/**
* Change password
*/
public function actionChangepassword()
{
$model = new UserChangePassword();
if (Yii::app()->user->id) {
//$phis = new PasswordHistory();
//$passes = $phis->getHistory(Yii::app()->user->id);
//CVarDumper::dump($passes);
// ajax validator
if (isset($_POST['ajax']) && $_POST['ajax'] === 'changepassword-form') {
echo UActiveForm::validate($model);
Yii::app()->end();
}
if (isset($_POST['UserChangePassword'])) {
$model->attributes = $_POST['UserChangePassword'];
if ($model->validate()) {
$new_password = User::model()->notsafe()->findbyPk(Yii::app()->user->id);
$new_password->password = PasswordHelper::hashPassword($model->password);
$new_password->activkey = PasswordHelper::hashPassword(microtime() . $model->password);
$new_password->password_update_time = date('Y-m-d H:i:s');
$new_password->save();
$passwordHistory = new PasswordHistory();
$passwordHistory->profile_id = $new_password->id;
$passwordHistory->password = $new_password->password;
$passwordHistory->save();
Yii::app()->user->setFlash('profileMessage', UserModule::t("New password is saved."));
$this->redirect(array("profile"));
}
}
if (isset($this->location)) {
$this->render('frontend.views.profile.changepassword', array('model' => $model));
} else {
$this->render('changepassword', array('model' => $model));
}
}
}
/**
* Authenticates a user.
* The example implementation makes sure if the username and password
* are both 'demo'.
* In practical applications, this should be changed to authenticate
* against some persistent user identity storage (e.g. database).
* @return boolean whether authentication succeeds.
*/
public function authenticate()
{
if (strpos($this->username, "@")) {
$user = User::model()->notsafe()->findByAttributes(array('email' => $this->username));
} else {
$user = User::model()->notsafe()->findByAttributes(array('username' => $this->username));
}
if ($user === null) {
if (strpos($this->username, "@")) {
$this->errorCode = self::ERROR_EMAIL_INVALID;
} else {
$this->errorCode = self::ERROR_USERNAME_INVALID;
}
} else {
if (!PasswordHelper::verifyPassword($this->password, $user->password)) {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
} else {
if ($user->status == 0 && Yii::app()->getModule('user')->loginNotActiv == false) {
$this->errorCode = self::ERROR_STATUS_NOTACTIV;
} else {
if ($user->status == -1) {
$this->errorCode = self::ERROR_STATUS_BAN;
} else {
$this->_id = $user->id;
$this->username = $user->username;
$this->errorCode = self::ERROR_NONE;
}
}
}
}
return !$this->errorCode;
}
/**
* Activation user account
*/
public function actionActivation()
{
$email = $_GET['email'];
$activkey = $_GET['activkey'];
$view = '/user/message';
if (isset($this->location)) {
$view = 'frontend.views.user.message';
}
if ($email && $activkey) {
$find = User::model()->notsafe()->findByAttributes(array('email' => $email));
if (isset($find) && $find->status) {
$this->render($view, array('title' => UserModule::t("User activation"), 'content' => UserModule::t("Your account is active.")));
} elseif (isset($find->activkey) && $find->activkey == $activkey) {
$find->activkey = PasswordHelper::hashPassword(microtime());
$find->status = 1;
$find->save();
//$this->render('/user/message',array('title'=>UserModule::t("User activation"),'content'=>UserModule::t("You account is activated.")));
Yii::app()->user->setFlash('activateMessage', UserModule::t("Your account has been activated."));
$this->redirect(Yii::app()->controller->module->loginUrl);
} else {
$this->render($view, array('title' => UserModule::t("User activation"), 'content' => UserModule::t("Incorrect activation URL.")));
}
} else {
$this->render($view, array('title' => UserModule::t("User activation"), 'content' => UserModule::t("Incorrect activation URL.")));
}
}
public function actionCreate()
{
$model = new Staff();
$profile = new Profile();
$this->performAjaxValidation(array($model, $profile), 'staff-form');
if (isset($_POST['Staff'])) {
$model->attributes = $_POST['Staff'];
$profile->attributes = $_POST['Profile'];
$profile->user_id = 0;
if ($model->validate() && $profile->validate()) {
$realp = PasswordHelper::generateStrongPassword();
$model->password = $realp;
$model->activkey = PasswordHelper::hashPassword(microtime() . $model->password);
$model->password = PasswordHelper::hashPassword($model->password);
$model->status = 0;
if ($model->save()) {
$profile->user_id = $model->id;
$profile->save();
if (!empty($_POST['Profile']['group_id'])) {
foreach ($_POST['Profile']['group_id'] as $groupid) {
$userGroup = new UserGroup();
$userGroup->profile_id = $model->id;
