/**
* Prepare the controller for handling the response to this request.
*
* Copied from Security getResponseController() with minor modifications.
*
* @param string $title Title to use
* @return Controller
*/
public function getResponseController($title)
{
$temp_page = new Page();
$temp_page->Title = $title;
$temp_page->URLSegment = 'Security';
$temp_page->ID = -1 * rand(1, 10000000);
// Disable ID-based caching of the log-in page by making it a random number
$controller = Page_Controller::create($temp_page);
$controller->init();
return $controller;
}
public function index()
{
Requirements::css(UNILOGIN_MODULE_DIR . '/css/style.css');
// TODO. Add as composer requirement?
Requirements::css('https://maxcdn.bootstrapcdn.com/bootstrap/3.3.2/css/bootstrap.min.css');
if (class_exists('SiteTree')) {
$tmpPage = new Page();
$tmpPage->Title = _t('UniLogIn.Title', 'Choose member to login');
$tmpPage->URLSegment = "unilogin";
// Disable ID-based caching of the log-in page by making it a random number
$tmpPage->ID = -1 * rand(1, 10000000);
$controller = Page_Controller::create($tmpPage);
$controller->setDataModel($this->model);
$controller->init();
} else {
$controller = $this;
}
$customisedController = $controller->customise(array("Content" => _t('UniLogIn.Content', 'Choose member to login. Currently logged as {name}.', '', array('name' => Member::currentUser()->Title)), "Members" => Member::get()->exclude('ID', Member::currentUserID())->sort(array('FirstName' => 'asc', 'Surname' => 'asc'))));
return $customisedController->renderWith(array('UniloginPage', 'Page'));
}
public function testCreateUserDefinedTemplate()
{
$this->logInWithPermission();
$ut = new UserTemplate();
$ut->Title = 'Template 1';
$ut->Use = 'Layout';
$ut->Content = 'UserTemplate 1 $Content';
$ut->write();
$page = Page::create();
$page->Title = 'My page';
$page->Content = 'PageContent';
$page->write();
$out = $page->renderWith(array('Page', 'Page'));
$this->assertTrue(strpos($out, 'PageContent') > 0);
$this->assertTrue(strpos($out, 'UserTemplate 1') === false);
// bind the user template
$page->LayoutTemplateID = $ut->ID;
$page->write();
$ctrl = Page_Controller::create($page);
$viewer = $ctrl->getViewer('index');
$out = $viewer->process($ctrl);
$this->assertTrue(strpos($out, 'UserTemplate 1 PageContent') > 0);
}
/**
* Show the "change password" page.
* This page can either be called directly by logged-in users
* (in which case they need to provide their old password),
* or through a link emailed through {@link lostpassword()}.
* In this case no old password is required, authentication is ensured
* through the Member.AutoLoginHash property.
*
* @see ChangePasswordForm
*
* @return string Returns the "change password" page as HTML code.
*/
public function changepassword()
{
if (class_exists('SiteTree')) {
$tmpPage = new Page();
$tmpPage->Title = _t('Security.CHANGEPASSWORDHEADER', 'Change your password');
$tmpPage->URLSegment = 'Security';
// Disable ID-based caching of the log-in page by making it a random number
$tmpPage->ID = -1 * rand(1, 10000000);
$controller = Page_Controller::create($tmpPage);
$controller->init();
} else {
$controller = $this;
}
// if the controller calls Director::redirect(), this will break early
if (($response = $controller->getResponse()) && $response->isFinished()) {
return $response;
}
// Extract the member from the URL.
$member = null;
if (isset($_REQUEST['m'])) {
$member = Member::get()->filter('ID', (int) $_REQUEST['m'])->First();
}
// Check whether we are merely changin password, or resetting.
if (isset($_REQUEST['t']) && $member && $member->validateAutoLoginToken($_REQUEST['t'])) {
// On first valid password reset request redirect to the same URL without hash to avoid referrer leakage.
// if there is a current member, they should be logged out
if ($curMember = Member::currentUser()) {
$curMember->logOut();
}
// Store the hash for the change password form. Will be unset after reload within the ChangePasswordForm.
Session::set('AutoLoginHash', $member->encryptWithUserSettings($_REQUEST['t']));
return $this->redirect($this->Link('changepassword'));
} elseif (Session::get('AutoLoginHash')) {
// Subsequent request after the "first load with hash" (see previous if clause).
$customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.ENTERNEWPASSWORD', 'Please enter a new password.') . '</p>', 'Form' => $this->ChangePasswordForm()));
} elseif (Member::currentUser()) {
// Logged in user requested a password change form.
$customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.CHANGEPASSWORDBELOW', 'You can change your password below.') . '</p>', 'Form' => $this->ChangePasswordForm()));
} else {
// Show friendly message if it seems like the user arrived here via password reset feature.
if (isset($_REQUEST['m']) || isset($_REQUEST['t'])) {
$customisedController = $controller->customise(array('Content' => _t('Security.NOTERESETLINKINVALID', '<p>The password reset link is invalid or expired.</p>' . '<p>You can request a new one <a href="{link1}">here</a> or change your password after' . ' you <a href="{link2}">logged in</a>.</p>', array('link1' => $this->Link('lostpassword'), 'link2' => $this->link('login')))));
} else {
self::permissionFailure($this, _t('Security.ERRORPASSWORDPERMISSION', 'You must be logged in in order to change your password!'));
return;
}
}
return $customisedController->renderWith($this->getTemplate('changepassword'));
}
/**
* Prepare the controller for handling the response to this request
*
* @param string $title Title to use
* @return Controller
*/
protected function getResponseController($title)
{
if (!class_exists('SiteTree')) {
return $this;
}
// Use sitetree pages to render the security page
$tmpPage = new Page();
$tmpPage->Title = $title;
$tmpPage->URLSegment = "Security";
// Disable ID-based caching of the log-in page by making it a random number
$tmpPage->ID = -1 * rand(1, 10000000);
$controller = Page_Controller::create($tmpPage);
$controller->setDataModel($this->model);
$controller->init();
return $controller;
}
/**
*
* @return void
*/
public function notAccessible()
{
$config = SiteConfig::current_site_config();
if (!($content = $config->SecuredFileDefaultContent)) {
$content = "<p>" . _t('SecuredFileController.SecuredFileDefaultContent', "The document is not accessible") . "</p>";
}
if (!($title = $config->SecuredFileDefaultTitle)) {
$title = _t('SecuredFileController.SecuredFileDefaultTitle', "The document is not accessible");
}
if (isset($_GET['ContainerURL']) && $_GET['ContainerURL']) {
$containerUrl = DBField::create_field('Varchar', $_GET['ContainerURL']);
$backLink = '<p><a href="' . $containerUrl . '">Go back</a></p>';
$content = $backLink . $content . $backLink;
}
if (class_exists('SiteTree')) {
$tmpPage = new Page();
$tmpPage->Title = $title;
$tmpPage->Content = $content;
// Disable ID-based caching of the log-in page by making it a random number
$tmpPage->ID = -1 * rand(1, 10000000);
$controller = Page_Controller::create($tmpPage);
$controller->setDataModel($this->model);
$controller->init();
} else {
$controller = $this->customise(array("Content" => $content, "Title" => $title));
}
echo $controller->renderWith(array('Page'))->Value;
exit(0);
}
public static function create_view($controller, $url = '', $action = '')
{
if (class_exists('SiteTree')) {
$page = \Page::create();
$page->URLSegment = $url ? $url : $controller->Link();
$page->Action = $action;
$page->ID = -1;
$controller = \Page_Controller::create($page);
}
return $controller;
}
