/** * Method for allowing a user to reset their password * @param {stdClass} $data Data passed from ActionScript * @return {array} Returns a standard response array */ public function lostPassword($data) { $response = CodeBank_ClientAPI::responseBase(); $response['login'] = true; $SQL_email = Convert::raw2sql($data->user); $member = Member::get_one('Member', "\"Email\"='{$SQL_email}'"); // Allow vetoing forgot password requests $sng = new MemberLoginForm(Controller::has_curr() ? Controller::curr() : singleton('Controller'), 'LoginForm'); $results = $sng->extend('forgotPassword', $member); if ($results && is_array($results) && in_array(false, $results, true)) { $response['status'] = 'HELO'; $response['message'] = _t('CodeBankAPI.PASSWORD_SENT_TEXT', "A reset link has been sent to '{email}', provided an account exists for this email address.", array('email' => $data['Email'])); } if ($member) { $token = $member->generateAutologinTokenAndStoreHash(); $e = Member_ForgotPasswordEmail::create(); $e->populateTemplate($member); $e->populateTemplate(array('PasswordResetLink' => Security::getPasswordResetLink($member, $token))); $e->setTo($member->Email); $e->send(); $response['status'] = 'HELO'; $response['message'] = _t('CodeBankAPI.PASSWORD_SENT_TEXT', "A reset link has been sent to '{email}', provided an account exists for this email address.", array('email' => $data->user)); } else { if (!empty($data->user)) { $response['status'] = 'HELO'; $response['message'] = _t('CodeBankAPI.PASSWORD_SENT_TEXT', "A reset link has been sent to '{email}', provided an account exists for this email address.", array('email' => $data->user)); } else { $response['status'] = 'EROR'; $response['message'] = _t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'); } } return $response; }
/** * Send the reset password email and return the generated link. * * @param Member $member * * @return string */ protected function sendResetPasswordEmail(Member $member) { // hack ? global $_FILE_TO_URL_MAPPING; if ($_FILE_TO_URL_MAPPING[BASE_PATH]) { $_SERVER['REQUEST_URI'] = $_FILE_TO_URL_MAPPING[BASE_PATH]; } $token = $member->generateAutologinTokenAndStoreHash(); $link = Security::getPasswordResetLink($member, $token); /* @var Member_ForgotPasswordEmail $email */ $email = Member_ForgotPasswordEmail::create(); $email->populateTemplate($member); $email->populateTemplate(['PasswordResetLink' => $link]); $email->setTo($member->Email); $email->send(); return $link; }
public function forgotPassword($data) { $email = isset($data['Email']) ? Convert::raw2sql($data['Email']) : null; try { if (empty($email)) { throw new EntityValidationException('Please enter an email address to get a password reset link.'); } $member = Member::get()->filter('Email', $email)->first(); // Allow vetoing forgot password requests $results = $this->extend('forgotPassword', $member); if ($results && is_array($results) && in_array(false, $results, true)) { return $this->controller->redirect('Security/lostpassword'); } if ($member) { $token = $this->tx_manager->transaction(function () use($member) { return $member->generateAutologinTokenAndStoreHash(); }); $e = Member_ForgotPasswordEmail::create(); $e->populateTemplate($member); $e->populateTemplate(array('PasswordResetLink' => Security::getPasswordResetLink($member, $token))); $e->setTo($member->Email); $e->send(); $this->controller->redirect('Security/passwordsent/' . urlencode($email)); } // Avoid information disclosure by displaying the same status, // regardless wether the email address actually exists $this->controller->redirect('Security/passwordsent/' . urlencode($email)); } catch (EntityValidationException $ex1) { $this->sessionMessage($ex1->getMessage(), 'bad'); SS_Log::log($ex1->getMessage(), SS_Log::WARN); $this->controller->redirect('Security/lostpassword'); } catch (Exception $ex) { $this->sessionMessage('There was an error with your request!', 'bad'); SS_Log::log($ex->getMessage(), SS_Log::ERR); $this->controller->redirect('Security/lostpassword'); } }
/** * Forgot password form handler method * * This method is called when the user clicks on "I've lost my password" * * @param array $data Submitted data */ function forgotPassword($data) { $SQL_data = Convert::raw2sql($data); $SQL_email = $SQL_data['Email']; $member = DataObject::get_one('Member', "\"Email\" = '{$SQL_email}'"); if ($member) { $member->generateAutologinHash(); $member->sendInfo('forgotPassword', array('PasswordResetLink' => Security::getPasswordResetLink($member->AutoLoginHash))); Director::redirect('Security/passwordsent/' . urlencode($data['Email'])); } elseif ($data['Email']) { // Avoid information disclosure by displaying the same status, // regardless wether the email address actually exists Director::redirect('Security/passwordsent/' . urlencode($data['Email'])); } else { $this->sessionMessage(_t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'), 'bad'); Director::redirect('Security/lostpassword'); } }
