/**
* @return string
*/
public function changepassword()
{
$tmpPage = new Page();
$tmpPage->Title = _t('Security.CHANGEPASSWORDHEADER', 'Change your password');
$tmpPage->URLSegment = 'Security';
$tmpPage->ID = -1;
// Set the page ID to -1 so we dont get the top level pages as its children
$controller = new Page_Controller($tmpPage);
$controller->init();
try {
$former_hash = Session::get('AutoLoginHash');
// if we have the token and the member redirect back to clear those values and avoid leaking
// on referer header
if (isset($_REQUEST['t']) && isset($_REQUEST['m'])) {
// if we dont have a former autologin hash, generate it ...
if (empty($former_hash)) {
$new_hash = $this->password_manager->verifyToken((int) @$_REQUEST['m'], @$_REQUEST['t']);
Session::set('AutoLoginHash', $new_hash);
}
return $this->redirect($this->Link('changepassword'));
}
if (!empty($former_hash)) {
// Subsequent request after the "first load with hash"
$customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.ENTERNEWPASSWORD', 'Please enter a new password.') . '</p>', 'Form' => $this->ChangePasswordForm()));
} else {
if (Member::currentUser()) {
// Logged in user requested a password change form.
$customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.CHANGEPASSWORDBELOW', 'You can change your password below.') . '</p>', 'Form' => $this->ChangePasswordForm()));
} else {
self::permissionFailure($this, _t('Security.ERRORPASSWORDPERMISSION', 'You must be logged in in order to change your password!'));
return;
}
}
} catch (InvalidPasswordResetLinkException $ex1) {
$customisedController = $controller->customise(array('Content' => sprintf('<p>This link is no longer valid as a newer request for a password reset has been made. Please check your mailbox for the most recent link</p><p>You can request a new one <a href="%s">here', $this->Link('lostpassword'))));
}
return $customisedController->renderWith(array('Security_changepassword', 'Security', $this->stat('template_main'), 'ContentController'));
}
/**
* Show the "change password" page
*
* @return string Returns the "change password" page as HTML code.
*/
public function changepassword()
{
$tmpPage = new Page();
$tmpPage->Title = _t('Security.CHANGEPASSWORDHEADER', 'Change your password');
$tmpPage->URLSegment = 'Security';
$controller = new Page_Controller($tmpPage);
$controller->init();
if (isset($_REQUEST['h']) && Member::autoLoginHash($_REQUEST['h'])) {
// The auto login hash is valid, store it for the change password form
Session::set('AutoLoginHash', $_REQUEST['h']);
$customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.ENTERNEWPASSWORD', 'Please enter a new password.') . '</p>', 'Form' => $this->ChangePasswordForm()));
} elseif (Member::currentUser()) {
// let a logged in user change his password
$customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.CHANGEPASSWORDBELOW', 'You can change your password below.') . '</p>', 'Form' => $this->ChangePasswordForm()));
} else {
// show an error message if the auto login hash is invalid and the
// user is not logged in
if (isset($_REQUEST['h'])) {
$customisedController = $controller->customise(array('Content' => sprintf(_t('Security.NOTERESETLINKINVALID', "<p>The password reset link is invalid or expired.</p>\n" . '<p>You can request a new one <a href="%s">here</a> or change your password after you <a href="%s">logged in</a>.</p>'), $this->Link('lostpassword'), $this->link('login'))));
} else {
self::permissionFailure($this, _t('Security.ERRORPASSWORDPERMISSION', 'You must be logged in in order to change your password!'));
return;
}
}
//Controller::$currentController = $controller;
return $customisedController->renderWith('Page');
}
/**
* Validate the link clicked in email
*
* @param SS_HTTPRequest $request The SS_HTTPRequest for this action.
* @return string Returns the "validated" page as HTML code.
