function setUp() { // backup the project unique identifier field $this->member_unique_identifier_field = Member::get_unique_identifier_field(); Member::set_unique_identifier_field('Email'); parent::setUp(); }
function doSave($data, $form) { if (isset($data['Password']) && is_array($data['Password'])) { $data['Password'] = $data['Password']['_Password']; } // We need to ensure that the unique field is never overwritten $uniqueField = Member::get_unique_identifier_field(); if (isset($data[$uniqueField])) { $SQL_unique = Convert::raw2sql($data[$uniqueField]); $existingUniqueMember = Member::get()->filter(array($uniqueField => $SQL_unique))->first(); if ($existingUniqueMember && $existingUniqueMember->exists()) { if (Member::currentUserID() != $existingUniqueMember->ID) { die("current member does not match enrolled member."); return false; } } } $member = Member::currentUser(); if (!$member) { $member = new Member(); } $member->update($data); $member->write(); $arrayExtraFields = array(); if (isset($data["SelectedOption"])) { $arrayExtraFields["SelectedOption"] = $data["SelectedOption"]; } if (isset($data["BookingCode"])) { $arrayExtraFields["BookingCode"] = $data["BookingCode"]; } $this->controller->addAttendee($member, $arrayExtraFields); $this->redirect($this->getController()->Link("thankyou")); return; }
public function setUp() { parent::setUp(); // Fixtures assume Email is the field used to identify the log in identity self::$original_unique_identifier_field = Member::get_unique_identifier_field(); Member::set_unique_identifier_field('Email'); }
public function getRequiredFields(Order $order) { if (Member::currentUserID() || !Checkout::membership_required()) { return array(); } return array(Member::get_unique_identifier_field(), 'Password'); }
function setUp() { parent::setUp(); $this->orig['Member_unique_identifier_field'] = Member::get_unique_identifier_field(); Member::set_unique_identifier_field('Email'); Member::set_password_validator(null); }
function testEcommerceRoleCreateOrMerge() { $member = $this->objFromFixture('Member', 'member1'); $this->session()->inst_set('loggedInAs', $member->ID); $uniqueField = Member::get_unique_identifier_field(); $this->assertEquals('*****@*****.**', $member->getField($uniqueField), 'The unique field is the email address'); $this->assertEquals('US', $member->getField('Country'), 'The country is US'); /* Change the email address to a new one (doesn't exist) */ $member = EcommerceRole::createOrMerge(array('Country' => 'AU', $uniqueField => '*****@*****.**')); $this->assertType('object', $member, 'The member is an object, not FALSE'); $this->assertEquals('*****@*****.**', $member->getField($uniqueField), 'The unique field is changed (no member with that email)'); $this->assertEquals('AU', $member->getField('Country'), 'The member country is now AU'); /* Change the data (update existing record - logged in member owns this email) */ $member = EcommerceRole::createOrMerge(array('Country' => 'NZ', $uniqueField => '*****@*****.**')); $this->assertType('object', $member, 'The member is an object, not FALSE'); $this->assertEquals('*****@*****.**', $member->getField($uniqueField), 'The unique field is the same (updated own record)'); $this->assertEquals('NZ', $member->getField('Country'), 'The member country is now NZ'); /* Change the email address to one exists (we should not get a member back when trying to merge!) */ $member = EcommerceRole::createOrMerge(array('Country' => 'US', $uniqueField => '*****@*****.**')); $this->assertFalse($member, 'No member returned because we tried to merge an email that already exists in the DB'); /* Log the member out */ $this->session()->inst_set('loggedInAs', null); /* Non-logged in site user creating a new member with email that doesn't exist */ $member = EcommerceRole::createOrMerge(array('Country' => 'NZ', $uniqueField => '*****@*****.**')); $this->assertType('object', $member, 'The member is an object, not FALSE'); $this->assertEquals('*****@*****.**', $member->getField($uniqueField)); $this->assertEquals('NZ', $member->getField('Country'), 'The member country is NZ'); /* Non-logged in site user creating a member with email that DOES exist */ $member = EcommerceRole::createOrMerge(array('Country' => 'AU', $uniqueField => '*****@*****.**')); $this->assertFalse($member, 'The new user tried to create a member with an email that already exists, FALSE returned'); $member = EcommerceRole::createOrMerge(array('Country' => 'AU', $uniqueField => '*****@*****.**')); $this->assertFalse($member, 'Even if the email has a different case, FALSE is still returned'); }