$userGroup->group_id = $groupid;
$userGroup->save();
}
}
$passwordHistory = new PasswordHistory();
$passwordHistory->profile_id = $model->id;
$passwordHistory->password = $model->password;
$passwordHistory->save();
if (Yii::app()->getModule('user')->sendActivationMail) {
$activation_url = $this->createAbsoluteUrl('/user/activation', array("activkey" => $model->activkey, "email" => $model->email));
UserModule::sendMail($model->email, UserModule::t("Your {site_name} account has been created", array('{site_name}' => Yii::app()->name)), UserModule::t("To activate your account, go to <a href='{activation_url}'>{activation_url}</a>.<br/><br/>Username: "******"<br/>Password: "******"<br/>", array('{activation_url}' => $activation_url)));
}
if (Yii::app()->getRequest()->getIsAjaxRequest()) {
$this->renderPartial('_view', array('model' => $model, 'profile' => $profile), false, true);
Yii::app()->end();
}
$this->redirect(array('view', 'id' => $model->id));
} else {
Yii::app()->user->setFlash(TbHtml::ALERT_COLOR_ERROR, 'An error occured while trying to create new user, please try again.');
if (Yii::app()->getRequest()->getIsAjaxRequest()) {
$this->renderPartial('_form', array('model' => $model, 'profile' => $profile), false, true);
Yii::app()->end();
}
$this->render('create', array('model' => $model, 'profile' => $profile));
}
} else {
$profile->validate();
}
}
if (Yii::app()->getRequest()->getIsAjaxRequest()) {
$this->renderPartial('_form', array('model' => $model, 'profile' => $profile), false, true);
Yii::app()->end();
}
$this->render('create', array('model' => $model, 'profile' => $profile));
}
/**
* Returns the JavaScript needed for performing client-side validation.
* @param CModel $object the data object being validated
* @param string $attribute the name of the attribute to be validated.
* @return string the client-side validation script.
* @see CActiveForm::enableClientValidation
*/
public function clientValidateAttribute($object, $attribute)
{
$phis = new PasswordHistory();
$passes = $phis->getHistory(Yii::app()->user->id);
$condition = "1==2";
foreach ($passes as $pass) {
$value = $object->{$attribute};
if (PasswordHelper::verifyPassword($value, $pass->password)) {
$condition = "1==1";
$this->addError($object, $attribute, 'You can not use a password which you have already used!');
break;
}
}
return "\n\tif(" . $condition . ") {\n\t\tmessages.push(" . CJSON::encode('your password is too weak, you fool!') . ");\n\t}\n\t";
}
/**
* Creates a new model.
* If creation is successful, the browser will be redirected to the 'view' page.
*/
public function actionCreate()
{
$model = new Customer();
$profile = new Profile();
$address = new CheckoutAddress();
//Yii::app()->session['cid'] = '';
$this->performAjaxValidation(array($model, $profile), 'customer-form');
if (isset($_POST['Customer'])) {
$model->attributes = $_POST['Customer'];
$profile->attributes = $_POST['Profile'];
$profile->user_id = 0;
if ($model->validate() && $profile->validate() && $this->validateAddress()) {
$realp = PasswordHelper::generateStrongPassword();
$model->password = $realp;
$model->activkey = PasswordHelper::hashPassword(microtime() . $model->password);
$model->password = PasswordHelper::hashPassword($model->password);
$model->status = 0;
$model->type = 1;
if ($model->save()) {
Yii::app()->session['cid'] = $model->id;
$profile->user_id = $model->id;
$profile->save();
if (!empty($_POST['Customer']['c_group_id'])) {
foreach ($_POST['Customer']['c_group_id'] as $groupid) {
$customerGroup = new CustomerCGroup();
$customerGroup->user_id = $model->id;
$customerGroup->c_group_id = $groupid;
$customerGroup->save();
}
}
$passwordHistory = new PasswordHistory();
$passwordHistory->profile_id = $model->id;
$passwordHistory->password = $model->password;
$passwordHistory->save();
foreach ($this->_address as $address) {
$address->user_id = $model->id;
$address->save();
}
if (Yii::app()->getModule('user')->sendActivationMail) {
$activation_url = $this->createAbsoluteUrl('/user/activation', array("activkey" => $model->activkey, "email" => $model->email));
UserModule::sendMail($model->email, UserModule::t("Your {site_name} account has been created", array('{site_name}' => Yii::app()->name)), UserModule::t("To activate your account, go to <a href='{activation_url}'>{activation_url}</a>.<br/><br/>Username: "******"<br/>Password: "******"<br/>", array('{activation_url}' => $activation_url)));
}
Yii::app()->user->setFlash(TbHtml::ALERT_COLOR_SUCCESS, Yii::t('info', 'Customer was successfully created'));
$this->renderPartial('_view', array('model' => $model, 'profile' => $profile, 'address' => $this->_address), false, true);
