/** * @return string */ public function changepassword() { $tmpPage = new Page(); $tmpPage->Title = _t('Security.CHANGEPASSWORDHEADER', 'Change your password'); $tmpPage->URLSegment = 'Security'; $tmpPage->ID = -1; // Set the page ID to -1 so we dont get the top level pages as its children $controller = new Page_Controller($tmpPage); $controller->init(); try { $former_hash = Session::get('AutoLoginHash'); // if we have the token and the member redirect back to clear those values and avoid leaking // on referer header if (isset($_REQUEST['t']) && isset($_REQUEST['m'])) { // if we dont have a former autologin hash, generate it ... if (empty($former_hash)) { $new_hash = $this->password_manager->verifyToken((int) @$_REQUEST['m'], @$_REQUEST['t']); Session::set('AutoLoginHash', $new_hash); } return $this->redirect($this->Link('changepassword')); } if (!empty($former_hash)) { // Subsequent request after the "first load with hash" $customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.ENTERNEWPASSWORD', 'Please enter a new password.') . '</p>', 'Form' => $this->ChangePasswordForm())); } else { if (Member::currentUser()) { // Logged in user requested a password change form. $customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.CHANGEPASSWORDBELOW', 'You can change your password below.') . '</p>', 'Form' => $this->ChangePasswordForm())); } else { self::permissionFailure($this, _t('Security.ERRORPASSWORDPERMISSION', 'You must be logged in in order to change your password!')); return; } } } catch (InvalidPasswordResetLinkException $ex1) { $customisedController = $controller->customise(array('Content' => sprintf('<p>This link is no longer valid as a newer request for a password reset has been made. Please check your mailbox for the most recent link</p><p>You can request a new one <a href="%s">here', $this->Link('lostpassword')))); } return $customisedController->renderWith(array('Security_changepassword', 'Security', $this->stat('template_main'), 'ContentController')); }
/** * Show the "change password" page * * @return string Returns the "change password" page as HTML code. */ public function changepassword() { $tmpPage = new Page(); $tmpPage->Title = _t('Security.CHANGEPASSWORDHEADER', 'Change your password'); $tmpPage->URLSegment = 'Security'; $controller = new Page_Controller($tmpPage); $controller->init(); if (isset($_REQUEST['h']) && Member::autoLoginHash($_REQUEST['h'])) { // The auto login hash is valid, store it for the change password form Session::set('AutoLoginHash', $_REQUEST['h']); $customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.ENTERNEWPASSWORD', 'Please enter a new password.') . '</p>', 'Form' => $this->ChangePasswordForm())); } elseif (Member::currentUser()) { // let a logged in user change his password $customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.CHANGEPASSWORDBELOW', 'You can change your password below.') . '</p>', 'Form' => $this->ChangePasswordForm())); } else { // show an error message if the auto login hash is invalid and the // user is not logged in if (isset($_REQUEST['h'])) { $customisedController = $controller->customise(array('Content' => sprintf(_t('Security.NOTERESETLINKINVALID', "<p>The password reset link is invalid or expired.</p>\n" . '<p>You can request a new one <a href="%s">here</a> or change your password after you <a href="%s">logged in</a>.</p>'), $this->Link('lostpassword'), $this->link('login')))); } else { self::permissionFailure($this, _t('Security.ERRORPASSWORDPERMISSION', 'You must be logged in in order to change your password!')); return; } } //Controller::$currentController = $controller; return $customisedController->renderWith('Page'); }
