/**
* Password recovery routine. The User will receive an email with an
* activation link. If clicked, he will be prompted to enter his new
* password.
*/
public function actionRecovery($email = null, $key = null)
{
$form = new YumPasswordRecoveryForm();
if ($email != null && $key != null) {
if ($profile = YumProfile::model()->find('email = :email', array('email' => $email))) {
$user = $profile->user;
if ($user->status <= 0) {
throw new CHttpException(403, 'User is not active');
} else {
if ($user->activationKey == urldecode($key)) {
$passwordform = new YumUserChangePassword();
if (isset($_POST['YumUserChangePassword'])) {
$passwordform->attributes = $_POST['YumUserChangePassword'];
if ($passwordform->validate()) {
$user->setPassword($passwordform->password);
$user->activationKey = CPasswordHelper::hashPassword(microtime() . $passwordform->password, Yum::module()->passwordHashCost);
$user->save();
Yum::setFlash('Your new password has been saved.');
if (Yum::module('registration')->loginAfterSuccessfulRecovery) {
$login = new YumUserIdentity($user->username, false);
$login->authenticate(true);
Yii::app()->user->login($login);
$this->redirect(Yii::app()->homeUrl);
} else {
$this->redirect(Yum::module()->loginUrl);
}
}
}
$this->render(Yum::module('registration')->changePasswordView, array('form' => $passwordform));
Yii::app()->end();
} else {
$form->addError('login_or_email', Yum::t('Invalid recovery key'));
Yum::log(Yum::t('Someone tried to recover a password, but entered a wrong recovery key. Email is {email}, associated user is {username} (id: {uid})', array('{email}' => $email, '{uid}' => $user->id, '{username}' => $user->username)));
}
}
}
} else {
if (isset($_POST['YumPasswordRecoveryForm'])) {
$form->attributes = $_POST['YumPasswordRecoveryForm'];
if ($form->validate()) {
if ($form->user instanceof YumUser) {
if ($form->user->status <= 0) {
throw new CHttpException(403, 'User is not active');
}
$form->user->generateActivationKey();
$recovery_url = $this->createAbsoluteUrl(Yum::module('registration')->recoveryUrl[0], array('key' => urlencode($form->user->activationKey), 'email' => $form->user->profile->email));
Yum::log(Yum::t('{username} successfully requested a new password in the password recovery form. A email with the password recovery url {recovery_url} has been sent to {email}', array('{email}' => $form->user->profile->email, '{recovery_url}' => $recovery_url, '{username}' => $form->user->username)));
$mail = array('from' => Yii::app()->params['adminEmail'], 'to' => $form->user->profile->email, 'subject' => 'You requested a new password', 'body' => strtr('You have requested a new password. Please use this URL to continue: {recovery_url}', array('{recovery_url}' => $recovery_url)));
$sent = YumMailer::send($mail);
Yum::setFlash('Instructions have been sent to you. Please check your email.');
} else {
Yum::log(Yum::t('A password has been requested, but no associated user was found in the database. Requested user/email is: {username}', array('{username}' => $form->login_or_email)));
}
$this->redirect(Yum::module()->loginUrl);
}
}
}
$this->render(Yum::module('registration')->recoverPasswordView, array('form' => $form));
}
public function loginByFacebook()
{
if (!Yum::module()->loginType & UserModule::LOGIN_BY_FACEBOOK) {
throw new Exception('actionFacebook was called, but is not activated in application configuration');
}
Yii::app()->user->logout();
Yii::import('application.modules.user.vendors.facebook.*');
$facebook = new Facebook(Yum::module()->facebookConfig);
$fb_uid = $facebook->getUser();
if ($fb_uid) {
$profile = YumProfile::model()->findByAttributes(array('facebook_id' => $fb_uid));
$user = $profile ? YumUser::model()->findByPk($profile->user_id) : null;
try {
$fb_user = $facebook->api('/me');
if (isset($fb_user['email'])) {
$profile = YumProfile::model()->findByAttributes(array('email' => $fb_user['email']));