*/
public function validate($request)
{
$tmpPage = new Page();
$tmpPage->Title = _t('EmailVerifiedMember.VERIFYEMAILHEADER', 'Verification link');
$tmpPage->URLSegment = 'Security';
$tmpPage->ID = -1;
// Set the page ID to -1 so we dont get the top level pages as its children
$controller = new Page_Controller($tmpPage);
$controller->init();
if ($request && ($member = DataObject::get_one('Member', "\"Email\" = '" . Convert::raw2sql($request->param('ID')) . "'"))) {
if ($member->VerificationString == Convert::raw2sql($request->param('OtherID'))) {
if (!$member->Verified) {
$member->Verified = true;
$member->write();
$member->sendmoderatoremail();
}
$config = SiteConfig::current_site_config();
//Debug::Show($config);
if ($config->Moderate) {
$nextAction = _t('EmailVerifiedMember.NEXTACTIONMODERATE', "You will be able to login after a moderator has approved your account.");
} else {
$nextAction = _t('EmailVerifiedMember.NEXTACTIONLOGIN', "You can now <a href='security/login'>login</a> to the website.");
}
$customisedController = $controller->customise(array('Title' => _t('EmailVerifiedMember.ACCOUNTVERIFIEDTITLE', "Member account verified"), 'Content' => "<p>" . sprintf(_t('EmailVerifiedMember.EMAILVERIFIED', "Thank you %s! Your email account has been verified." . " " . $nextAction), $member->Name) . "</p>"));
return $customisedController->renderWith(array('Security_validationsuccess', 'Security', $this->owner->stat('template_main'), 'ContentController'));
}
}
// Verification failed
$customisedController = $controller->customise(array('Title' => _t('EmailVerifiedMember.ACCOUNTVERIFIEDFAILTITLE', "Member email address verification failed"), 'Content' => "<p>" . sprintf(_t('EmailVerifiedMember.ACCOUNTVERIFIEDFAIL', "Member email address verification failed, either unknown email address or invalid verification string. Please ensure you copy and pasted the entire link."), $member->Name) . "</p>"));
return $customisedController->renderWith(array('Security_validationfail', 'Security', $this->owner->stat('template_main'), 'ContentController'));
}
/**
* Merge some arbitrary data in with this object. This method returns a {@link ViewableData_Customised} instance
* with references to both this and the new custom data.
*
* Note that any fields you specify will take precedence over the fields on this object.
*
* Adds custom product detail data when a product detail view is requested.
*
* @param array $data Customised data
*
* @return ViewableData_Customised
*
* @author Sebastian Diel <*****@*****.**>
* @since 27.07.2012
*/
public function customise($data)
{
if ($this->isProductDetailView()) {
$data = array_merge($data, $this->ProductDetailViewParams());
}
$customisedData = parent::customise($data);
return $customisedData;
}
/**
* Show the "change password" page.
* This page can either be called directly by logged-in users
* (in which case they need to provide their old password),
* or through a link emailed through {@link lostpassword()}.
* In this case no old password is required, authentication is ensured
* through the Member.AutoLoginHash property.
*
* @see ChangePasswordForm
*
* @return string Returns the "change password" page as HTML code.
*/
public function changepassword()
{
$tmpPage = new Page();
$tmpPage->Title = _t('Security.CHANGEPASSWORDHEADER', 'Change your password');
$tmpPage->URLSegment = 'Security';
$tmpPage->ID = -1;
// Set the page ID to -1 so we dont get the top level pages as its children
$controller = new Page_Controller($tmpPage);
$controller->init();
// Extract the member from the URL.
$member = null;
if (isset($_REQUEST['m'])) {
$member = DataObject::get_by_id('Member', (int) $_REQUEST['m']);
}
// Check whether we are merely changin password, or resetting.
if (isset($_REQUEST['t']) && $member && $member->validateAutoLoginToken($_REQUEST['t'])) {
// On first valid password reset request redirect to the same URL without hash to avoid referrer leakage.
// Store the hash for the change password form. Will be unset after reload within the ChangePasswordForm.
Session::set('AutoLoginHash', $member->encryptWithUserSettings($_REQUEST['t']));
return $this->redirect($this->Link('changepassword'));
} elseif (Session::get('AutoLoginHash')) {
// Subsequent request after the "first load with hash" (see previous if clause).
$customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.ENTERNEWPASSWORD', 'Please enter a new password.') . '</p>', 'Form' => $this->ChangePasswordForm()));
} elseif (Member::currentUser()) {
// Logged in user requested a password change form.
$customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.CHANGEPASSWORDBELOW', 'You can change your password below.') . '</p>', 'Form' => $this->ChangePasswordForm()));
} else {
// show an error message if the auto login token is invalid and the
// user is not logged in
if (!isset($_REQUEST['t']) || !$member) {
$customisedController = $controller->customise(array('Content' => sprintf(_t('Security.NOTERESETLINKINVALID', '<p>The password reset link is invalid or expired.</p><p>You can request a new one <a href="%s">here</a> or change your password after you <a href="%s">logged in</a>.</p>'), $this->Link('lostpassword'), $this->link('login'))));
} else {
self::permissionFailure($this, _t('Security.ERRORPASSWORDPERMISSION', 'You must be logged in in order to change your password!'));
return;
}
}
return $customisedController->renderWith(array('Security_changepassword', 'Security', $this->stat('template_main'), 'ContentController'));
}
/**
* Show the "change password" page.
* This page can either be called directly by logged-in users
* (in which case they need to provide their old password),
* or through a link emailed through {@link lostpassword()}.
* In this case no old password is required, authentication is ensured
* through the Member.AutoLoginHash property.
*
* @see ChangePasswordForm
*
* @return string Returns the "change password" page as HTML code.
*/
public function changepassword()
{
$tmpPage = new Page();
$tmpPage->Title = _t('Security.CHANGEPASSWORDHEADER', 'Change your password');
$tmpPage->URLSegment = 'Security';
$tmpPage->ID = -1;
// Set the page ID to -1 so we dont get the top level pages as its children
$controller = new Page_Controller($tmpPage);
$controller->init();
// First load with hash: Redirect to same URL without hash to avoid referer leakage
if (isset($_REQUEST['h']) && Member::member_from_autologinhash($_REQUEST['h'])) {
// The auto login hash is valid, store it for the change password form.
// Temporary value, unset in ChangePasswordForm
Session::set('AutoLoginHash', $_REQUEST['h']);
return $this->redirect($this->Link('changepassword'));
// Redirection target after "First load with hash"
} elseif (Session::get('AutoLoginHash')) {
$customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.ENTERNEWPASSWORD', 'Please enter a new password.') . '</p>', 'Form' => $this->ChangePasswordForm()));
} elseif (Member::currentUser()) {
// let a logged in user change his password
$customisedController = $controller->customise(array('Content' => '<p>' . _t('Security.CHANGEPASSWORDBELOW', 'You can change your password below.') . '</p>', 'Form' => $this->ChangePasswordForm()));
} else {
// show an error message if the auto login hash is invalid and the
// user is not logged in
if (isset($_REQUEST['h'])) {
$customisedController = $controller->customise(array('Content' => sprintf(_t('Security.NOTERESETLINKINVALID', '<p>The password reset link is invalid or expired.</p><p>You can request a new one <a href="%s">here</a> or change your password after you <a href="%s">logged in</a>.</p>'), $this->Link('lostpassword'), $this->link('login'))));
} else {
self::permissionFailure($this, _t('Security.ERRORPASSWORDPERMISSION', 'You must be logged in in order to change your password!'));
return;
}
}
return $customisedController->renderWith(array('Security_changepassword', 'Security', $this->stat('template_main'), 'ContentController'));
}
public function usernamesent($request)
{
Requirements::javascript(THIRDPARTY_DIR . '/behaviour.js');
Requirements::javascript(THIRDPARTY_DIR . '/loader.js');
Requirements::javascript(THIRDPARTY_DIR . '/prototype.js');
Requirements::javascript(THIRDPARTY_DIR . '/prototype_improvements.js');
Requirements::javascript(THIRDPARTY_DIR . '/scriptaculous/effects.js');
$tmpPage = new Page();
$tmpPage->Title = _t('Security.LOSTPASSWORDHEADER');
$tmpPage->URLSegment = 'UsernameSecurity';
$tmpPage->ID = -1;
$controller = new Page_Controller($tmpPage);
$controller->init();
$email = Session::get('ForgotEmail') ? Convert::raw2xml(Session::get('ForgotEmail')) : null;
Session::clear('ForgotEmail');
$customisedController = $controller->customise(array('Title' => _t('Security.USERNAMESENTHEADER', "Username sent"), 'Content' => "<p>" . sprintf(_t('Security.USERNAMESENTTEXT', "Username has been sent to: '%s'"), $email) . "</p>"));
return $customisedController->renderWith(array('Security_passwordsent', 'Security', $this->stat('template_main')));
}
