/**
* Logs a user in using the RiverID method.
*
* @param string username
* @param string password
* @param boolean enable auto-login
* @param string email
* @param object a riverid object, not required
* @return boolean
*/
public function login_riverid($user, $password, $remember, $email, $riverid = false)
{
// First check for exemptions
if (!is_object($user)) {
// Load the user
$user = ORM::factory('user', $user);
}
if (isset($user->id) and in_array($user->id, kohana::config('riverid.exempt'))) {
// Looks like this is an exempted account
return $this->login_standard($user, $password, $remember);
}
// Get down to business since there were no exemptions
if ($riverid == false) {
$riverid = new RiverID();
$riverid->email = $email;
$riverid->password = $password;
}
$is_registered = $riverid->is_registered();
// See if the request even fired off.
if ($riverid->error) {
throw new Exception($riverid->error[0]);
}
if ($is_registered == true) {
// RiverID is registered on RiverID Server
if ($riverid->authenticated != true) {
// Attempt to sign in if our riverid object hasn't already authenticated
$riverid->signin();
}
if ($riverid->authenticated == true) {
// Correct email/pass
// Collect the RiverID user_id and connect that with a user in the local system
$user = User_Model::get_user_by_river_id($riverid->user_id);
if (!$user->id) {
// User not found locally with that RiverID, we need to see if they are already registered
// and convert their account or add them as a new user to the system
// This may be a brand new user, but we need to figure out if
// the email has already been registered
$user = User_Model::get_user_by_email($riverid->email);
if (!$user->id) {
// Email isn't in our system, create a new user.
$user = User_Model::create_user($riverid->email, $riverid->password, $riverid->user_id);
} else {
// Email already exists. Put the RiverID on that account.
$user->riverid = $riverid->user_id;
$user->save();
}
} else {
// We authenticated and we matched a RiverID, lets just makes sure the email
// addresses are both up to date
if ($user->email != $riverid->email) {
// We don't have a match for this user account. We need to see if we should
// be updating this account by first checking to see if another account
// already uses this email address
$user_check = User_Model::get_user_by_email($riverid->email);
if (!$user_check->id) {
$user->email = $riverid->email;
$user->username = $riverid->email;
$user->save();
} else {
// Conflicting accounts
// TODO: Figure out what to do when we need to update an email address on
// one account but it's already in use on another.
}
}
}
// Now that we have our user account tied to their RiverID, approve their authentication
return $this->perform_login($user, $remember, $riverid);
} else {
// Incorrect email/pass, but registered on RiverID. Failed login.
if ($riverid->error) {
throw new Exception($riverid->error[0]);
}
return FALSE;
}
} else {
// Email is not registerd on RiverID Server, could be registered locally
// First see if they used the correct user/pass on their local account
$user = User_Model::get_user_by_email($riverid->email);
if (!$user->id) {
// User doesn't exist locally or on RiverID. Fail login.
if ($riverid->error) {
throw new Exception($riverid->error[0]);
}
return FALSE;
} else {
// User exists locally but doesn't yet exist on the RiverID server
// Check if they got the password correct
if ($user->has(ORM::factory('role', 'login')) and User_Model::check_password($user->id, $password, TRUE)) {
// Correct password! Create RiverID account
$riverid->register();
// If something went wrong with registration, catch it here
if ($riverid->error) {
throw new Exception($riverid->error[0]);
}
// Our user is now registered, let's assign the riverid user to the db.
$user->riverid = $riverid->user_id;
// Now lets sign them in
$riverid->signin();
// If something went wrong with signin, catch it here
if ($riverid->error) {
throw new Exception($riverid->error[0]);
}
return $this->perform_login($user, $remember, $riverid);
} else {
// Incorrect user/pass. Fail login.
if ($riverid->error) {
throw new Exception($riverid->error[0]);
}
return FALSE;
}
}
}
}
/**
* Create New password upon user request.