} else {
return false;
}
if ($user === null && $profile === null) {
// New account
$user = new YumUser();
$user->username = '******' . YumRegistrationForm::genRandomString(Yum::module()->usernameRequirements['maxLen'] - 3);
$user->password = YumUser::encrypt(YumUserChangePassword::createRandomPassword());
$user->activationKey = YumUser::encrypt(microtime() . $user->password);
$user->createtime = time();
$user->superuser = 0;
if ($user->save()) {
$profile = new YumProfile();
$profile->user_id = $user->id;
$profile->facebook_id = $fb_user['id'];
$profile->email = $fb_user['email'];
$profile->save(false);
}
} else {
//No superuser account can log in using Facebook
$user = $profile->user;
if ($user->superuser) {
Yum::log('A superuser tried to login by facebook', 'error');
return false;
}
//Current account and FB account blending
$profile->facebook_id = $fb_uid;
$profile->save(false);
$user->username = '******' . YumRegistrationForm::genRandomString(Yum::module()->usernameRequirements['maxLen'] - 3);
$user->superuser = 0;
$user->save();
}
$identity = new YumUserIdentity($fb_uid, $user->id);
$identity->authenticateFacebook(true);
switch ($identity->errorCode) {
case YumUserIdentity::ERROR_NONE:
$duration = 3600 * 24 * 30;
//30 days
Yii::app()->user->login($identity, $duration);
Yum::log('User ' . $user->username . ' logged in via facebook');
return $user;
break;
case YumUserIdentity::ERROR_STATUS_INACTIVE:
$user->addError('status', Yum::t('Your account is not activated.'));
break;
case YumUserIdentity::ERROR_STATUS_BANNED:
$user->addError('status', Yum::t('Your account is blocked.'));
break;
case YumUserIdentity::ERROR_PASSWORD_INVALID:
Yum::log(Yum::t('Failed login attempt for {username} via facebook', array('{username}' => $user->username)), 'error');
$user->addError('status', Yum::t('Password incorrect.'));
break;
}
return false;
} catch (FacebookApiException $e) {
/* FIXME: Workaround for avoiding the 'Error validating access token.'
* inmediatly after a user logs out. This is nasty. Any other
* approach to solve this issue is more than welcomed.
*/
Yum::log('Failed login attempt for ' . $user->username . ' via facebook', 'error');
return false;
}
} else {
return false;
}
}
public function actionUpdate($id)
{
$user = $this->loadUser($id);
$profile = false;
if (Yum::hasModule('profile')) {
$profile = $user->profile;
}
$passwordform = new YumUserChangePassword();
if (isset($_POST['YumUser'])) {
$user->attributes = $_POST['YumUser'];
$user->validate();
if ($profile && isset($_POST['YumProfile'])) {
$profile->attributes = $_POST['YumProfile'];
}
if (!$user->hasErrors()) {
if (isset($_POST['YumUser']['roles'])) {
$user->syncRoles($_POST['YumUser']['roles']);
} else {
$user->syncRoles();
}
// Password change is requested ?
if (isset($_POST['YumUserChangePassword']) && $_POST['YumUserChangePassword']['password'] != '') {
$passwordform->attributes = $_POST['YumUserChangePassword'];
if ($passwordform->validate()) {
$user->setPassword($_POST['YumUserChangePassword']['password']);
}
}
if (!$passwordform->hasErrors() && $user->save()) {
if (isset($profile) && $profile) {
$profile->save();
}
$this->redirect(array('admin'));
}
}
}
$this->render('update', array('user' => $user, 'passwordform' => $passwordform, 'profile' => $profile));
}
public function actionUpdate() {
$model = $this->loadUser();
$passwordform = new YumUserChangePassword();
if(isset($_POST['YumUser'])) {
$model->attributes = $_POST['YumUser'];
if(Yum::hasModule('role')) {
Yii::import('application.modules.role.models.*');
// Assign the roles and belonging Users to the model
$model->roles = Relation::retrieveValues($_POST);
}
if(Yum::hasModule('profile')) {
$profile = $model->profile;
if(isset($_POST['YumProfile']) )
$profile->attributes = $_POST['YumProfile'];
}
// Password change is requested ?
