/** * Attempt to find and authenticate member if possible from the given data * * @param array $data * @param Form $form * @param bool &$success Success flag * @return Member Found member, regardless of successful login */ protected static function authenticate_member($data, $form, &$success) { // Default success to false $success = false; // Attempt to identify by temporary ID $member = null; $email = null; if (!empty($data['tempid'])) { // Find user by tempid, in case they are re-validating an existing session $member = Member::member_from_tempid($data['tempid']); if ($member) { $email = $member->Email; } } // Otherwise, get email from posted value instead /** @skipUpgrade */ if (!$member && !empty($data['Email'])) { $email = $data['Email']; } // Check default login (see Security::setDefaultAdmin()) $asDefaultAdmin = $email === Security::default_admin_username(); if ($asDefaultAdmin) { // If logging is as default admin, ensure record is setup correctly $member = Member::default_admin(); $success = !$member->isLockedOut() && Security::check_default_admin($email, $data['Password']); //protect against failed login if ($success) { return $member; } } // Attempt to identify user by email if (!$member && $email) { // Find user by email $member = Member::get()->filter(Member::config()->unique_identifier_field, $email)->first(); } // Validate against member if possible if ($member && !$asDefaultAdmin) { $result = $member->checkPassword($data['Password']); $success = $result->valid(); } else { $result = new ValidationResult(false, _t('Member.ERRORWRONGCRED')); } // Emit failure to member and form (if available) if (!$success) { if ($member) { $member->registerFailedLogin(); } if ($form) { $form->sessionMessage($result->message(), 'bad'); } } else { if ($member) { $member->registerSuccessfulLogin(); } } return $member; }
public function testGetStateWithFormMessages() { $fields = new FieldList(); $actions = new FieldList(); $form = new Form(new Controller(), 'TestForm', $fields, $actions); $form->sessionMessage('All saved', 'good'); $formSchema = new FormSchema(); $expected = ['id' => 'Form_TestForm', 'fields' => [['id' => 'Form_TestForm_SecurityID', 'value' => $form->getSecurityToken()->getValue(), 'data' => [], 'message' => null, 'name' => 'SecurityID']], 'messages' => [['value' => ['html' => 'All saved'], 'type' => 'good']], 'valid' => null]; $state = $formSchema->getState($form); $this->assertInternalType('array', $state); $this->assertJsonStringEqualsJsonString(json_encode($expected), json_encode($state)); }
/** * @param Form $form * @param string $message */ protected function setFormMessage($form, $message) { $form->sessionMessage($message, 'good', false); $controller = $this->getToplevelController(); if ($controller->hasMethod('getEditForm')) { $backForm = $controller->getEditForm(); $backForm->sessionMessage($message, 'good', false); } }
/** * Imports the submitted CSV file based on specifications given in * {@link self::model_importers}. * Redirects back with a success/failure message. * * @todo Figure out ajax submission of files via jQuery.form plugin * * @param array $data * @param Form $form * @param HTTPRequest $request * @return bool|HTTPResponse */ public function import($data, $form, $request) { if (!$this->showImportForm || is_array($this->showImportForm) && !in_array($this->modelClass, $this->showImportForm)) { return false; } $importers = $this->getModelImporters(); /** @var BulkLoader $loader */ $loader = $importers[$this->modelClass]; // File wasn't properly uploaded, show a reminder to the user if (empty($_FILES['_CsvFile']['tmp_name']) || file_get_contents($_FILES['_CsvFile']['tmp_name']) == '') { $form->sessionMessage(_t('ModelAdmin.NOCSVFILE', 'Please browse for a CSV file to import'), 'good'); $this->redirectBack(); return false; } if (!empty($data['EmptyBeforeImport']) && $data['EmptyBeforeImport']) { //clear database before import $loader->deleteExistingRecords = true; } $results = $loader->load($_FILES['_CsvFile']['tmp_name']); $message = ''; if ($results->CreatedCount()) { $message .= _t('ModelAdmin.IMPORTEDRECORDS', "Imported {count} records.", array('count' => $results->CreatedCount())); } if ($results->UpdatedCount()) { $message .= _t('ModelAdmin.UPDATEDRECORDS', "Updated {count} records.", array('count' => $results->UpdatedCount())); } if ($results->DeletedCount()) { $message .= _t('ModelAdmin.DELETEDRECORDS', "Deleted {count} records.", array('count' => $results->DeletedCount())); } if (!$results->CreatedCount() && !$results->UpdatedCount()) { $message .= _t('ModelAdmin.NOIMPORT', "Nothing to import"); } $form->sessionMessage($message, 'good'); return $this->redirectBack(); }
/** * @param array $data * @param Form $form * @param HTTPRequest $request * @return DBHTMLText */ public function doEdit(array $data, Form $form, HTTPRequest $request) { // Check form field state if ($this->parent->isDisabled() || $this->parent->isReadonly()) { return $this->httpError(403); } // Check item permissions $item = $this->getItem(); if (!$item) { return $this->httpError(404); } if ($item instanceof Folder) { return $this->httpError(403); } if (!$item->canEdit()) { return $this->httpError(403); } $form->saveInto($item); $item->write(); $form->sessionMessage(_t('UploadField.Saved', 'Saved'), 'good'); return $this->edit($request); }
/** * @param array $data * @param Form $form * @return HTTPResponse */ public function doDelete($data, $form) { $title = $this->record->Title; try { if (!$this->record->canDelete()) { throw new ValidationException(_t('GridFieldDetailForm.DeletePermissionsFailure', "No delete permissions"), 0); } $this->record->delete(); } catch (ValidationException $e) { $form->sessionMessage($e->getResult()->message(), 'bad', false); return $this->getToplevelController()->redirectBack(); } $message = sprintf(_t('GridFieldDetailForm.Deleted', 'Deleted %s %s'), $this->record->i18n_singular_name(), htmlspecialchars($title, ENT_QUOTES)); $toplevelController = $this->getToplevelController(); if ($toplevelController && $toplevelController instanceof LeftAndMain) { $backForm = $toplevelController->getEditForm(); $backForm->sessionMessage($message, 'good', false); } else { $form->sessionMessage($message, 'good', false); } //when an item is deleted, redirect to the parent controller $controller = $this->getToplevelController(); $controller->getRequest()->addHeader('X-Pjax', 'Content'); // Force a content refresh return $controller->redirect($this->getBackLink(), 302); //redirect back to admin section }