*/
private function _new_password($user_id = 0, $password, $token)
{
$auth = Auth::instance();
$user = ORM::factory('user', $user_id);
if ($user->loaded == true) {
// Determine Method (RiverID or standard)
if (kohana::config('riverid.enable') == TRUE and !empty($user->riverid)) {
// Use RiverID
// We don't really have to save the password locally but if a deployer
// ever wants to switch back locally, it's nice to have the pw there
$user->password = $password;
$user->save();
// Relay the password change back to the RiverID server
$riverid = new RiverID();
$riverid->email = $user->email;
$riverid->token = $token;
$riverid->new_password = $password;
if ($riverid->setpassword() == FALSE) {
return FALSE;
}
} else {
// Use Standard
if ($user->check_forgot_password_token($token)) {
$user->password = $password;
$user->save();
} else {
return FALSE;
}
}
return TRUE;
}
return FALSE;
}
/**
* Display the Member Profile
*/
public function index()
{
$this->template->content = new View('members/profile');
// setup and initialize form field names
$form = array('current_password' => '', 'username' => '', 'new_password' => '', 'password_again' => '', 'name' => '', 'email' => '', 'notify' => '', 'public_profile' => '', 'color' => '');
// Copy the form as errors, so the errors will be stored with keys
// corresponding to the form field names
$errors = $form;
$form_error = FALSE;
$form_saved = FALSE;
// check, has the form been submitted, if so, setup validation
if ($_POST) {
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
$post->add_rules('username', 'required', 'alpha_numeric');
$post->add_rules('name', 'required', 'length[3,100]');
$post->add_rules('email', 'required', 'email', 'length[4,64]');
$post->add_rules('current_password', 'required');
$post->add_callbacks('email', array($this, 'email_exists_chk'));
$post->add_callbacks('username', array($this, 'username_exists_chk'));
$post->add_callbacks('current_password', array($this, 'current_pw_valid_chk'));
// If Password field is not blank
if (!empty($post->new_password)) {
$post->add_rules('new_password', 'required', 'length[' . kohana::config('auth.password_length') . ']', 'alpha_numeric', 'matches[password_again]');
}
if ($post->validate()) {
// Needinfo is set to 1 if we need more information on a user
// Set to 0 if the user is filling out the form, it means
// they have had an opportunity to provide extra details.
$needinfo = 0;
if (!empty($post->needinfo)) {
$needinfo = $post->needinfo;
}
$username = '';
if (isset($post->username)) {
$username = $post->username;
}
$user = ORM::factory('user', $this->user_id);
if ($user->loaded) {
$user->username = $username;
$user->name = $post->name;
$user->email = $post->email;
$user->notify = $post->notify;
$user->public_profile = $post->public_profile;
$user->color = $post->color;
$user->needinfo = $needinfo;
if ($post->new_password != '') {
$user->password = $post->new_password;
}
$user->save();
// We also need to update the RiverID server with the new password if
// we are using RiverID and a password is being passed
if (kohana::config('riverid.enable') == TRUE and !empty($user->riverid) and $post->new_password != '') {
$riverid = new RiverID();
$riverid->email = $user->email;
$riverid->password = $post->current_password;
$riverid->new_password = $post->new_password;
if ($riverid->changepassword() == FALSE) {
// TODO: Something went wrong. Tell the user.
}
}
}
$form_saved = TRUE;
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
$form['new_password'] = "";
$form['password_again'] = "";
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::overwrite($errors, $post->errors('auth'));
$form_error = TRUE;
}
} else {
$user = ORM::factory('user', $this->user_id);
$form['username'] = $user->username;
$form['name'] = $user->name;
$form['email'] = $user->email;
$form['notify'] = $user->notify;
$form['public_profile'] = $user->public_profile;
$form['color'] = $user->color;
}
// If $user was never set above, we need to grab it now.
