/** * Authorizes the user with his username and password. Initializes * the user session if the user data are valid. * * @access protected * @param \Zepi\Web\UserInterface\Form\Form $loginForm * @param \Zepi\Turbo\Framework $framework * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Turbo\Response\Response $response * @return string|boolean */ protected function authorizeUser(Form $loginForm, Framework $framework, WebRequest $request, Response $response) { $user = $this->validateUserData($framework, $loginForm->getField('user-data', 'username')->getValue(), $loginForm->getField('user-data', 'password')->getValue()); if ($user === false) { return $this->translate('There is no user with this username or password.', '\\Zepi\\Web\\AccessControl'); } // If the user is disabled we cannot create a session if (!$user->hasAccess('\\Global\\*') && $user->hasAccess('\\Global\\Disabled')) { return $this->translate('Your user is disabled. Please contact the administrator.', '\\Zepi\\Web\\AccessControl'); } // Initializes the user session $this->sessionManager->initializeUserSession($request, $response, $user); // Redirect to the target or to the start page $target = '/'; $origin = $loginForm->getField('user-data', 'origin')->getValue(); if ($origin !== '') { $target = base64_decode($origin); } $response->redirectTo($target); return true; }
/** * Changes the password for the logged in user. * * @access protected * @param \Zepi\Web\UserInterface\Form\Form $form * @param \Zepi\Turbo\Framework $framework * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Turbo\Response\Response $response */ protected function changePassword(Form $form, Framework $framework, WebRequest $request, Response $response) { // Get the logged in user $session = $request->getSession(); $user = $session->getUser(); // Get the password data $oldPassword = trim($form->getField('change-password', 'old-password')->getValue()); $newPassword = trim($form->getField('change-password', 'new-password')->getValue()); $newPasswordConfirmed = trim($form->getField('change-password', 'new-password-confirmed')->getValue()); $result = $this->validateData($framework, $user, $oldPassword, $newPassword, $newPasswordConfirmed); // If the validate function returned a string there was an error in the validation. if ($result !== true) { return $result; } // Change the password $user->setNewPassword($newPassword); // Get the UserManager to update the user $result = $this->userManager->updateUser($user); return $result; }