if(isset($_POST['YumUserChangePassword'])
&& $_POST['YumUserChangePassword']['password'] != '') {
$passwordform->attributes = $_POST['YumUserChangePassword'];
if($passwordform->validate())
$model->setPassword($_POST['YumUserChangePassword']['password']);
}
if(!$passwordform->hasErrors() && $model->save()) {
if(isset($profile))
$profile->save();
$this->redirect(array('//user/user/view', 'id' => $model->id));
}
}
$this->render('update', array(
'model'=>$model,
'passwordform' =>$passwordform,
'profile' => isset($profile) ? $profile : false,
));
}
/**
* Password recovery routine. The User will receive an email with an
* activation link. If clicked, he will be prompted to enter his new
* password.
*/
public function actionRecovery($email = null, $key = null) {
$form = new YumPasswordRecoveryForm;
if ($email != null && $key != null) {
if($profile = YumProfile::model()->find('email = :email', array(
'email' => $email))) {
$user = $profile->user;
if($user->activationKey == $key) {
$passwordform = new YumUserChangePassword;
if (isset($_POST['YumUserChangePassword'])) {
$passwordform->attributes = $_POST['YumUserChangePassword'];
if ($passwordform->validate()) {
$user->password = YumUser::encrypt($passwordform->password);
$user->activationKey = YumUser::encrypt(microtime() . $passwordform->password);
$user->save();
Yum::setFlash('Your new password has been saved.');
$this->redirect(Yum::module()->loginUrl);
}
}
$this->render(
Yum::module('registration')->changePasswordView, array(
'form' => $passwordform));
Yii::app()->end();
} else {
$form->addError('login_or_email', Yum::t('Invalid recovery key'));
Yum::log(Yum::t(
'Someone tried to recover a password, but entered a wrong recovery key. Email is {email}, associated user is {username} (id: {uid})', array(
'{email}' => $email,
'{uid}' => $user->id,
'{username}' => $user->username)));
}
}
} else {
if (isset($_POST['YumPasswordRecoveryForm'])) {
$form->attributes = $_POST['YumPasswordRecoveryForm'];
if ($form->validate()) {
Yum::setFlash(
'Instructions have been sent to you. Please check your email.');
if($form->user instanceof YumUser) {
$form->user->generateActivationKey();
$recovery_url = $this->createAbsoluteUrl(
Yum::module('registration')->recoveryUrl[0], array(
'key' => $form->user->activationKey,
'email' => $form->user->profile->email));
Yum::log(Yum::t(
'{username} successfully requested a new password in the password recovery form. A email with the password recovery url {recovery_url} has been sent to {email}', array(
'{email}' => $form->user->profile->email,
'{recovery_url}' => $recovery_url,
'{username}' => $form->user->username)));
$content = YumTextSettings::model()->find(
'language = :lang', array('lang' => Yii::app()->language));
$sent = null;
if (is_object($content)) {
$mail = array(
'from' => Yii::app()->params['adminEmail'],
'to' => $form->user->profile->email,
'subject' => $content->subject_email_registration,
'body' => strtr($content->text_email_recovery, array(
'{recovery_url}' => $recovery_url)),
);
$sent = YumMailer::send($mail);
} else {
throw new CException(Yum::t('The messages for your application language are not defined.'));
}
} else
Yum::log(Yum::t(
'A password has been requested, but no associated user was found in the database. Requested user/email is: {username}', array(
'{username}' => $form->login_or_email)));
$this->redirect(Yum::module()->loginUrl);
}
}
}
$this->render(Yum::module('registration')->recoverPasswordView, array(
'form' => $form));
}