function testCustomIdentifierField() { $origField = Member::get_unique_identifier_field(); Member::set_unique_identifier_field('Username'); $label = singleton('Member')->fieldLabel(Member::get_unique_identifier_field()); $this->assertEquals($label, 'Username'); Member::set_unique_identifier_field($origField); }
public function getMembershipFields() { $fields = $this->getContactFields(); $idfield = Member::get_unique_identifier_field(); if (!$fields->fieldByName($idfield)) { $fields->push(TextField::create($idfield, $idfield)); //TODO: scaffold the correct id field } $fields->push($this->getPasswordField()); return $fields; }
public function Link($action = null) { $dashboard = $this->currentDashboard; if ($dashboard && $dashboard->URLSegment != 'main') { $identifier = Member::get_unique_identifier_field(); $identifier = $dashboard->Owner()->{$identifier}; $segment = $dashboard->URLSegment ? $dashboard->URLSegment : 'main'; return Controller::join_links($this->data()->Link(true), 'board', $segment, $dashboard->Owner()->ID, $action); } else { return $this->data()->Link($action ? $action : true); } }
function setUp() { // This test assumes that MemberAuthenticator is present and the default $this->priorAuthenticators = Authenticator::get_authenticators(); $this->priorDefaultAuthenticator = Authenticator::get_default_authenticator(); Authenticator::register('MemberAuthenticator'); Authenticator::set_default_authenticator('MemberAuthenticator'); // And that the unique identified field is 'Email' $this->priorUniqueIdentifierField = Member::get_unique_identifier_field(); Member::set_unique_identifier_field('Email'); parent::setUp(); }
public function doProcess($data, $form, $request) { $order = new Order(); $items = $order->Items(); $member = Member::currentUserID() ? Member::currentUser() : new Member(); $paymentClass = isset($data['PaymentMethod']) ? $data['PaymentMethod'] : null; $payment = class_exists($paymentClass) ? new $paymentClass() : null; $requirePayment = $order->Subtotal() > 0 ? true : false; if (!($items && $items->Count() > 0)) { $form->sessionMessage(_t('OrderForm.NOITEMS', 'Error placing order: You have no items in your cart.'), 'bad'); return Director::redirectBack(); } if ($requirePayment) { if (!($payment && $payment instanceof Payment)) { user_error("OrderForm::doProcess(): '{$paymentClass}' is not a valid payment class!", E_USER_ERROR); } } // Ensure existing members don't get their record hijacked (IMPORTANT!) if (!$member->checkUniqueFieldValue($data)) { $uniqueField = Member::get_unique_identifier_field(); $uniqueValue = $data[$uniqueField]; $uniqueError = "Error placing order: The %s \"%d\" is\n\t\t\t\talready taken by another member. If this belongs to you, please\n\t\t\t\tlog in first before placing your order."; $form->sessionMessage(_t('EcommerceMemberExtension.ALREADYEXISTS', printf($uniqueError, strtolower($uniqueField), $uniqueValue), PR_MEDIUM, 'Let the user know that member already exists (e.g. %s could be "Email", %d could be "joe@somewhere.com)'), 'bad'); return Director::redirectBack(); } $form->saveInto($member); if (!$member->Password) { $member->setField('Password', Member::create_new_password()); } $member->write(); $form->saveInto($order); try { $result = $order->process($member->ID); } catch (Exception $e) { $form->sessionMessage(_t('OrderForm.PROCESSERROR', "An error occurred while placing your order: {$e->getMessage()}.<br>\n\t\t\t\t\tPlease contact the website administrator."), 'bad'); // Send an email to site admin with $e->getMessage() error return Director::redirectBack(); } if ($requirePayment) { $form->saveInto($payment); $payment->write(); $result = $payment->processPayment($data, $form); if ($result->isSuccess()) { $order->sendReceipt(); } // Long payment process. e.g. user goes to external site to pay (PayPal, WorldPay) if ($result->isProcessing()) { return $result->getValue(); } } Director::redirect($order->Link()); }
/** * Ensures member unique id stays unique. */ public function php($data) { $valid = parent::php($data); $field = Member::get_unique_identifier_field(); if (isset($data[$field])) { $uid = $data[Member::get_unique_identifier_field()]; $currentmember = Member::currentUser(); //can't be taken if (DataObject::get_one('Member', "{$field} = '{$uid}' AND ID != " . $currentmember->ID)) { $this->validationError($field, "\"{$uid}\" is already taken by another member. Try another.", "required"); $valid = false; } } return $valid; }
