii::import('user.profile.models.*');
     require_once Yum::module()->hybridAuthConfigFile;
     try {
         $hybridauth = new Hybrid_Auth(Yum::module()->hybridAuthConfigFile);
         $providers = Yum::module()->hybridAuthProviders;
         if (count($providers) == 0) {
             throw new CException('No Hybrid auth providers enabled in configuration file');
         }
         if (!in_array($provider, $providers)) {
             throw new CException('Requested provider is not enabled in configuration file');
         }
         $success = $hybridauth->authenticate($provider);
         if ($success && $success->isUserConnected()) {
             // User found and authenticated at foreign party. Is he already
             // registered at our application?
             $hybridAuthProfile = $success->getUserProfile();
             $user = $this->getUserByEmail($hybridAuthProfile->email);
             if (!$user && !YumProfile::model()->findByAttributes(array('email' => $hybridAuthProfile->email))) {
                 // No, he is not, so we register the user and sync the profile fields
                 $user = new YumUser();
                 if (!$user->registerByHybridAuth($hybridAuthProfile)) {
                     Yum::setFlash(Yum::t('Registration by external provider failed'));
                     $this->redirect(Yum::module()->returnUrl);
                 } else {
                     Yum::setFlash('Registration successful');
                 }
             }
             $identity = new YumUserIdentity($user->username, null);
             if ($identity->authenticate(true)) {
                 Yum::log(Yum::t('User {username} logged in by hybrid {provider}', array('{username}' => $hybridAuthProfile->displayName, '{email}' => $hybridAuthProfile->displayName, '{provider}' => $provider)));
                 Yii::app()->user->login($identity, Yum::module()->cookieDuration);
             } else {
                 Yum::setFlash(Yum::t('Login by external provider failed'));
             }
             $this->redirect(Yum::module()->returnUrl);
         }
     } catch (Exception $e) {
         if (Yum::module()->debug) {
             throw new CException($e->getMessage());
         } else {
             throw new CHttpException(403, Yum::t('Permission denied'));
         }
     }
 }