Yii::app()->end();
} else {
Yii::app()->user->setFlash(TbHtml::ALERT_COLOR_ERROR, Yii::t('info', 'An error occurred while trying to create new customer, please try again.'));
/*$this->render('create',array(
'model'=>$model,
'profile'=>$profile,
));*/
}
} else {
$profile->validate();
$this->validateAddress();
//echo GxActiveForm::validateMultiple(array($model,$profile,$address));
//Yii::app()->end();
}
}
if (Yii::app()->getRequest()->getIsAjaxRequest()) {
$this->renderPartial('_form_address', array('model' => $model, 'profile' => $profile, 'address' => $this->_address), false, true);
Yii::app()->end();
}
$this->render('create', array('model' => $model, 'profile' => $profile, 'address' => $this->_address));
}
/**
* Recovery password
*/
public function actionRecovery()
{
$form = new UserRecoveryForm();
if (Yii::app()->user->id) {
$this->redirect(Yii::app()->controller->module->returnUrl);
} else {
$email = isset($_GET['email']) ? $_GET['email'] : '';
$activkey = isset($_GET['activkey']) ? $_GET['activkey'] : '';
if ($email && $activkey) {
$form2 = new UserChangePassword();
$find = User::model()->notsafe()->findByAttributes(array('email' => $email));
if (isset($find) && $find->activkey == $activkey) {
if (isset($_POST['UserChangePassword'])) {
$form2->attributes = $_POST['UserChangePassword'];
if ($form2->validate()) {
$find->password = PasswordHelper::hashPassword($form2->password);
$find->activkey = PasswordHelper::hashPassword(microtime() . $form2->password);
$find->password_update_time = date('Y-m-d H:i:s');
if ($find->status == 0) {
$find->status = 1;
}
$find->save();
$passwordHistory = new PasswordHistory();
$passwordHistory->profile_id = $find->id;
$passwordHistory->password = $find->password;
$passwordHistory->save();
Yii::app()->user->setFlash('recoveryMessage', UserModule::t("Your password has been changed. Please login with your new password."));
$this->redirect(Yii::app()->controller->module->loginUrl);
}
}
if (isset($this->location)) {
$this->render('frontend.views.recovery.changepassword', array('form' => $form2));
} else {
$this->render('changepassword', array('form' => $form2));
}
} else {
Yii::app()->user->setFlash('recoveryMessage', UserModule::t("Incorrect recovery link."));
$this->redirect(Yii::app()->controller->module->recoveryUrl);
}
} else {
if (isset($_POST['UserRecoveryForm'])) {
$form->attributes = $_POST['UserRecoveryForm'];
if ($form->validate()) {
$user = User::model()->notsafe()->findbyPk($form->user_id);
$activation_url = 'http://' . $_SERVER['HTTP_HOST'] . $this->createUrl(implode(Yii::app()->controller->module->recoveryUrl), array("activkey" => $user->activkey, "email" => $user->email));
$subject = UserModule::t("You have requested password recovery for {site_name}", array('{site_name}' => Yii::app()->name));
$message = UserModule::t("You have requested password recovery for {site_name}. To change your password, click <a href='{$activation_url}'>here</a> or copy and paste this link into your browser: {$activation_url}", array('{site_name}' => Yii::app()->name, '{activation_url}' => $activation_url));
UserModule::sendMail($user->email, $subject, $message);
//echo $message.'here';
Yii::app()->user->setFlash('recoveryMessage', UserModule::t("Please check your email, the reset link was sent to your email address."));
$this->refresh();
}
}
if (isset($this->location)) {
$this->render('frontend.views.recovery.recovery', array('form' => $form));
} else {
$this->render('recovery', array('form' => $form));
}
}
}
}
/**
* Registration user
*/
public function actionRegistration()
{
Profile::$regMode = true;
$model = new RegistrationForm();
$profile = new Profile();
// ajax validator
if (isset($_POST['ajax']) && $_POST['ajax'] === 'registration-form') {
echo UActiveForm::validate(array($model, $profile));
Yii::app()->end();
}
if (Yii::app()->user->id) {
$this->redirect(Yii::app()->controller->module->profileUrl);
} else {
if (isset($_POST['RegistrationForm'])) {
$model->attributes = $_POST['RegistrationForm'];
$profile->attributes = isset($_POST['Profile']) ? $_POST['Profile'] : array();
if ($model->validate() && $profile->validate()) {
//$soucePassword = $model->password;
//$realp = PasswordHelper::generateStrongPassword();
//$model->password = $realp;
$model->activkey = UserModule::encrypting(microtime() . $model->password);
$model->password = PasswordHelper::hashPassword($model->password);
$model->verifyPassword = $model->password;
$model->superuser = 0;
$model->type = 1;
$model->status = Yii::app()->controller->module->activeAfterRegister ? User::STATUS_ACTIVE : User::STATUS_NOACTIVE;
