Esempio n. 1
0
 /**
  * Displays the 'login' page.
  */
 public function actionLogin()
 {
     $modelClass = $this->module->getClassName(Module::CLASS_LOGIN_FORM);
     /** @var \nordsoftware\yii_account\models\form\LoginForm $model */
     $model = new $modelClass();
     $request = \Yii::app()->request;
     $this->runAjaxValidation($model, $this->loginFormId);
     if ($request->isPostRequest) {
         $model->attributes = $request->getPost(Helper::classNameToPostKey($modelClass));
         if ($model->validate() && $model->login()) {
             /** @var \nordsoftware\yii_account\models\ar\Account $account */
             $account = \Yii::app()->user->loadAccount();
             // Check if the password has expired and require a password change if necessary.
             if ($model->hasPasswordExpired($account->id)) {
                 $account->saveAttributes(array('requireNewPassword' => true));
             }
             // Redirect the logged in user to change the password if it needs to be changed.
             if ($account->requireNewPassword) {
                 $token = $this->module->generateToken(Module::TOKEN_CHANGE_PASSWORD, $account->id);
                 // Logout the user to deny access to restricted actions until the password has been changed.
                 \Yii::app()->user->logout();
                 $this->redirect(array('/account/password/change', 'token' => $token));
             }
             $this->redirect(\Yii::app()->user->returnUrl);
         }
     }
     $this->render('login', array('model' => $model));
 }
Esempio n. 2
0
 /**
  * Displays the 'sign up' page.
  */
 public function actionIndex()
 {
     $modelClass = $this->module->getClassName(Module::CLASS_SIGNUP_FORM);
     /** @var \nordsoftware\yii_account\models\form\SignupForm $model */
     $model = new $modelClass();
     if ($this->module->enableCaptcha) {
         $model->scenario = 'withCaptcha';
     }
     $request = \Yii::app()->request;
     $this->runAjaxValidation($model, $this->formId);
     if ($request->isPostRequest) {
         $model->attributes = $request->getPost(Helper::classNameToPostKey($modelClass));
         if ($model->validate()) {
             $accountClass = $this->module->getClassName(Module::CLASS_ACCOUNT);
             /** @var \nordsoftware\yii_account\models\ar\Account $account */
             $account = new $accountClass();
             $account->attributes = $model->attributes;
             if ($account->validate()) {
                 if (!$account->save(false)) {
                     $this->fatalError();
                 }
                 $model->createHistoryEntry($account->id, $account->salt, $account->password);
                 if (!$this->module->enableActivation) {
                     $account->saveAttributes(array('status' => Account::STATUS_ACTIVATED));
                     $this->redirect(array('/account/authenticate/login'));
                 }
                 $this->sendActivationMail($account);
                 $this->redirect(array('done'));
             }
             // todo: figure out how to avoid this, the problem is that password validation is done on the account
             foreach ($account->getErrors() as $attribute => $errors) {
                 foreach ($errors as $error) {
                     $model->addError($attribute, $error);
                 }
             }
         }
         // reset the captcha if validation failed.
         $model->captcha = '';
     }
     $this->render('index', array('model' => $model));
 }
Esempio n. 3
0
 /**
  * Performs logic to change the password for an account.
  *
  * @param \nordsoftware\yii_account\models\ar\AccountToken $tokenModel authentication token model.
  * @return \nordsoftware\yii_account\models\form\PasswordForm the form model.
  */
 protected function changePasswordInternal(AccountToken $tokenModel)
 {
     $modelClass = $this->module->getClassName(Module::CLASS_PASSWORD_FORM);
     /** @var \nordsoftware\yii_account\models\form\PasswordForm $model */
     $model = new $modelClass();
     $request = \Yii::app()->request;
     $this->runAjaxValidation($model, $this->changeFormId);
     if ($request->isPostRequest) {
         $model->attributes = $request->getPost(Helper::classNameToPostKey($modelClass));
         if ($model->validate()) {
             $accountClass = $this->module->getClassName(Module::CLASS_ACCOUNT);
             /** @var \nordsoftware\yii_account\models\ar\Account $account */
             $account = \CActiveRecord::model($accountClass)->findByPk($tokenModel->accountId);
             // Check that the password has not been used in the past.
             if ($model->checkPasswordHistory($account, $model->password)) {
                 $model->addError('password', Helper::t('errors', 'You have already used this password.'));
             }
             if (!$model->hasErrors() && $account->changePassword($model->password, true)) {
                 $model->createHistoryEntry($account->id, $account->salt, $account->password);
                 // We need to reset the requireNewPassword flag if applicable when the password has been changed.
                 if ($account->requireNewPassword && !$account->saveAttributes(array('requireNewPassword' => false))) {
                     $this->fatalError();
                 }
                 if (!$tokenModel->saveAttributes(array('status' => AccountToken::STATUS_USED))) {
                     $this->fatalError();
                 }
                 $this->redirect(array('/account/authenticate/login'));
             }
             // todo: figure out how to avoid this, the problem is that password validation is done on the account
             $model->addError('password', $account->getError('password'));
         }
     }
     return $model;
 }