/** * Change password */ public function actionChangePassword($expired = false) { $uid = Yii::app()->user->id; if(isset($_GET['id'])) $uid = $_GET['id']; $form = new YumUserChangePassword; $form->scenario = 'user_request'; if(isset($_POST['YumUserChangePassword'])) { $form->attributes = $_POST['YumUserChangePassword']; $form->validate(); if(!YumEncrypt::validate_password($form->currentPassword, YumUser::model()->findByPk($uid)->password, YumUser::model()->findByPk($uid)->salt)) $form->addError('currentPassword', Yum::t('Your current password is not correct')); if(!$form->hasErrors()) { if(YumUser::model()->findByPk($uid)->setPassword($form->password, YumUser::model()->findByPk($uid)->salt)) { Yum::setFlash('The new password has been saved'); Yum::log(Yum::t('User {username} has changed his password', array( '{username}' => Yii::app()->user->name))); } else { Yum::setFlash('There was an error saving the password'); Yum::log( Yum::t( 'User {username} tried to change his password, but an error occured', array( '{username}' => Yii::app()->user->name)), 'error'); } $this->redirect(Yum::module()->returnUrl); } } if(Yii::app()->request->isAjaxRequest) $this->renderPartial('changepassword', array( 'form'=>$form, 'expired' => $expired)); else $this->render('changepassword', array( 'form'=>$form, 'expired' => $expired)); }
public function authenticate($without_password = false) { $user = YumUser::model()->find('username = :username', array(':username' => $this->username)); // try to authenticate via email if (!$user && Yum::module()->loginType & 2 && Yum::hasModule('profile')) { if ($profile = YumProfile::model()->find('email = :email', array(':email' => $this->username))) { if ($profile->user) { $user = $profile->user; } } } if (!$user) { return self::ERROR_STATUS_USER_DOES_NOT_EXIST; } if ($without_password) { $this->credentialsConfirmed($user); } else { if (!YumEncrypt::validate_password($this->password, $user->password, $user->salt)) { $this->errorCode = self::ERROR_PASSWORD_INVALID; } else { if ($user->status == YumUser::STATUS_INACTIVE) { $this->errorCode = self::ERROR_STATUS_INACTIVE; } else { if ($user->status == YumUser::STATUS_BANNED) { $this->errorCode = self::ERROR_STATUS_BANNED; } else { if ($user->status == YumUser::STATUS_REMOVED) { $this->errorCode = self::ERROR_STATUS_REMOVED; } else { $this->credentialsConfirmed($user); } } } } } return !$this->errorCode; }
/** * Deletes a user by setting the status to 'deleted' */ public function actionDelete($id = null) { if (!$id) { $id = Yii::app()->user->id; } $user = YumUser::model()->findByPk($id); if (Yii::app()->user->isAdmin()) { //This is necesary for handling human stupidity. if ($user && $user->id == Yii::app()->user->id) { Yum::setFlash('You can not delete your own admin account'); $this->redirect(array('//user/user/admin')); } if ($user->delete()) { Yum::setFlash('The User has been deleted'); if (!Yii::app()->request->isAjaxRequest) { $this->redirect('//user/user/admin'); } } } else { if (isset($_POST['confirmPassword'])) { if (YumEncrypt::validate_password($_POST['confirmPassword'], $user->password, $user->salt)) { if ($user->delete()) { $this->actionLogout(); } else { Yum::setFlash('Error while deleting Account. Account was not deleted'); } } else { Yum::setFlash('Wrong password confirmation! Account was not deleted'); } $this->redirect(Yum::module()->deleteUrl); } } $this->render('confirmDeletion', array('model' => $user)); }