/** * Create an account * * @return void */ public function action_create() { $this->template->content = View::factory('pages/login/create')->bind('form_name', $form_name)->bind('form_nickname', $form_nickname)->bind('errors', $errors); $email = $this->request->param('email'); $token = $this->request->param('token'); $user = ORM::factory('user', array('email' => $email)); if ($user->loaded()) { $this->template->content = View::factory('pages/login/landing'); $this->template->content->errors = array(__('Email is already registered')); $this->template->header->meta = '<meta HTTP-EQUIV="REFRESH" content="5; url=' . URL::site() . '">'; return; } else { // To retun user entered values in case of errors $form_name = $this->request->post('name'); $form_nickname = $this->request->post('nickname'); } if ($this->request->post() and !$user->loaded()) { $post = Model_Auth_User::get_password_validation($this->request->post())->rule('name', 'not_empty')->rule('nickname', 'not_empty')->rule('nickname', 'alpha_dash'); if (!$post->check()) { $errors = $post->errors('user'); } else { // RiverID validation if ($this->riverid_auth) { $riverid_api = RiverID_API::instance(); $resp = $riverid_api->set_password($email, $token, $this->request->post('password')); if (!$resp['status']) { $errors = array($resp['error']); } } else { // ORM auth validation $token = Model_Auth_Token::get_token($token, 'new_registration'); if (!$token) { $errors = array(__('Error')); } else { $data = json_decode($token->data); $token->delete(); if ($email != $data->email) { // The email in the request does not match // the email in the token $errors = array(__('Invalid email')); } } } // Is the nickname taken? $nickname = strtolower($this->request->post('nickname')); $account = ORM::factory('account', array('account_path' => $nickname)); if ($account->loaded()) { $errors = array(__('Nickname is already taken')); } } if (!$errors) { // User entry $user = ORM::factory('user'); $user->username = $user->email = $email; $user->name = $this->request->post('name'); if (!$this->riverid_auth) { // Password only needed locally for ORM auth $user->password = $this->request->post('password'); } $user->save(); // Account entry $nickname = strtolower($this->request->post('nickname')); $user->account->account_path = $nickname; $user->account->user_id = $user->id; $user->account->save(); // Allow the user be able to login immediately $login_role = ORM::factory('role', array('name' => 'login')); $user->add('roles', $login_role); $user->save(); // Auto login Auth::instance()->login($user->username, $this->request->post('password'), FALSE); // Show a message and redirect to swift $this->template->content = View::factory('pages/login/landing'); $this->template->content->messages = array(__('Account was created successfuly.')); $this->template->header->meta = '<meta HTTP-EQUIV="REFRESH" content="5; url=' . URL::site() . '">'; } } }
private function _update_settings() { // Validate current password $validated = FALSE; $current_password = $_POST['current_password']; if ($this->riverid_auth) { $response = RiverID_API::instance()->signin($this->user->email, $_POST['current_password']); $validated = ($response and $response['status']); } else { $validated = Auth::instance()->hash($current_password) == $this->user->password; } if (!$validated) { $this->errors = __('Current password is incorrect'); return; } $messages = array(); // Password is changing and we are using RiverID authentication if (!empty($_POST['password']) or !empty($_POST['password_confirm'])) { $post = Model_Auth_User::get_password_validation($_POST); if (!$post->check()) { $this->errors = $post->errors('user'); return; } // Are we using RiverID? if ($this->riverid_auth) { $resp = RiverID_API::instance()->change_password($this->user->email, $_POST['current_password'], $_POST['password']); if (!$resp['status']) { $this->errors = $resp['error']; return; } // For API calls below, use this new password $current_password = $_POST['password']; unset($_POST['password'], $_POST['password_confirm']); } } // Email address is changing if ($_POST['email'] != $this->user->email) { $new_email = $_POST['email']; if (!Valid::email($new_email)) { $this->errors = __('Invalid email address'); return; } if ($this->riverid_auth) { // RiverID email change process $mail_body = View::factory('emails/changeemail')->bind('secret_url', $secret_url); $secret_url = url::site('login/changeemail/' . urlencode($this->user->email) . '/' . urlencode($new_email) . '/%token%', TRUE, TRUE); $site_email = Kohana::$config->load('useradmin.email_address'); $mail_subject = __(':sitename: Email Change', array(':sitename' => Model_Setting::get_setting('site_name'))); $resp = RiverID_API::instance()->change_email($this->user->email, $new_email, $current_password, $mail_body, $mail_subject, $site_email); if (!$resp['status']) { $this->errors = $resp['error']; return; } } else { // Make sure the new email address is not yet registered $user = ORM::factory('user', array('email' => $new_email)); if ($user->loaded()) { $this->errors = __('The new email address has already been registered'); return; } $auth_token = Model_Auth_Token::create_token('change_email', array('new_email' => $new_email, 'old_email' => $this->user->email)); if ($auth_token->loaded()) { // Send an email with a secret token URL $mail_body = View::factory('emails/changeemail')->bind('secret_url', $secret_url); $secret_url = URL::site('login/changeemail/' . urlencode($this->user->email) . '/' . urlencode($new_email) . '/' . $auth_token->token, TRUE, TRUE); // Send email to the user using the new address $mail_subject = __(':sitename: Email Change', array(':sitename' => Model_Setting::get_setting('site_name'))); Swiftriver_Mail::send($new_email, $mail_subject, $mail_body); } else { $this->errors = __('Error'); return; } $messages[] = __("A confirmation email has been sent to :email", array(':email' => $new_email)); } // Don't change email address immediately. // Only do so after the tokens sent above are validated unset($_POST['email']); } // END if - email address change // Nickname is changing if ($_POST['nickname'] != $this->user->account->account_path) { $nickname = $_POST['nickname']; // Make sure the account path is not already taken $account = ORM::factory('account', array('account_path' => $nickname)); if ($account->loaded()) { $this->errors = __('Nickname is already taken'); return; } // Update $this->user->account->account_path = $nickname; $this->user->account->save(); } $this->user->update_user($_POST, array('name', 'password', 'email')); $messages[] = __("Account settings were saved successfully."); Session::instance()->set("messages", $messages); $this->request->redirect(URL::site($this->user->account->account_path . '/settings')); }