if (!isset($user)) {
$user = ORM::factory('user', $this->user_id);
}
if ($user->public_profile == 1) {
$this->template->content->profile_public = TRUE;
$this->template->content->profile_private = FALSE;
} else {
$this->template->content->profile_public = FALSE;
$this->template->content->profile_private = TRUE;
}
$this->template->content->form = $form;
$this->template->content->errors = $errors;
$this->template->content->form_error = $form_error;
$this->template->content->form_saved = $form_saved;
$this->template->content->yesno_array = array('1' => strtoupper(Kohana::lang('ui_main.yes')), '0' => strtoupper(Kohana::lang('ui_main.no')));
// Javascript Header
$this->template->colorpicker_enabled = TRUE;
}
public function index()
{
$this->template->content = new View('admin/profile');
// setup and initialize form field names
$form = array('current_password' => '', 'new_password' => '', 'password_again' => '', 'name' => '', 'email' => '', 'notify' => '');
// Copy the form as errors, so the errors will be stored with keys
// corresponding to the form field names
$errors = $form;
$form_error = FALSE;
$form_saved = FALSE;
// check, has the form been submitted, if so, setup validation
if ($_POST) {
$post = Validation::factory($_POST);
// Add some filters
$post->pre_filter('trim', TRUE);
$post->add_rules('name', 'required', 'length[3,100]');
$post->add_rules('email', 'required', 'email', 'length[4,64]');
$post->add_rules('current_password', 'required');
$post->add_callbacks('email', array($this, 'email_exists_chk'));
$post->add_callbacks('current_password', array($this, 'current_pw_valid_chk'));
// If Password field is not blank
if (!empty($post->new_password)) {
$post->add_rules('new_password', 'required', 'length[' . Kohana::config('auth.password_length') . ']', 'matches[password_again]');
}
//for plugins that'd like to know what the user has to say about their profile
Event::run('ushahidi_action.profile_add_admin', $post);
if ($post->validate()) {
$user = ORM::factory('user', $this->user_id);
if ($user->loaded) {
$user->name = $post->name;
$user->email = $post->email;
$user->notify = $post->notify;
if ($post->new_password != '') {
$user->password = $post->new_password;
}
$user->save();
Event::run('ushahidi_action.profile_edit', $user);
// We also need to update the RiverID server with the new password if
// we are using RiverID and a password is being passed
if (kohana::config('riverid.enable') == TRUE and !empty($user->riverid) and $post->new_password != '') {
$riverid = new RiverID();
$riverid->email = $user->email;
$riverid->password = $post->current_password;
$riverid->new_password = $post->new_password;
if ($riverid->changepassword() == FALSE) {
// TODO: Something went wrong. Tell the user.
}
}
}
$form_saved = TRUE;
// Repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
$form['new_password'] = "";
$form['password_again'] = "";
} else {
// repopulate the form fields
$form = arr::overwrite($form, $post->as_array());
// populate the error fields, if any
$errors = arr::overwrite($errors, $post->errors('auth'));
$form_error = TRUE;
}
} else {
$user = ORM::factory('user', $this->user_id);
$form['username'] = $user->email;
$form['name'] = $user->name;
$form['email'] = $user->email;
$form['notify'] = $user->notify;
}
$this->template->content->form = $form;
$this->template->content->errors = $errors;
$this->template->content->form_error = $form_error;
$this->template->content->form_saved = $form_saved;
$this->template->content->yesno_array = array('1' => utf8::strtoupper(Kohana::lang('ui_main.yes')), '0' => utf8::strtoupper(Kohana::lang('ui_main.no')));
// Javascript Header
}
/**
* Create New password upon user request.
*/
private function _new_password($user_id = 0, $password, $token)
{
$auth = Auth::instance();
$user = ORM::factory('user', $user_id);
if ($user->loaded == true) {
// Determine Method (RiverID or standard)
if (kohana::config('riverid.enable') == TRUE and !empty($user->riverid)) {
// Use RiverID
// We don't really have to save the password locally but if a deployer
// ever wants to switch back locally, it's nice to have the pw there
$user->password = $password;
$user->save();
// Relay the password change back to the RiverID server
$riverid = new RiverID();
$riverid->email = $user->email;
$riverid->token = $token;
$riverid->new_password = $password;
if ($riverid->setpassword() == FALSE) {
// TODO: Something went wrong. Tell the user.
}
} else {
// Use Standard
if ($auth->hash_password($user->email . $user->last_login, $auth->find_salt($token)) == $token) {
$user->password = $password;
$user->save();
} else {
// TODO: Something went wrong, tell the user.
}
}
return TRUE;
}
// TODO: User doesn't exist, tell the user (meta, I know).
return FALSE;
}
/**
* Checks if a password is correct
*
* @param int user id
* @param string password to check
* @return bool TRUE if the password matches, FALSE otherwise
*/
public static function check_password($user_id, $password, $force_standard_method = FALSE)
{
$user = ORM::factory('user', $user_id);
// RiverID or Standard method?
if (kohana::config('riverid.enable') == TRUE and !empty($user->riverid) and !$force_standard_method) {
// RiverID
$riverid = new RiverID();
$riverid->email = $user->email;
$riverid->password = $password;
if ($riverid->checkpassword() != FALSE) {
return TRUE;
} else {
// TODO: Maybe return the error message?
return FALSE;
}
} else {
// Standard Local
$auth = Auth::instance();
return $auth->check_password($user_id, $password);
}
}
