/**
* Authorizes the user with his username and password. Initializes
* the user session if the user data are valid.
*
* @access protected
* @param \Zepi\Web\UserInterface\Form\Form $loginForm
* @param \Zepi\Turbo\Framework $framework
* @param \Zepi\Turbo\Request\WebRequest $request
* @param \Zepi\Turbo\Response\Response $response
* @return string|boolean
*/
protected function authorizeUser(Form $loginForm, Framework $framework, WebRequest $request, Response $response)
{
$user = $this->validateUserData($framework, $loginForm->getField('user-data', 'username')->getValue(), $loginForm->getField('user-data', 'password')->getValue());
if ($user === false) {
return $this->translate('There is no user with this username or password.', '\\Zepi\\Web\\AccessControl');
}
// If the user is disabled we cannot create a session
if (!$user->hasAccess('\\Global\\*') && $user->hasAccess('\\Global\\Disabled')) {
return $this->translate('Your user is disabled. Please contact the administrator.', '\\Zepi\\Web\\AccessControl');
}
// Initializes the user session
$this->sessionManager->initializeUserSession($request, $response, $user);
// Redirect to the target or to the start page
$target = '/';
$origin = $loginForm->getField('user-data', 'origin')->getValue();
if ($origin !== '') {
$target = base64_decode($origin);
}
$response->redirectTo($target);
return true;
}
/**
* Changes the password for the logged in user.
*
* @access protected
* @param \Zepi\Web\UserInterface\Form\Form $form
* @param \Zepi\Turbo\Framework $framework
* @param \Zepi\Turbo\Request\WebRequest $request
* @param \Zepi\Turbo\Response\Response $response
*/
protected function changePassword(Form $form, Framework $framework, WebRequest $request, Response $response)
{
// Get the logged in user
$session = $request->getSession();
$user = $session->getUser();
// Get the password data
$oldPassword = trim($form->getField('change-password', 'old-password')->getValue());
$newPassword = trim($form->getField('change-password', 'new-password')->getValue());
$newPasswordConfirmed = trim($form->getField('change-password', 'new-password-confirmed')->getValue());
$result = $this->validateData($framework, $user, $oldPassword, $newPassword, $newPasswordConfirmed);
// If the validate function returned a string there was an error in the validation.
if ($result !== true) {
return $result;
}
// Change the password
$user->setNewPassword($newPassword);
// Get the UserManager to update the user
$result = $this->userManager->updateUser($user);
return $result;
}
