/** * Displays the 'login' page. */ public function actionLogin() { $modelClass = $this->module->getClassName(Module::CLASS_LOGIN_FORM); /** @var \nordsoftware\yii_account\models\form\LoginForm $model */ $model = new $modelClass(); $request = \Yii::app()->request; $this->runAjaxValidation($model, $this->loginFormId); if ($request->isPostRequest) { $model->attributes = $request->getPost(Helper::classNameToPostKey($modelClass)); if ($model->validate() && $model->login()) { /** @var \nordsoftware\yii_account\models\ar\Account $account */ $account = \Yii::app()->user->loadAccount(); // Check if the password has expired and require a password change if necessary. if ($model->hasPasswordExpired($account->id)) { $account->saveAttributes(array('requireNewPassword' => true)); } // Redirect the logged in user to change the password if it needs to be changed. if ($account->requireNewPassword) { $token = $this->module->generateToken(Module::TOKEN_CHANGE_PASSWORD, $account->id); // Logout the user to deny access to restricted actions until the password has been changed. \Yii::app()->user->logout(); $this->redirect(array('/account/password/change', 'token' => $token)); } $this->redirect(\Yii::app()->user->returnUrl); } } $this->render('login', array('model' => $model)); }
/** * Displays the 'sign up' page. */ public function actionIndex() { $modelClass = $this->module->getClassName(Module::CLASS_SIGNUP_FORM); /** @var \nordsoftware\yii_account\models\form\SignupForm $model */ $model = new $modelClass(); if ($this->module->enableCaptcha) { $model->scenario = 'withCaptcha'; } $request = \Yii::app()->request; $this->runAjaxValidation($model, $this->formId); if ($request->isPostRequest) { $model->attributes = $request->getPost(Helper::classNameToPostKey($modelClass)); if ($model->validate()) { $accountClass = $this->module->getClassName(Module::CLASS_ACCOUNT); /** @var \nordsoftware\yii_account\models\ar\Account $account */ $account = new $accountClass(); $account->attributes = $model->attributes; if ($account->validate()) { if (!$account->save(false)) { $this->fatalError(); } $model->createHistoryEntry($account->id, $account->salt, $account->password); if (!$this->module->enableActivation) { $account->saveAttributes(array('status' => Account::STATUS_ACTIVATED)); $this->redirect(array('/account/authenticate/login')); } $this->sendActivationMail($account); $this->redirect(array('done')); } // todo: figure out how to avoid this, the problem is that password validation is done on the account foreach ($account->getErrors() as $attribute => $errors) { foreach ($errors as $error) { $model->addError($attribute, $error); } } } // reset the captcha if validation failed. $model->captcha = ''; } $this->render('index', array('model' => $model)); }
/** * Performs logic to change the password for an account. * * @param \nordsoftware\yii_account\models\ar\AccountToken $tokenModel authentication token model. * @return \nordsoftware\yii_account\models\form\PasswordForm the form model. */ protected function changePasswordInternal(AccountToken $tokenModel) { $modelClass = $this->module->getClassName(Module::CLASS_PASSWORD_FORM); /** @var \nordsoftware\yii_account\models\form\PasswordForm $model */ $model = new $modelClass(); $request = \Yii::app()->request; $this->runAjaxValidation($model, $this->changeFormId); if ($request->isPostRequest) { $model->attributes = $request->getPost(Helper::classNameToPostKey($modelClass)); if ($model->validate()) { $accountClass = $this->module->getClassName(Module::CLASS_ACCOUNT); /** @var \nordsoftware\yii_account\models\ar\Account $account */ $account = \CActiveRecord::model($accountClass)->findByPk($tokenModel->accountId); // Check that the password has not been used in the past. if ($model->checkPasswordHistory($account, $model->password)) { $model->addError('password', Helper::t('errors', 'You have already used this password.')); } if (!$model->hasErrors() && $account->changePassword($model->password, true)) { $model->createHistoryEntry($account->id, $account->salt, $account->password); // We need to reset the requireNewPassword flag if applicable when the password has been changed. if ($account->requireNewPassword && !$account->saveAttributes(array('requireNewPassword' => false))) { $this->fatalError(); } if (!$tokenModel->saveAttributes(array('status' => AccountToken::STATUS_USED))) { $this->fatalError(); } $this->redirect(array('/account/authenticate/login')); } // todo: figure out how to avoid this, the problem is that password validation is done on the account $model->addError('password', $account->getError('password')); } } return $model; }