/** * Change the password. * * @param string $username * The username to find. * @param string $password * The new password, plain text. */ public function changePassword($username = null, $password = null) { // Validate the input. if (!$username || !$password) { return 'Unable to change password. Invalid username or password'; } // Find the user. $member = Member::get_one('Member', sprintf('"%s" = \'%s\'', Member::get_unique_identifier_field(), Convert::raw2sql($username))); if (!$member) { return "Unable to find user '{$username}'."; } // Modify the user. $member->Password = $password; $member->write(); }
function __construct($controller, $name = "MemberRegistrationForm", $fields = null) { if (!$fields) { $restrictfields = array(Member::get_unique_identifier_field(), 'FirstName', 'Surname'); $fields = singleton('Member')->scaffoldFormFields(array('restrictFields' => $restrictfields, 'fieldClasses' => array('Email' => 'EmailField'))); } $fields->push(new ConfirmedPasswordField("Password")); $actions = new FieldList($register = new FormAction('register', "Register")); $validator = new MemberRegistration_Validator(Member::get_unique_identifier_field(), 'FirstName', 'Surname'); parent::__construct($controller, $name, $fields, $actions, $validator); if (class_exists('SpamProtectorManager')) { $this->enableSpamProtection(); } $this->extend('updateMemberRegistrationForm'); }
/** * Constructor * * @param Controller $controller The parent controller, necessary to * create the appropriate form action tag. * @param string $name The method on the controller that will return this * form object. * @param FieldList|FormField $fields All of the fields in the form - a * {@link FieldList} of {@link FormField} * objects. * @param FieldList|FormAction $actions All of the action buttons in the * form - a {@link FieldList} of * {@link FormAction} objects * @param bool $checkCurrentUser If set to TRUE, it will be checked if a * the user is currently logged in, and if * so, only a logout button will be rendered * @param string $authenticatorClassName Name of the authenticator class that this form uses. */ function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true) { // This is now set on the class directly to make it easier to create subclasses // $this->authenticator_class = $authenticatorClassName; $customCSS = project() . '/css/member_login.css'; if (Director::fileExists($customCSS)) { Requirements::css($customCSS); } if (isset($_REQUEST['BackURL'])) { $_REQUEST['BackURL'] = str_replace("/RegistrationForm", "", $_REQUEST['BackURL']); $backURL = $_REQUEST['BackURL']; } else { if (strpos(Session::get('BackURL'), "/RegistrationForm") > 0) { Session::set('BackURL', str_replace("/RegistrationForm", "", Session::get('BackURL'))); } $backURL = str_replace("/RegistrationForm", "", Session::get('BackURL')); } if ($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) { $fields = new FieldList(new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this)); $actions = new FieldList(new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else"))); } else { if (!$fields) { $label = singleton('Member')->fieldLabel(Member::get_unique_identifier_field()); $fields = new FieldList(new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this), new TextField("Email", $label, Session::get('SessionForms.MemberLoginForm.Email'), null, $this), new PasswordField("Password", _t('Member.PASSWORD', 'Password'))); if (Security::$autologin_enabled) { $fields->push(new CheckboxField("Remember", _t('Member.REMEMBERME', "Remember me next time?"))); } } if (!$actions) { $actions = new FieldList(new FormAction('dologin', _t('Member.BUTTONLOGIN', "Log in")), new LiteralField('forgotPassword', '<p id="ForgotPassword"><a href="Security/lostpassword">' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>'), new LiteralField('resendEmail', '<p id="ResendEmail"><a href="Security/verifyemail">' . _t('EmailVerifiedMember.BUTTONRESENDEMAIL', "I've lost my verification email") . '</a></p>')); } } if (isset($backURL)) { $fields->push(new HiddenField('BackURL', 'BackURL', $backURL)); } parent::__construct($controller, $name, $fields, $actions); // Focus on the email input when the page is loaded // Only include this if other form JS validation is enabled /* if($this->getValidator()->getJavascriptValidationHandler() != 'none') { Requirements::customScript(<<<JS (function() { var el = document.getElementById("MemberLoginForm_LoginForm_Email"); if(el && el.focus) el.focus(); })(); JS ); }*/ }
