/**
* @Request({"user", "key"})
* @Response("extension://system/views/user/reset/confirm.razr")
*/
public function confirmAction($username = "", $activation = "")
{
if (empty($username) or empty($activation) or !($user = $this->users->where(compact('username', 'activation'))->first())) {
$this['message']->error(__('Invalid key.'));
return $this->redirect('/');
}
if ($user->isBlocked()) {
$this['message']->error(__('Your account has not been activated or is blocked.'));
return $this->redirect('/');
}
if ('POST' === $this['request']->getMethod()) {
try {
if (!$this['csrf']->validate($this['request']->request->get('_csrf'))) {
throw new Exception(__('Invalid token. Please try again.'));
}
$password = $this['request']->request->get('password');
if (empty($password)) {
throw new Exception(__('Enter password.'));
}
if ($password != trim($password)) {
throw new Exception(__('Invalid password.'));
}
$user->setPassword($this['auth.password']->hash($password));
$user->setActivation(null);
$this->users->save($user);
$this['message']->success(__('Your password has been reset.'));
return $this->redirect('/');
} catch (Exception $e) {
$this['message']->error($e->getMessage());
}
}
return ['head.title' => __('Reset Confirm'), 'username' => $username, 'activation' => $activation];
}
/**
* @Request({"user": "******"}, csrf=true)
*/
public function saveAction($data)
{
if (!$this->user->isAuthenticated()) {
$this->getApplication()->abort(404);
}
try {
$user = $this->users->find($this->user->getId());
$name = trim(@$data['name']);
$email = trim(@$data['email']);
$passNew = @$data['password_new'];
$passOld = @$data['password_old'];
if (strlen($name) < 3) {
throw new Exception(__('Name is invalid.'));
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
throw new Exception(__('Email is invalid.'));
}
if ($this->users->where(['email = ?', 'id <> ?'], [$email, $user->getId()])->first()) {
throw new Exception(__('Email not available.'));
}
if ($passNew) {
if (!$this['auth']->getUserProvider()->validateCredentials($this->user, ['password' => $passOld])) {
throw new Exception(__('Invalid Password.'));
}
if (trim($passNew) != $passNew || strlen($passNew) < 3) {
throw new Exception(__('New Password is invalid.'));
}
$user->setPassword($this['auth.password']->hash($passNew));
}
if ($email != $user->getEmail()) {
$user->set('verified', false);
}
$user->setName($name);
$user->setEmail($email);
$this['events']->dispatch('system.user.profile.save', new ProfileSaveEvent($user, $data));
$this->users->save($user);
$this['events']->dispatch('system.user.profile.saved', new ProfileSaveEvent($user, $data));
$this['message']->success(__('Profile updated.'));
} catch (Exception $e) {
$this['message']->error($e->getMessage());
}
return $this->redirect('@system/profile');
}
/**
* @Request({"id": "int"})
* @Response("extension://blog/views/admin/post/edit.razr")
*/
public function editAction($id)
{
try {
if (!($post = $this->posts->query()->where(compact('id'))->related('user')->first())) {
throw new Exception(__('Invalid post id.'));
}
} catch (Exception $e) {
$this['message']->error($e->getMessage());
return $this->redirect('@blog/post');
}
return ['head.title' => __('Edit Post'), 'post' => $post, 'statuses' => Post::getStatuses(), 'roles' => $this->roles->findAll(), 'users' => $this->users->findAll()];
}
/**
* @Request({"status": "int", "ids": "int[]"}, csrf=true)
* @Response("json")
*/
public function statusAction($status, $ids = [])
{
if ($status == User::STATUS_BLOCKED && in_array($this->user->getId(), $ids)) {
return ['message' => __('Unable to block yourself.'), 'error' => true];
}
foreach ($ids as $id) {
if ($user = $this->users->find($id)) {
$user->setActivation('');
if ($status != $user->getStatus()) {
$this->users->save($user, compact('status'));
}
}
}
if ($status == User::STATUS_BLOCKED) {
$message = _c('{1} User blocked.|]1,Inf[ Users blocked.', count($ids));
} else {
$message = _c('{1} User activated.|]1,Inf[ Users activated.', count($ids));
}
return ['message' => $message];
}
/**
* @Request({"user", "key"})
*/
public function activateAction($username, $activation)
{
if (empty($username) or empty($activation) or !($user = $this->users->where(['username' => $username, 'activation' => $activation, 'status' => UserInterface::STATUS_BLOCKED, 'access IS NULL'])->first())) {
$this['message']->error(__('Invalid key.'));
return $this->redirect('/');
}
if ($admin = $this['option']->get('system:user.registration') == 'approval' and !$user->get('verified')) {
$user->setActivation($this['auth.random']->generateString(32));
$this->sendApproveMail($user);
$this['message']->success(__('Your email has been verified. Once an administrator approves your account, you will be notified by email.'));
} else {
$user->set('verified', true);
$user->setStatus(UserInterface::STATUS_ACTIVE);
$user->setActivation('');
$this->sendWelcomeEmail($user);
if ($admin) {
$this['message']->success(__('The user\'s account has been activated and the user has been notified about it.'));
} else {
$this['message']->success(__('Your account has been activated.'));
}
}
$this->users->save($user);
return $this->redirect('@system/auth/login');
}
