/**
* Change password
*/
public function actionChangePassword($expired = false) {
$uid = Yii::app()->user->id;
if(isset($_GET['id']))
$uid = $_GET['id'];
$form = new YumUserChangePassword;
$form->scenario = 'user_request';
if(isset($_POST['YumUserChangePassword'])) {
$form->attributes = $_POST['YumUserChangePassword'];
$form->validate();
if(!YumEncrypt::validate_password($form->currentPassword,
YumUser::model()->findByPk($uid)->password,
YumUser::model()->findByPk($uid)->salt))
$form->addError('currentPassword',
Yum::t('Your current password is not correct'));
if(!$form->hasErrors()) {
if(YumUser::model()->findByPk($uid)->setPassword($form->password,
YumUser::model()->findByPk($uid)->salt)) {
Yum::setFlash('The new password has been saved');
Yum::log(Yum::t('User {username} has changed his password', array(
'{username}' => Yii::app()->user->name)));
}
else {
Yum::setFlash('There was an error saving the password');
Yum::log(
Yum::t(
'User {username} tried to change his password, but an error occured', array(
'{username}' => Yii::app()->user->name)), 'error');
}
$this->redirect(Yum::module()->returnUrl);
}
}
if(Yii::app()->request->isAjaxRequest)
$this->renderPartial('changepassword', array(
'form'=>$form,
'expired' => $expired));
else
$this->render('changepassword', array(
'form'=>$form,
'expired' => $expired));
}
public function authenticate($without_password = false)
{
$user = YumUser::model()->find('username = :username', array(':username' => $this->username));
// try to authenticate via email
if (!$user && Yum::module()->loginType & 2 && Yum::hasModule('profile')) {
if ($profile = YumProfile::model()->find('email = :email', array(':email' => $this->username))) {
if ($profile->user) {
$user = $profile->user;
}
}
}
if (!$user) {
return self::ERROR_STATUS_USER_DOES_NOT_EXIST;
}
if ($without_password) {
$this->credentialsConfirmed($user);
} else {
if (!YumEncrypt::validate_password($this->password, $user->password, $user->salt)) {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
} else {
if ($user->status == YumUser::STATUS_INACTIVE) {
$this->errorCode = self::ERROR_STATUS_INACTIVE;
} else {
if ($user->status == YumUser::STATUS_BANNED) {
$this->errorCode = self::ERROR_STATUS_BANNED;
} else {
if ($user->status == YumUser::STATUS_REMOVED) {
$this->errorCode = self::ERROR_STATUS_REMOVED;
} else {
$this->credentialsConfirmed($user);
}
}
}
}
}
return !$this->errorCode;
}
/**
* Deletes a user by setting the status to 'deleted'
*/
public function actionDelete($id = null)
{
if (!$id) {
$id = Yii::app()->user->id;
}
$user = YumUser::model()->findByPk($id);
if (Yii::app()->user->isAdmin()) {
//This is necesary for handling human stupidity.
if ($user && $user->id == Yii::app()->user->id) {
Yum::setFlash('You can not delete your own admin account');
$this->redirect(array('//user/user/admin'));
}
if ($user->delete()) {
Yum::setFlash('The User has been deleted');
if (!Yii::app()->request->isAjaxRequest) {
$this->redirect('//user/user/admin');
}
}
} else {
if (isset($_POST['confirmPassword'])) {
if (YumEncrypt::validate_password($_POST['confirmPassword'], $user->password, $user->salt)) {
if ($user->delete()) {
$this->actionLogout();
} else {
Yum::setFlash('Error while deleting Account. Account was not deleted');
}
} else {
Yum::setFlash('Wrong password confirmation! Account was not deleted');
}
$this->redirect(Yum::module()->deleteUrl);
}
}
$this->render('confirmDeletion', array('model' => $user));
}
