/**
* Method for allowing a user to reset their password
* @param {stdClass} $data Data passed from ActionScript
* @return {array} Returns a standard response array
*/
public function lostPassword($data)
{
$response = CodeBank_ClientAPI::responseBase();
$response['login'] = true;
$SQL_email = Convert::raw2sql($data->user);
$member = Member::get_one('Member', "\"Email\"='{$SQL_email}'");
// Allow vetoing forgot password requests
$sng = new MemberLoginForm(Controller::has_curr() ? Controller::curr() : singleton('Controller'), 'LoginForm');
$results = $sng->extend('forgotPassword', $member);
if ($results && is_array($results) && in_array(false, $results, true)) {
$response['status'] = 'HELO';
$response['message'] = _t('CodeBankAPI.PASSWORD_SENT_TEXT', "A reset link has been sent to '{email}', provided an account exists for this email address.", array('email' => $data['Email']));
}
if ($member) {
$token = $member->generateAutologinTokenAndStoreHash();
$e = Member_ForgotPasswordEmail::create();
$e->populateTemplate($member);
$e->populateTemplate(array('PasswordResetLink' => Security::getPasswordResetLink($member, $token)));
$e->setTo($member->Email);
$e->send();
$response['status'] = 'HELO';
$response['message'] = _t('CodeBankAPI.PASSWORD_SENT_TEXT', "A reset link has been sent to '{email}', provided an account exists for this email address.", array('email' => $data->user));
} else {
if (!empty($data->user)) {
$response['status'] = 'HELO';
$response['message'] = _t('CodeBankAPI.PASSWORD_SENT_TEXT', "A reset link has been sent to '{email}', provided an account exists for this email address.", array('email' => $data->user));
} else {
$response['status'] = 'EROR';
$response['message'] = _t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.');
}
}
return $response;
}
/**
* Send the reset password email and return the generated link.
*
* @param Member $member
*
* @return string
*/
protected function sendResetPasswordEmail(Member $member)
{
// hack ?
global $_FILE_TO_URL_MAPPING;
if ($_FILE_TO_URL_MAPPING[BASE_PATH]) {
$_SERVER['REQUEST_URI'] = $_FILE_TO_URL_MAPPING[BASE_PATH];
}
$token = $member->generateAutologinTokenAndStoreHash();
$link = Security::getPasswordResetLink($member, $token);
/* @var Member_ForgotPasswordEmail $email */
$email = Member_ForgotPasswordEmail::create();
$email->populateTemplate($member);
$email->populateTemplate(['PasswordResetLink' => $link]);
$email->setTo($member->Email);
$email->send();
return $link;
}
public function forgotPassword($data)
{
$email = isset($data['Email']) ? Convert::raw2sql($data['Email']) : null;
try {
if (empty($email)) {
throw new EntityValidationException('Please enter an email address to get a password reset link.');
}
$member = Member::get()->filter('Email', $email)->first();
// Allow vetoing forgot password requests
$results = $this->extend('forgotPassword', $member);
if ($results && is_array($results) && in_array(false, $results, true)) {
return $this->controller->redirect('Security/lostpassword');
}
if ($member) {
$token = $this->tx_manager->transaction(function () use($member) {
return $member->generateAutologinTokenAndStoreHash();
});
$e = Member_ForgotPasswordEmail::create();
$e->populateTemplate($member);
$e->populateTemplate(array('PasswordResetLink' => Security::getPasswordResetLink($member, $token)));
$e->setTo($member->Email);
$e->send();
$this->controller->redirect('Security/passwordsent/' . urlencode($email));
}
// Avoid information disclosure by displaying the same status,
// regardless wether the email address actually exists
$this->controller->redirect('Security/passwordsent/' . urlencode($email));
} catch (EntityValidationException $ex1) {
$this->sessionMessage($ex1->getMessage(), 'bad');
SS_Log::log($ex1->getMessage(), SS_Log::WARN);
$this->controller->redirect('Security/lostpassword');
} catch (Exception $ex) {
$this->sessionMessage('There was an error with your request!', 'bad');
SS_Log::log($ex->getMessage(), SS_Log::ERR);
$this->controller->redirect('Security/lostpassword');
}
}
/**
* Forgot password form handler method
*
* This method is called when the user clicks on "I've lost my password"
*
* @param array $data Submitted data
*/
function forgotPassword($data)
{
$SQL_data = Convert::raw2sql($data);
$SQL_email = $SQL_data['Email'];
$member = DataObject::get_one('Member', "\"Email\" = '{$SQL_email}'");
if ($member) {
$member->generateAutologinHash();
$member->sendInfo('forgotPassword', array('PasswordResetLink' => Security::getPasswordResetLink($member->AutoLoginHash)));
Director::redirect('Security/passwordsent/' . urlencode($data['Email']));
} elseif ($data['Email']) {
// Avoid information disclosure by displaying the same status,
// regardless wether the email address actually exists
Director::redirect('Security/passwordsent/' . urlencode($data['Email']));
} else {
$this->sessionMessage(_t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'), 'bad');
Director::redirect('Security/lostpassword');
}
}
/**
* Sends password recovery email
*
* @param SS_HTTPRequest $request HTTP request containing 'email' vars
* @return array 'email' => false if email fails (Member doesn't exist will not be reported)
*/
public function lostPassword(SS_HTTPRequest $request)
{
$email = Convert::raw2sql($request->requestVar('email'));
$member = DataObject::get_one('Member', "\"Email\" = '{$email}'");
$sent = true;
if ($member) {
$token = $member->generateAutologinTokenAndStoreHash();
$e = Member_ForgotPasswordEmail::create();
$e->populateTemplate($member);
$e->populateTemplate(array('PasswordResetLink' => Security::getPasswordResetLink($member, $token)));
$e->setTo($member->Email);
$sent = $e->send();
}
return array('email' => $sent);
}
/**
* Forgot password form handler method.