/** * Check that no existing members have the same value * for their unique field. This is useful for checking * if a member already exists with a certain email address. * * If the member is logged in, and the existing member found * has the same ID (it's them), return TRUE because this is * their own member account. * * @param array $data Raw data to check from a form request * @return boolean TRUE is unique | FALSE not unique */ public function checkUniqueFieldValue($data) { $field = Member::get_unique_identifier_field(); $value = isset($data[$field]) ? $data[$field] : null; if (!$value) { return true; } $SQL_value = Convert::raw2sql($value); $existingMember = DataObject::get_one('Member', "{$field} = '{$SQL_value}'"); if ($existingMember && $existingMember->exists()) { if ($this->owner->ID != $existingMember->ID) { return false; } } return true; }
/** * Create a new member with given data for a new member, * or merge the data into the logged in member. * * IMPORTANT: Before creating a new Member record, we first * check that the request email address doesn't already exist. * * @param array $data Form request data to update the member with * @return boolean|object Member object or boolean FALSE */ public static function createOrMerge($data) { // Because we are using a ConfirmedPasswordField, the password will // be an array of two fields if (isset($data['Password']) && is_array($data['Password'])) { $data['Password'] = $data['Password']['_Password']; } // We need to ensure that the unique field is never overwritten $uniqueField = Member::get_unique_identifier_field(); if (isset($data[$uniqueField])) { $SQL_unique = Convert::raw2xml($data[$uniqueField]); $existingUniqueMember = DataObject::get_one('Member', "{$uniqueField} = '{$SQL_unique}'"); if ($existingUniqueMember && $existingUniqueMember->exists()) { if (Member::currentUserID() != $existingUniqueMember->ID) { return false; } } } if (!($member = Member::currentUser())) { $member = new Member(); } $member->update($data); return $member; }
public function handleUser($request) { $segment = $this->request->param('Segment'); $identifier = $this->request->param('Identifier'); try { $userId = (int) $identifier; if (!$userId) { $field = Member::get_unique_identifier_field(); $member = DataList::create('Member')->filter(array($field => $identifier))->first(); if ($member) { $userId = $member->ID; } } if (!$segment) { $segment = 'main'; } $board = $this->getDashboard($segment, $userId); } catch (PermissionDeniedException $pde) { return Security::permissionFailure($this, 'You do not have permission to view that'); } if ($board) { // need this call to make sure the params are properly processed $this->request->allParams(); $cls = get_class($this); $controller = $this->injector->create($cls, $this->dataRecord, $board); return $controller; } return $this->httpError(404, "Board {$segment} does not exist"); }
/** * Ensures member unique id stays unique and other basic stuff... * @param array $data = Form Data * @return Boolean */ function php($data) { $this->form->saveDataToSession(); if (Member::currentUserID()) { $allowExistingEmail = false; } else { $allowExistingEmail = true; } $valid = parent::php($data, $allowExistingEmail); if ($this->form->uniqueMemberFieldCanBeUsed($data)) { //do nothing } else { $uniqueFieldName = Member::get_unique_identifier_field(); $this->validationError($uniqueFieldName, _t("OrderForm.EMAILFROMOTHERUSER", 'Sorry, an account with that email is already in use by another customer. If this is your email address then please log in first before placing your order.'), "required"); $valid = false; } if (!$valid) { $this->form->sessionMessage(_t("OrderForm.ERRORINFORM", "We could not proceed with your order, please check your errors below."), "bad"); $this->form->messageForForm("OrderForm", _t("OrderForm.ERRORINFORM", "We could not proceed with your order, please check your errors below."), "bad"); } return $valid; }
