/** * Create or edit an user */ public function edit() { $user = App::session()->getUser(); $roles = array_map(function ($role) { return $role->getLabel(); }, Role::getAll('id')); $param = array('id' => 'user-profile-form', 'upload' => true, 'object' => $user, 'fieldsets' => array('general' => array('legend' => Lang::get('admin.user-form-general-legend'), new TextInput(array('name' => 'username', 'required' => true, 'label' => Lang::get('admin.user-form-username-label'), 'disabled' => true)), new EmailInput(array('name' => 'email', 'required' => true, 'label' => Lang::get('admin.user-form-email-label')))), 'profile' => array('legend' => Lang::get('admin.user-form-profile-legend')), '_submits' => array(new SubmitInput(array('name' => 'valid', 'value' => Lang::get($this->_plugin . '.valid-button'))))), 'onsuccess' => 'app.dialog("close")'); // Get the user profile questions $questions = ProfileQuestion::getAll('name', array(), array('order' => DB::SORT_ASC)); // Generate the question fields foreach ($questions as $question) { if ($question->displayInProfile && $question->isAllowedForRole($user->roleId)) { $classname = '\\Hawk\\' . ucwords($question->type) . 'Input'; $field = json_decode($question->parameters, true); $field['name'] = $question->name; $field['id'] = 'user-form-' . $question->name . '-input'; $field['independant'] = true; $field['label'] = Lang::get('admin.profile-question-' . $question->name . '-label'); if (isset($field['readonly'])) { if ($field['readonly']) { $field['required'] = false; } } if ($user) { if ($question->type == "file") { $field['after'] = sprintf('<img src="%s" class="profile-image" />', $user->getProfileData($question->name) ? $user->getProfileData($question->name) : ''); } else { $field['default'] = $user->getProfileData($question->name); } } if ($question->name == 'language') { // Get language options $languages = Language::getAllActive(); $options = array(); foreach ($languages as $language) { $options[$language->tag] = $language->label; } $field['options'] = $options; if (!$field['default']) { $field['default'] = Option::get($this->_plugin . '.language'); } } $param['fieldsets']['profile'][] = new $classname($field); } } $form = new Form($param); if (!$form->submitted()) { return NoSidebarTab::make(array('title' => Lang::get('admin.user-form-title'), 'page' => array('content' => $form))); } else { try { foreach ($questions as $question) { if ($question->displayInProfile && $question->isAllowedForRole($user->roleId)) { if ($question->type === 'file') { $upload = Upload::getInstance($question->name); if ($upload) { $file = $upload->getFile(0); $dir = Plugin::current()->getPublicUserfilesDir() . 'img/'; $url = Plugin::current()->getUserfilesUrl() . 'img/'; if (!is_dir($dir)) { mkdir($dir, 0755, true); } $basename = uniqid() . $file->extension; $upload->move($file, $dir, $basename); $user->setProfileData($question->name, $url . $basename); } } else { $user->setProfileData($question->name, $form->inputs[$question->name]->dbvalue()); } } } $user->saveProfile(); if ($form->getData('email') !== $user->email) { // The user asked to reset it email // Check this email is not used by another user on the application $existingUser = User::getByExample(new DBExample(array('id' => array('$ne' => $user->id), 'email' => $form->getData('email')))); if ($existingUser) { return $form->response(Form::STATUS_CHECK_ERROR, Lang::get($this->_plugin . '.reset-email-already-used')); } // Send the email to validate the new email // Create the token to validate the new email $tokenData = array('userId' => $user->id, 'currentEmail' => $user->email, 'newEmail' => $form->getData('email'), 'createTime' => time()); $token = base64_encode(Crypto::aes256Encode(json_encode($tokenData))); // Create the email content $emailContent = View::make($this->getPlugin()->getView('change-email-validation.tpl'), array('sitename' => Option::get($this->_plugin . '.sitename'), 'validationUrl' => App::router()->getUrl('validate-new-email', array('token' => $token)))); $email = new Mail(); $email->to($form->getData('email'))->from(Option::get('main.mailer-from'), Option::get('main.mailer-from-name'))->title(Lang::get($this->_plugin . '.reset-email-title', array('sitename' => Option::get($this->_plugin . '.sitename'))))->content($emailContent)->subject(Lang::get($this->_plugin . '.reset-email-title', array('sitename' => Option::get($this->_plugin . '.sitename'))))->send(); return $form->response(Form::STATUS_SUCCESS, Lang::get($this->_plugin . '.user-profile-update-success-with-email')); } return $form->response(Form::STATUS_SUCCESS, Lang::get($this->_plugin . '.user-profile-update-success')); } catch (Exception $e) { return $form->response(Form::STATUS_ERROR, Lang::get($this->_plugin . '.user-profile-update-error')); } } }
/** * Display and treat the form when the user forgot his password */ public function forgottenPassword() { $form = new Form(array('id' => 'forgotten-password-form', 'fieldsets' => array('form' => array(new EmailInput(array('name' => 'email', 'required' => true, 'label' => Lang::get($this->_plugin . '.forgotten-pwd-form-email-label')))), 'submits' => array(new SubmitInput(array('name' => 'valid', 'label' => Lang::get($this->_plugin . '.valid-button'))), new ButtonInput(array('name' => 'cancel', 'label' => Lang::get($this->_plugin . '.cancel-button'), 'href' => App::router()->getUri('login'), 'target' => 'dialog')))), 'onsuccess' => ' app.dialog(app.getUri("reset-password")); app.notify("warning", Lang.get("main.forgotten-pwd-sent-email-message")); ')); if (!$form->submitted()) { Lang::addKeysToJavascript($this->_plugin . '.forgotten-pwd-sent-email-message'); return Dialogbox::make(array('title' => Lang::get($this->_plugin . '.forgotten-pwd-form-title'), 'icon' => 'lock-alt', 'page' => $form)); } else { if ($form->check()) { $user = User::getByEmail($form->getData('email')); if (!$user) { // The user does not exists. For security reasons, // reply the email was successfully sent, after a random delay to work around robots usleep(mt_rand(0, 500) * 100); return $form->response(Form::STATUS_SUCCESS, Lang::get($this->_plugin . '.forgotten-pwd-sent-email-message')); } try { // The user exists, send an email with a 6 chars random verification code $code = Crypto::generateKey(6); // Register the verification code in the session App::session()->setData('forgottenPassword', array('email' => $form->getData('email'), 'code' => Crypto::aes256Encode($code))); $mail = new Mail(); $mail->from(Option::get($this->_plugin . '.mailer-from'), Option::get($this->_plugin . '.mailer-from-name'))->to($form->getData('email'))->subject(Lang::get($this->_plugin . '.reset-pwd-email-title', array('sitename' => Option::get($this->_plugin . '.sitename'))))->title(Lang::get('main.reset-pwd-email-title', array('sitename' => Option::get('main.sitename'))))->content(View::make(Plugin::current()->getView('reset-password-email.tpl'), array('sitename' => Option::get($this->_plugin . '.sitename'), 'code' => $code)))->send(); return $form->response(Form::STATUS_SUCCESS, Lang::get($this->_plugin . '.forgotten-pwd-sent-email-message')); } catch (\Exception $e) { return $form->response(Form::STATUS_ERROR, DEBUG_MODE ? $e->getMessage() : Lang::get($this->_plugin . '.forgotten-pwd-form-error')); } } } }