/** * Validate the link clicked in email * * @param SS_HTTPRequest $request The SS_HTTPRequest for this action. * @return string Returns the "validated" page as HTML code. */ public function validate($request) { $tmpPage = new Page(); $tmpPage->Title = _t('EmailVerifiedMember.VERIFYEMAILHEADER', 'Verification link'); $tmpPage->URLSegment = 'Security'; $tmpPage->ID = -1; // Set the page ID to -1 so we dont get the top level pages as its children $controller = new Page_Controller($tmpPage); $controller->init(); if ($request && ($member = DataObject::get_one('Member', "\"Email\" = '" . Convert::raw2sql($request->param('ID')) . "'"))) { if ($member->VerificationString == Convert::raw2sql($request->param('OtherID'))) { if (!$member->Verified) { $member->Verified = true; $member->write(); $member->sendmoderatoremail(); } $config = SiteConfig::current_site_config(); //Debug::Show($config); if ($config->Moderate) { $nextAction = _t('EmailVerifiedMember.NEXTACTIONMODERATE', "You will be able to login after a moderator has approved your account."); } else { $nextAction = _t('EmailVerifiedMember.NEXTACTIONLOGIN', "You can now <a href='security/login'>login</a> to the website."); } $customisedController = $controller->customise(array('Title' => _t('EmailVerifiedMember.ACCOUNTVERIFIEDTITLE', "Member account verified"), 'Content' => "<p>" . sprintf(_t('EmailVerifiedMember.EMAILVERIFIED', "Thank you %s! Your email account has been verified." . " " . $nextAction), $member->Name) . "</p>")); return $customisedController->renderWith(array('Security_validationsuccess', 'Security', $this->owner->stat('template_main'), 'ContentController')); } } // Verification failed $customisedController = $controller->customise(array('Title' => _t('EmailVerifiedMember.ACCOUNTVERIFIEDFAILTITLE', "Member email address verification failed"), 'Content' => "<p>" . sprintf(_t('EmailVerifiedMember.ACCOUNTVERIFIEDFAIL', "Member email address verification failed, either unknown email address or invalid verification string. Please ensure you copy and pasted the entire link."), $member->Name) . "</p>")); return $customisedController->renderWith(array('Security_validationfail', 'Security', $this->owner->stat('template_main'), 'ContentController')); }
/** * Merge some arbitrary data in with this object. This method returns a {@link ViewableData_Customised} instance * with references to both this and the new custom data. * * Note that any fields you specify will take precedence over the fields on this object. * * Adds custom product detail data when a product detail view is requested. * * @param array $data Customised data * * @return ViewableData_Customised * * @author Sebastian Diel <*****@*****.**> * @since 27.07.2012 */ public function customise($data) { if ($this->isProductDetailView()) { $data = array_merge($data, $this->ProductDetailViewParams()); } $customisedData = parent::customise($data); return $customisedData; }
/** * Show the "change password" page. * This page can either be called directly by logged-in users * (in which case they need to provide their old password), * or through a link emailed through {@link lostpassword()}. * In this case no old password is required, authentication is ensured * through the Member.AutoLoginHash property. * * @see ChangePasswordForm * * @return string Returns the "change password" page as HTML code. */ public function changepassword() { $tmpPage = new Page(); $tmpPage->Title = _t('Security.CHANGEPASSWORDHEADER', 'Change your password'); $tmpPage->URLSegment = 'Security'; $tmpPage->ID = -1; // Set the page ID to -1 so we dont get the top level pages as its children $controller = new Page_Controller($tmpPage); $controller->init(); // Extract the member from the URL. $member = null; if (isset($_REQUEST['m'])) { $member = DataObject::get_by_id('Member', (int) $_REQUEST['m']); } // Check whether we are merely changin password, or resetting. if (isset($_REQUEST['t']) && $member && $member->validateAutoLoginToken($_REQUEST['t'])) { // On first valid password reset request redirect to the same URL without hash to avoid referrer leakage. // Store the hash for the change password form. Will be unset after reload within the ChangePasswordForm. Session::set('AutoLoginHash', $member->encryptWithUserSettings($_REQUEST['t'])); return $this->redirect($this->Link('changepassword')); } elseif (Session::get('AutoLoginHash')) { // Subsequent request after the "first load with hash" (see previous if clause). $customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.ENTERNEWPASSWORD', 'Please enter a new password.') . '</p>', 'Form' => $this->ChangePasswordForm())); } elseif (Member::currentUser()) { // Logged in user requested a password change form. $customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.CHANGEPASSWORDBELOW', 'You can change your password below.') . '</p>', 'Form' => $this->ChangePasswordForm())); } else { // show an error message if the auto login token is invalid and the // user is not logged in if (!isset($_REQUEST['t']) || !