/** * Add existing member to group rather than creating a new member */ function addtogroup() { // Protect against CSRF on destructive action $token = $this->getForm()->getSecurityToken(); if (!$token->checkRequest($this->controller->getRequest())) { return $this->httpError(400); } $data = $_REQUEST; $groupID = isset($data['ctf']['ID']) ? $data['ctf']['ID'] : null; if (!is_numeric($groupID)) { FormResponse::status_messsage(_t('MemberTableField.ADDINGFIELD', 'Adding failed'), 'bad'); return; } // Get existing record either by ID or unique identifier. $identifierField = Member::get_unique_identifier_field(); $className = self::$data_class; $record = null; if (isset($data[$identifierField])) { $record = DataObject::get_one($className, sprintf('"%s" = \'%s\'', $identifierField, $data[$identifierField])); if ($record && !$record->canEdit()) { return $this->httpError('401'); } } // Fall back to creating a new record if (!$record) { $record = new $className(); } // Update an existing record, or populate a new one. // If values on an existing (autocompleted) record have been changed, // they will overwrite current data. We need to unset 'ID' // record as it points to the group rather than the member record, and would // cause the member to be written to a potentially existing record. unset($data['ID']); $record->update($data); // Validate record, mainly password restrictions. // Note: Doesn't use Member_Validator $valid = $record->validate(); if ($valid->valid()) { $record->write(); $record->Groups()->add($groupID); $this->sourceItems(); // TODO add javascript to highlight added row (problem: might not show up due to sorting/filtering) FormResponse::update_dom_id($this->id(), $this->renderWith($this->template), true); FormResponse::status_message(_t('MemberTableField.ADDEDTOGROUP', 'Added member to group'), 'good'); } else { $message = sprintf(_t('MemberTableField.ERRORADDINGUSER', 'There was an error adding the user to the group: %s'), Convert::raw2xml($valid->starredList())); FormResponse::status_message($message, 'bad'); } return FormResponse::respond(); }
/** * Constructor * * @param Controller $controller The parent controller, necessary to * create the appropriate form action tag. * @param string $name The method on the controller that will return this * form object. * @param FieldList|FormField $fields All of the fields in the form - a * {@link FieldList} of {@link FormField} * objects. * @param FieldList|FormAction $actions All of the action buttons in the * form - a {@link FieldList} of * {@link FormAction} objects * @param bool $checkCurrentUser If set to TRUE, it will be checked if a * the user is currently logged in, and if * so, only a logout button will be rendered * @param string $authenticatorClassName Name of the authenticator class that this form uses. */ function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true) { // This is now set on the class directly to make it easier to create subclasses // $this->authenticator_class = $authenticatorClassName; $customCSS = project() . '/css/member_login.css'; if(Director::fileExists($customCSS)) { Requirements::css($customCSS); } if(isset($_REQUEST['BackURL'])) { $backURL = $_REQUEST['BackURL']; } else { $backURL = Session::get('BackURL'); } if($checkCurrentUser && Member::currentUser() && Member::logged_in_session_exists()) { $fields = new FieldList( new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this) ); $actions = new FieldList( new FormAction("logout", _t('Member.BUTTONLOGINOTHER', "Log in as someone else")) ); } else { if(!$fields) { $label=singleton('Member')->fieldLabel(Member::get_unique_identifier_field()); $fields = new FieldList( new HiddenField("AuthenticationMethod", null, $this->authenticator_class, $this), //Regardless of what the unique identifer field is (usually 'Email'), it will be held in the 'Email' value, below: new TextField("Email", $label, Session::get('SessionForms.MemberLoginForm.Email'), null, $this), new PasswordField("Password", _t('Member.PASSWORD', 'Password')) ); if(Security::$autologin_enabled) { $fields->push(new CheckboxField( "Remember", _t('Member.REMEMBERME', "Remember me next time?") )); } } if(!$actions) { $actions = new FieldList( new FormAction('dologin', _t('Member.BUTTONLOGIN', "Log in")), new LiteralField( 'forgotPassword', '<p id="ForgotPassword"><a href="Security/lostpassword">' . _t('Member.BUTTONLOSTPASSWORD', "I've lost my password") . '</a></p>' ) ); } } if(isset($backURL)) { $fields->push(new HiddenField('BackURL', 'BackURL', $backURL)); } parent::__construct($controller, $name, $fields, $actions); // Focus on the email input when the page is loaded Requirements::customScript(<<<JS (function() { var el = document.getElementById("MemberLoginForm_LoginForm_Email"); if(el && el.focus) el.focus(); })(); JS ); }