if ($model->save()) {
$profile->user_id = $model->id;
$profile->save();
if (Yii::app()->controller->module->sendActivationMail) {
$activation_url = $this->createAbsoluteUrl('/user/activation/activation', array("activkey" => $model->activkey, "email" => $model->email));
$name = $_POST['Profile']['first_name'] . ' ' . $_POST['Profile']['last_name'];
UserModule::sendMail($model->email, UserModule::t("You registered from {site_name}", array('{site_name}' => Yii::app()->name)), UserModule::t("<div style='border: 1px solid #FCC32A;border-radius:5px;box-shadow:1px 5px 5px;background-color:#FFFFEE;'><div style='background-color:#333;border-radius:5px;padding:10px;'><img src='http://yorshop.com/img/main_logo.png' style='float:left'/><h2 style='color: #FFF;width:70%;margin-left:15%;'>Successful Registration</h2><hr/></div><div style='padding:10px;'><p><strong>Dear {name},</strong></p><p>Thank you for registering at <a href='{site_url}' target='blank'>{site_name}</a>.</p><p>Please activate your account by clicking: <a href='{activation_url}' target='blank'>{activation_url}</a> or copy and paste it in your browser.</p><p><a href='{site_url}' target='blank' ><img src='http://yorshop.com/img/form_submit.png'/></a></p></div><div style='padding:0px 10px 0px;'><p>If you need any assistance or have any inquiry or suggestion, feel free to contact our customer service team at <a href='mailto:info@yorshop.com'>info@yorshop.com</a> or call us at <strong>0700 967 7467</strong> between 8am and 10pm on weekdays and 9am to 6pm on weekends, we would be happy to guide you.</p> <address>Thank You!<br/>Your Yorshop Team</address></div></div>", array('{activation_url}' => $activation_url, '{name}' => $name, '{site_name}' => Yii::app()->name, '{site_url}' => UtilityHelper::yiiparam('site_name'))));
}
if ((Yii::app()->controller->module->loginNotActiv || Yii::app()->controller->module->activeAfterRegister && Yii::app()->controller->module->sendActivationMail == false) && Yii::app()->controller->module->autoLogin) {
$identity = new UserIdentity($model->username, $soucePassword);
$identity->authenticate();
Yii::app()->user->login($identity, 0);
$this->redirect(Yii::app()->controller->module->returnUrl);
} else {
if (!Yii::app()->controller->module->activeAfterRegister && !Yii::app()->controller->module->sendActivationMail) {
Yii::app()->user->setFlash('registration', UserModule::t("Thank you for your registration. Contact Admin to activate your account."));
} elseif (Yii::app()->controller->module->activeAfterRegister && Yii::app()->controller->module->sendActivationMail == false) {
Yii::app()->user->setFlash('registration', UserModule::t("Thank you for your registration. Please {{login}}.", array('{{login}}' => CHtml::link(UserModule::t('Login'), Yii::app()->controller->module->loginUrl))));
} elseif (Yii::app()->controller->module->loginNotActiv) {
Yii::app()->user->setFlash('registration', UserModule::t("Thank you for your registration. Please check your email or login."));
} else {
Yii::app()->user->setFlash('registration', UserModule::t("Thank you for your registration. Please check your email."));
}
$this->refresh();
}
}
} else {
$profile->validate();
}
}
if (isset($this->location)) {
$this->render('frontend.views.user.registration', array('model' => $model, 'profile' => $profile));
} else {
$this->render('/user/registration', array('model' => $model, 'profile' => $profile));
}
}
}
/**
* Verify Old Password
*/
public function verifyOldPassword($attribute, $params)
{
if (!PasswordHelper::verifyPassword($this->{$attribute}, User::model()->notsafe()->findByPk(Yii::app()->user->id)->password)) {
$this->addError($attribute, UserModule::t("Old Password is incorrect."));
}
}
<?php
#
# Neechy Password View
#
require_once '../core/handlers/password/php/helper.php';
$t = $this;
# templater object
$t->append_to_head($t->css_link($t->css_href('form.css')));
$validator = $t->data('form-validator');
$helper = new PasswordHelper();
# General vars
$post_url = NeechyPath::url('change', 'password');
?>
<div class="password handler">
<h2>Password</h2>
<div id="neechy-pass" class="row">
<div id="neechy-login" class="well-sm col-xs-offset-1 col-xs-5">
<?php
echo $helper->open_form($post_url);
?>
<h3>Change Password</h2>
<?php
echo $helper->password_group('old-password', 'Old Password', true, $validator);
?>
<?php
echo $helper->password_group('new-password', 'New Password (8 chars min)', false, $validator);
?>
<?php
echo $helper->password_group('new-password-confirm', 'New Password (confirm)', false, $validator);