/** * Sends password recovery email * * @param SS_HTTPRequest $request HTTP request containing 'email' vars * @return array 'email' => false if email fails (Member doesn't exist will not be reported) */ public function lostPassword(SS_HTTPRequest $request) { $email = Convert::raw2sql($request->requestVar('email')); $member = DataObject::get_one('Member', "\"Email\" = '{$email}'"); $sent = true; if ($member) { $token = $member->generateAutologinTokenAndStoreHash(); $e = Member_ForgotPasswordEmail::create(); $e->populateTemplate($member); $e->populateTemplate(array('PasswordResetLink' => Security::getPasswordResetLink($member, $token))); $e->setTo($member->Email); $sent = $e->send(); } return array('email' => $sent); }
/** * Forgot password form handler method. * Called when the user clicks on "I've lost my password". * Extensions can use the 'forgotPassword' method to veto executing * the logic, by returning FALSE. In this case, the user will be redirected back * to the form without further action. It is recommended to set a message * in the form detailing why the action was denied. * * @param array $data Submitted data */ public function forgotPassword($data) { // Ensure password is given if (empty($data['Email'])) { $this->sessionMessage(_t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'), 'bad'); $this->controller->redirect('Security/lostpassword'); return; } // Find existing member $member = Member::get()->filter("Email", $data['Email'])->first(); // Allow vetoing forgot password requests $results = $this->extend('forgotPassword', $member); if ($results && is_array($results) && in_array(false, $results, true)) { return $this->controller->redirect('Security/lostpassword'); } if ($member) { $token = $member->generateAutologinTokenAndStoreHash(); $e = Member_ForgotPasswordEmail::create(); $e->populateTemplate($member); $e->populateTemplate(array('PasswordResetLink' => Security::getPasswordResetLink($member, $token))); $e->setTo($member->Email); $e->send(); $this->controller->redirect('Security/passwordsent/' . urlencode($data['Email'])); } elseif ($data['Email']) { // Avoid information disclosure by displaying the same status, // regardless wether the email address actually exists $this->controller->redirect('Security/passwordsent/' . rawurlencode($data['Email'])); } else { $this->sessionMessage(_t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'), 'bad'); $this->controller->redirect('Security/lostpassword'); } }
/** * Forgot password form handler method * * This method is called when the user clicks on "I've lost my password" * * @param array $data Submitted data */ public function forgotPassword($data) { $SQL_data = Convert::raw2sql($data); $SQL_email = $SQL_data['Email']; $member = DataObject::get_one('Member', "\"Email\" = '{$SQL_email}'"); if ($member) { $token = $member->generateAutologinTokenAndStoreHash(); $e = Member_ForgotPasswordEmail::create(); $e->populateTemplate($member); $e->populateTemplate(array('PasswordResetLink' => Security::getPasswordResetLink($member, $token))); $e->setTo($member->Email); $e->send(); $this->controller->redirect('Security/passwordsent/' . urlencode($data['Email'])); } elseif ($data['Email']) { // Avoid information disclosure by displaying the same status, // regardless wether the email address actually exists $this->controller->redirect('Security/passwordsent/' . urlencode($data['Email'])); } else { $this->sessionMessage(_t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'), 'bad'); $this->controller->redirect('Security/lostpassword'); } }
/** * Forgot password form handler method * * This method is called when the user clicks on "I've lost my password" * * @param array $data Submitted data */ function forgotPassword($data) { $SQL_data = Convert::raw2sql($data); $SQL_email = $SQL_data['Email']; $member = DataObject::get_one('Member', "Email = '{$SQL_email}'"); if ($member) { $member->generateAutologinHash(); $member->sendInfo('forgotPassword', array('PasswordResetLink' => Security::getPasswordResetLink($member->AutoLoginHash))); Director::redirect('Security/passwordsent/' . urlencode($data['Email'])); } elseif ($data['Email']) { $this->sessionMessage(_t('Member.ERRORSIGNUP', 'Sorry, but I don\'t recognise the e-mail address. Maybe you need ' . 'to sign up, or perhaps you used another e-mail address?'), 'bad'); Director::redirectBack(); } else { $this->sessionMessage(_t('Member.ENTEREMAIL', 'Please enter an email address to get a password reset link.'), 'bad'); Director::redirect('Security/lostpassword'); } }
/** * Forgot password form handler method * * This method is called when the user clicks on "I've lost my password" * * @param array $data Submitted data */ function forgotPassword($data) { $SQL_data = Convert::raw2sql($data); if ($data['Email'] && ($member = DataObject::get_one("Member", "Member.Email = '{$SQL_data['Email']}'"))) { $member->generateAutologinHash(); $member->sendInfo('forgotPassword', array('PasswordResetLink' => Security::getPasswordResetLink($member->AutoLoginHash))); Director::redirect('Security/passwordsent/' . urlencode($data['Email'])); } else { if ($data['Email']) { $this->sessionMessage(_t('Member.ERRORSIGNUP', "Sorry, but I don't recognise the e-mail address. Maybe you need " . "to sign up, or perhaps you used another e-mail address?"), "bad"); Director::redirectBack(); } else { Director::redirect("Security/lostpassword"); } } }