/** * Authenticate using the given email and password, returning the * appropriate member object if * * @return bool|Member Returns FALSE if authentication fails, otherwise * the member object * @see setDefaultAdmin() */ public static function authenticate($RAW_email, $RAW_password) { $SQL_email = Convert::raw2sql($RAW_email); $SQL_password = Convert::raw2sql($RAW_password); // Default login (see {@setDetaultAdmin()}) if ($RAW_email == self::$default_username && $RAW_password == self::$default_password && !empty(self::$default_username) && !empty(self::$default_password)) { $member = self::findAnAdministrator(); } else { $member = DataObject::get_one("Member", "\"" . Member::get_unique_identifier_field() . "\" = '{$SQL_email}' AND \"Password\" IS NOT NULL"); if ($member && $member->checkPassword($RAW_password) == false) { $member = null; } } return $member; }
public function Link($action = '') { $identifier = Member::get_unique_identifier_field(); $identifier = $this->Owner()->{$identifier}; if ($this->controller) { return Controller::join_links($this->controller->Link(), 'user', $identifier, $this->URLSegment, $action); } return Controller::join_links(Director::baseURL(), 'dashboard', 'user', $identifier, $this->URLSegment, $action); }
/** * Method to authenticate an user * * @param array $RAW_data Raw data to authenticate the user * @param Form $form Optional: If passed, better error messages can be * produced by using * {@link Form::sessionMessage()} * @return bool|Member Returns FALSE if authentication fails, otherwise * the member object * @see Security::setDefaultAdmin() */ public static function authenticate($RAW_data, Form $form = null) { if (array_key_exists('Email', $RAW_data) && $RAW_data['Email']) { $SQL_user = Convert::raw2sql($RAW_data['Email']); } else { return false; } $isLockedOut = false; $result = null; // Default login (see Security::setDefaultAdmin()) if (Security::check_default_admin($RAW_data['Email'], $RAW_data['Password'])) { $member = Security::findAnAdministrator(); } else { $member = DataObject::get_one("Member", "\"" . Member::get_unique_identifier_field() . "\" = '{$SQL_user}' AND \"Password\" IS NOT NULL"); if ($member) { $result = $member->checkPassword($RAW_data['Password']); } else { $result = new ValidationResult(false, _t('Member.ERRORWRONGCRED')); } if ($member && !$result->valid()) { $member->registerFailedLogin(); $member = false; } } // Optionally record every login attempt as a {@link LoginAttempt} object /** * TODO We could handle this with an extension */ if (Security::login_recording()) { $attempt = new LoginAttempt(); if ($member) { // successful login (member is existing with matching password) $attempt->MemberID = $member->ID; $attempt->Status = 'Success'; // Audit logging hook $member->extend('authenticated'); } else { // failed login - we're trying to see if a user exists with this email (disregarding wrong passwords) $existingMember = DataObject::get_one("Member", "\"" . Member::get_unique_identifier_field() . "\" = '{$SQL_user}'"); if ($existingMember) { $attempt->MemberID = $existingMember->ID; // Audit logging hook $existingMember->extend('authenticationFailed'); } else { // Audit logging hook singleton('Member')->extend('authenticationFailedUnknownUser', $RAW_data); } $attempt->Status = 'Failure'; } if (is_array($RAW_data['Email'])) { user_error("Bad email passed to MemberAuthenticator::authenticate(): {$RAW_data['Email']}", E_USER_WARNING); return false; } $attempt->Email = $RAW_data['Email']; $attempt->IP = Controller::curr()->getRequest()->getIP(); $attempt->write(); } // Legacy migration to precision-safe password hashes. // A login-event with cleartext passwords is the only time // when we can rehash passwords to a different hashing algorithm, // bulk-migration doesn't work due to the nature of hashing. // See PasswordEncryptor_LegacyPHPHash class. if ($member && self::$migrate_legacy_hashes && array_key_exists($member->PasswordEncryption, self::$migrate_legacy_hashes)) { $member->Password = $RAW_data['Password']; $member->PasswordEncryption = self::$migrate_legacy_hashes[$member->PasswordEncryption]; $member->write(); } if ($member) { Session::clear('BackURL'); } else { if ($form && $result) { $form->sessionMessage($result->message(), 'bad'); } } return $member; }