* Called when the user clicks on "I've lost my password".
* Extensions can use the 'forgotPassword' method to veto executing
* the logic, by returning FALSE. In this case, the user will be redirected back
* to the form without further action. It is recommended to set a message
* in the form detailing why the action was denied.
*
* @param array $data Submitted data
*/
public function forgotPassword($data)
{
// Ensure password is given
if (empty($data['Email'])) {
$this->sessionMessage(_t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'), 'bad');
$this->controller->redirect('Security/lostpassword');
return;
}
// Find existing member
$member = Member::get()->filter("Email", $data['Email'])->first();
// Allow vetoing forgot password requests
$results = $this->extend('forgotPassword', $member);
if ($results && is_array($results) && in_array(false, $results, true)) {
return $this->controller->redirect('Security/lostpassword');
}
if ($member) {
$token = $member->generateAutologinTokenAndStoreHash();
$e = Member_ForgotPasswordEmail::create();
$e->populateTemplate($member);
$e->populateTemplate(array('PasswordResetLink' => Security::getPasswordResetLink($member, $token)));
$e->setTo($member->Email);
$e->send();
$this->controller->redirect('Security/passwordsent/' . urlencode($data['Email']));
} elseif ($data['Email']) {
// Avoid information disclosure by displaying the same status,
// regardless wether the email address actually exists
$this->controller->redirect('Security/passwordsent/' . rawurlencode($data['Email']));
} else {
$this->sessionMessage(_t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'), 'bad');
$this->controller->redirect('Security/lostpassword');
}
}
/**
* Forgot password form handler method
*
* This method is called when the user clicks on "I've lost my password"
*
* @param array $data Submitted data
*/
public function forgotPassword($data)
{
$SQL_data = Convert::raw2sql($data);
$SQL_email = $SQL_data['Email'];
$member = DataObject::get_one('Member', "\"Email\" = '{$SQL_email}'");
if ($member) {
$token = $member->generateAutologinTokenAndStoreHash();
$e = Member_ForgotPasswordEmail::create();
$e->populateTemplate($member);
$e->populateTemplate(array('PasswordResetLink' => Security::getPasswordResetLink($member, $token)));
$e->setTo($member->Email);
$e->send();
$this->controller->redirect('Security/passwordsent/' . urlencode($data['Email']));
} elseif ($data['Email']) {
// Avoid information disclosure by displaying the same status,
// regardless wether the email address actually exists
$this->controller->redirect('Security/passwordsent/' . urlencode($data['Email']));
} else {
$this->sessionMessage(_t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'), 'bad');
$this->controller->redirect('Security/lostpassword');
}
}
/**
* Forgot password form handler method
*
* This method is called when the user clicks on "I've lost my password"
*
* @param array $data Submitted data
*/
function forgotPassword($data)
{
$SQL_data = Convert::raw2sql($data);
$SQL_email = $SQL_data['Email'];
$member = DataObject::get_one('Member', "Email = '{$SQL_email}'");
if ($member) {
$member->generateAutologinHash();
$member->sendInfo('forgotPassword', array('PasswordResetLink' => Security::getPasswordResetLink($member->AutoLoginHash)));
Director::redirect('Security/passwordsent/' . urlencode($data['Email']));
} elseif ($data['Email']) {
$this->sessionMessage(_t('Member.ERRORSIGNUP', 'Sorry, but I don\'t recognise the e-mail address. Maybe you need ' . 'to sign up, or perhaps you used another e-mail address?'), 'bad');
Director::redirectBack();
} else {
$this->sessionMessage(_t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'), 'bad');
Director::redirect('Security/lostpassword');
}
}
/**
* Forgot password form handler method
*
* This method is called when the user clicks on "I've lost my password"
*
* @param array $data Submitted data
*/
function forgotPassword($data)
{
$SQL_data = Convert::raw2sql($data);
if ($data['Email'] && ($member = DataObject::get_one("Member", "Member.Email = '{$SQL_data['Email']}'"))) {
$member->generateAutologinHash();
$member->sendInfo('forgotPassword', array('PasswordResetLink' => Security::getPasswordResetLink($member->AutoLoginHash)));
Director::redirect('Security/passwordsent/' . urlencode($data['Email']));
} else {
if ($data['Email']) {
$this->sessionMessage(_t('Member.ERRORSIGNUP', "Sorry, but I don't recognise the e-mail address. Maybe you need " . "to sign up, or perhaps you used another e-mail address?"), "bad");
Director::redirectBack();
} else {
Director::redirect("Security/lostpassword");
}
}
}