$member) { $customisedController = $controller->customise(array('Content' => sprintf(_t('Security.NOTERESETLINKINVALID', '<p>The password reset link is invalid or expired.</p><p>You can request a new one <a href="%s">here</a> or change your password after you <a href="%s">logged in</a>.</p>'), $this->Link('lostpassword'), $this->link('login')))); } else { self::permissionFailure($this, _t('Security.ERRORPASSWORDPERMISSION', 'You must be logged in in order to change your password!')); return; } } return $customisedController->renderWith(array('Security_changepassword', 'Security', $this->stat('template_main'), 'ContentController')); }
/** * Show the "change password" page. * This page can either be called directly by logged-in users * (in which case they need to provide their old password), * or through a link emailed through {@link lostpassword()}. * In this case no old password is required, authentication is ensured * through the Member.AutoLoginHash property. * * @see ChangePasswordForm * * @return string Returns the "change password" page as HTML code. */ public function changepassword() { $tmpPage = new Page(); $tmpPage->Title = _t('Security.CHANGEPASSWORDHEADER', 'Change your password'); $tmpPage->URLSegment = 'Security'; $tmpPage->ID = -1; // Set the page ID to -1 so we dont get the top level pages as its children $controller = new Page_Controller($tmpPage); $controller->init(); // First load with hash: Redirect to same URL without hash to avoid referer leakage if (isset($_REQUEST['h']) && Member::member_from_autologinhash($_REQUEST['h'])) { // The auto login hash is valid, store it for the change password form. // Temporary value, unset in ChangePasswordForm Session::set('AutoLoginHash', $_REQUEST['h']); return $this->redirect($this->Link('changepassword')); // Redirection target after "First load with hash" } elseif (Session::get('AutoLoginHash')) { $customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.ENTERNEWPASSWORD', 'Please enter a new password.') . '</p>', 'Form' => $this->ChangePasswordForm())); } elseif (Member::currentUser()) { // let a logged in user change his password $customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.CHANGEPASSWORDBELOW', 'You can change your password below.') . '</p>', 'Form' => $this->ChangePasswordForm())); } else { // show an error message if the auto login hash is invalid and the // user is not logged in if (isset($_REQUEST['h'])) { $customisedController = $controller->customise(array('Content' => sprintf(_t('Security.NOTERESETLINKINVALID', '<p>The password reset link is invalid or expired.</p><p>You can request a new one <a href="%s">here</a> or change your password after you <a href="%s">logged in</a>.</p>'), $this->Link('lostpassword'), $this->link('login')))); } else { self::permissionFailure($this, _t('Security.ERRORPASSWORDPERMISSION', 'You must be logged in in order to change your password!')); return; } } return $customisedController->renderWith(array('Security_changepassword', 'Security', $this->stat('template_main'), 'ContentController')); }
public function usernamesent($request) { Requirements::javascript(THIRDPARTY_DIR . '/behaviour.js'); Requirements::javascript(THIRDPARTY_DIR . '/loader.js'); Requirements::javascript(THIRDPARTY_DIR . '/prototype.js'); Requirements::javascript(THIRDPARTY_DIR . '/prototype_improvements.js'); Requirements::javascript(THIRDPARTY_DIR . '/scriptaculous/effects.js'); $tmpPage = new Page(); $tmpPage->Title = _t('Security.LOSTPASSWORDHEADER'); $tmpPage->URLSegment = 'UsernameSecurity'; $tmpPage->ID = -1; $controller = new Page_Controller($tmpPage); $controller->init(); $email = Session::get('ForgotEmail') ? Convert::raw2xml(Session::get('ForgotEmail')) : null; Session::clear('ForgotEmail'); $customisedController = $controller->customise(array('Title' => _t('Security.USERNAMESENTHEADER', "Username sent"), 'Content' => "<p>" . sprintf(_t('Security.USERNAMESENTTEXT', "Username has been sent to: '%s'"), $email) . "</p>")); return $customisedController->renderWith(array('Security_passwordsent', 'Security', $this->stat('template_main'))); }