/** * Ensures member unique id stays unique and other basic stuff... * @param array $data = array Form Field Data * @param Boolean $allowExistingEmail - see comment below * @return Boolean **/ function php($data, $allowExistingEmail = false) { $this->form->saveDataToSession(); $valid = parent::php($data); $uniqueFieldName = Member::get_unique_identifier_field(); $loggedInMember = Member::currentUser(); $loggedInMemberID = 0; if (isset($data[$uniqueFieldName]) && $data[$uniqueFieldName]) { $isShopAdmin = false; if ($loggedInMember) { $loggedInMemberID = $loggedInMember->ID; if ($loggedInMember->IsShopAdmin()) { $isShopAdmin = true; } } if ($isShopAdmin || $allowExistingEmail) { //do nothing } else { $uniqueFieldValue = Convert::raw2sql($data[$uniqueFieldName]); //can't be taken $otherMembersWithSameEmail = Member::get()->filter(array($uniqueFieldName => $uniqueFieldValue))->exclude(array("ID" => $loggedInMemberID)); if ($otherMembersWithSameEmail->count()) { //we allow existing email // if we are currently NOT logged in // in case we place an order! if ($allowExistingEmail) { //do nothing } else { $message = _t("Account.ALREADYTAKEN", "{uniqueFieldValue} is already taken by another member. Please log in or use another {uniqueFieldName}.", array("uniqueFieldValue" => $uniqueFieldValue, "uniqueFieldName" => $uniqueFieldName)); $this->validationError($uniqueFieldName, $message, "required"); $valid = false; } } } } // check password fields are the same before saving if (isset($data["PasswordCheck1"]) && isset($data["PasswordCheck2"])) { if ($data["PasswordCheck1"] != $data["PasswordCheck2"]) { $this->validationError("PasswordCheck1", _t('Account.PASSWORDSERROR', 'Passwords do not match.'), "required"); $valid = false; } //if you are not logged in, you have not provided a password and the settings require you to be logged in then //we have a problem if (!$loggedInMember && !$data["PasswordCheck1"] && EcommerceConfig::get("EcommerceRole", "must_have_account_to_purchase")) { $this->validationError("PasswordCheck1", _t('Account.SELECTPASSWORD', 'Please select a password.'), "required"); $valid = false; } $letterCount = strlen($data["PasswordCheck1"]); $minLength = Config::inst()->get("ShopAccountForm_Validator", "minimum_password_length"); if ($letterCount > 0 && $letterCount < $minLength) { $this->validationError("PasswordCheck1", _t('Account.PASSWORDMINIMUMLENGTH', 'Password does not meet minimum standards.'), "required"); $valid = false; } } if (isset($data["FirstName"])) { if (strlen($data["FirstName"]) < 2) { $this->validationError("FirstName", _t('Account.NOFIRSTNAME', 'Please enter your first name.'), "required"); $valid = false; } } if (isset($data["Surname"])) { if (strlen($data["Surname"]) < 2) { $this->validationError("Surname", _t('Account.NOSURNAME', 'Please enter your surname.'), "required"); $valid = false; } } if (!$valid) { $this->form->sessionMessage(_t('Account.ERRORINFORM', 'We could not save your details, please check your errors below.'), "bad"); } return $valid; }
/** * Ensures member unique id stays unique and other basic stuff... * @param $data = array Form Field Data * @return Boolean **/ function php($data) { $valid = parent::php($data); $uniqueFieldNameForMember = Member::get_unique_identifier_field(); $uniqueFieldNameForForm = $uniqueFieldNameForMember . "Signup"; $loggedInMember = Member::currentUser(); if (isset($data[$uniqueFieldNameForForm]) && $loggedInMember && $data[$uniqueFieldNameForForm]) { if (!$loggedInMember->IsShopAdmin()) { $uniqueFieldValue = Convert::raw2sql($data[$uniqueFieldNameForForm]); $anotherMember = DataObject::get_one('Member', "\"{$uniqueFieldNameForMember}\" = '{$uniqueFieldValue}' AND \"Member\".\"ID\" <> " . $loggedInMember->ID); //can't be taken if ($anotherMember->Password) { $message = sprintf(_t("Account.ALREADYTAKEN", '%1$s is already taken by another member. Please log in or use another %2$s'), $uniqueFieldValue, $uniqueFieldNameForForm); $this->validationError($uniqueFieldNameForForm, $message, "required"); $valid = false; } } } /* // check password fields are the same before saving if(isset($data["Password"]["_Password"]) && isset($data["Password"]["_ConfirmPassword"])) { if($data["Password"]["_Password"] != $data["Password"]["_ConfirmPassword"]) { $this->validationError( "Password", _t('Account.PASSWORDSERROR', 'Passwords do not match.'), "required" ); $valid = false; } if(!$loggedInMember && !$data["Password"]["_Password"]) { $this->validationError( "Password", _t('Account.SELECTPASSWORD', 'Please select a password.'), "required" ); $valid = false; } } * */ if (!$valid) { $this->form->sessionMessage(_t('Account.ERRORINFORM', 'We could not save your details, please check your errors below.'), "bad"); } return $valid; }
