/** * Change a user password. * This is a method that you request via AJAX. * */ public function update_password($url=null) { // First, get the record $record = User::find('first', array('conditions' => array('url' => $url))); if(!$record) { return array('error' => true, 'response' => 'User record not found.'); } $user = Auth::check('minerva_user'); if(!$user) { //$this->redirect('/'); return array('error' => true, 'response' => 'You must be logged in to change your password.'); //exit(); } $record_data = $record->data(); if($user['_id'] != $record_data['_id']) { //$this->redirect('/'); return array('error' => true, 'response' => 'You can only change your own password.'); //exit(); } // Update the record if ($this->request->data) { // Make sure the password matches the confirmation if($this->request->data['password'] != $this->request->data['password_confirm']) { return array('error' => true, 'response' => 'You must confirm your password change by typing it again in the confirm box.'); } // Call save from the main app's User model if($record->save($this->request->data)) { //$this->redirect(array('controller' => 'users', 'action' => 'manage', $url)); return array('error' => false, 'response' => 'Password has been updated successfully.'); } else { return array('error' => true, 'response' => 'Failed to update password, try again.'); } } else { return array('error' => true, 'response' => 'You must pass the proper data to change your password and you can\'t call this URL directly.'); } }
public static function __init() { $class = __CLASS__; /** * ROLES * Note: You don't need to use Minerva's role based access system. * It's a very lightweight system designed to provide basic coverage. * Your needs may fall within the scope of it and you can feel free to * create new roles and access rules using the Access class. However, you * may not find it meeting your needs. You can create your own access * system and simply ignore the "role" field on the User model and/or * always set it to "administrator" and use a different field. * If you don't want to use Minerva's basic role system, you'll need to * adjust the access rules for each controller (which can be done in * your library's Page/User/Block model). */ // Replace user roles $class::_object()->_user_roles = static::_object()->_user_roles; // Fill form with role options $class::_object()->_schema['role']['form']['options'] = User::user_roles(); /* * Some special validation rules */ Validator::add('uniqueEmail', function($value) { $user = User::find('first', array('fields' => array('_id'), 'conditions' => array('email' => $value))); if(!empty($user)) { return false; } return true; }); Validator::add('notEmptyHash', function($value) { if($value == 'da39a3ee5e6b4b0d3255bfef95601890afd80709') { return false; } return true; }); Validator::add('moreThanFive', function($value) { if(strlen($value) < 5) { return false; } return true; }); parent::__init(); }