public static function ecommerce_create_or_merge($data) { // Because we are using a ConfirmedPasswordField, the password will // be an array of two fields if (isset($data['Password']) && is_array($data['Password'])) { $data['Password'] = $data['Password']['_Password']; } // We need to ensure that the unique field is never overwritten $uniqueField = Member::get_unique_identifier_field(); if (isset($data[$uniqueField])) { $SQL_unique = Convert::raw2xml($data[$uniqueField]); // TODO review - should $uniqueField be quoted by Member::get_unique_identifier_field() already? (this would be sapphire bug) $existingUniqueMember = DataObject::get_one('Member', "\"{$uniqueField}\" = '{$SQL_unique}'"); if ($existingUniqueMember && $existingUniqueMember->exists()) { if (Member::currentUserID() != $existingUniqueMember->ID) { return false; } } } if (!($member = Member::currentUser())) { $member = new Member(); } $member->update($data); return $member; }
/** * Ajax autocompletion */ public function autocomplete() { $fieldName = $this->urlParams['ID']; $fieldVal = $_REQUEST[$fieldName]; $result = ''; $uidField = Member::get_unique_identifier_field(); // Make sure we only autocomplete on keys that actually exist, and that we don't autocomplete on password if (!singleton($this->stat('subitem_class'))->hasDatabaseField($fieldName) || $fieldName == 'Password') { return; } $matches = DataObject::get($this->stat('subitem_class'), "\"{$fieldName}\" LIKE '" . Convert::raw2sql($fieldVal) . "%'"); if ($matches) { $result .= "<ul>"; foreach ($matches as $match) { // If the current user doesnt have permissions on the target user, // he's not allowed to add it to a group either: Don't include it in the suggestions. if (!$match->canView() || !$match->canEdit()) { continue; } $data = array(); foreach ($match->summaryFields() as $k => $v) { $data[$k] = $match->{$k}; } $result .= sprintf('<li data-fields="%s">%s <span class="informal">(%s)</span></li>', Convert::raw2att(Convert::raw2json($data)), $match->{$fieldName}, implode(',', array_values($data))); } $result .= "</ul>"; return $result; } }
/** * Check if the submitted member data is valid (server-side) * * Check if a member with that email doesn't already exist, or if it does * that it is this member. * * @param array $data Submitted data * @return bool Returns TRUE if the submitted data is valid, otherwise * FALSE. */ function php($data) { $valid = parent::php($data); $identifierField = Member::get_unique_identifier_field(); $SQL_identifierField = Convert::raw2sql($data[$identifierField]); $member = DataObject::get_one('Member', "\"{$identifierField}\" = '{$SQL_identifierField}'"); // if we are in a complex table field popup, use ctf[childID], else use ID if (isset($_REQUEST['ctf']['childID'])) { $id = $_REQUEST['ctf']['childID']; } elseif (isset($_REQUEST['ID'])) { $id = $_REQUEST['ID']; } else { $id = null; } if ($id && is_object($member) && $member->ID != $id) { $uniqueField = $this->form->dataFieldByName($identifierField); $this->validationError($uniqueField->id(), sprintf(_t('Member.VALIDATIONMEMBEREXISTS', 'A member already exists with the same %s'), strtolower($identifierField)), 'required'); $valid = false; } // Execute the validators on the extensions if ($this->extension_instances) { foreach ($this->extension_instances as $extension) { if (method_exists($extension, 'hasMethod') && $extension->hasMethod('updatePHP')) { $valid &= $extension->updatePHP($data, $this->form); } } } return $valid; }
/** * Ensures member unique id stays unique and other basic stuff... * @param array $data = Form Data * @return Boolean */ function php($data) { $valid = parent::php($data); //Note the exclamation Mark - only applies if it return FALSE. if (!$this->form->uniqueMemberFieldCanBeUsed($data)) { $uniqueField = Member::get_unique_identifier_field(); $this->validationError($uniqueField, _t("OrderForm.EMAILFROMOTHERUSER", 'Sorry, an account with that email is already in use by another customer. If this is your email address then please log in first before placing your order.'), "required"); $valid = false; } if (!$valid) { $this->form->sessionMessage(_t("OrderForm.ERRORINFORM", "We could not proceed with your order, please check your errors below."), "bad"); $this->form->messageForForm("OrderForm", _t("OrderForm.ERRORINFORM", "We could not proceed with your order, please check your errors below."), "bad"); } return $valid; }