Exemplo n.º 1
0
 /**
  * Sets a user's password once they've verified they have access to their email.
  *
  * @throws HttpException|Exception
  * @return null
  */
 public function actionSetPassword()
 {
     if (craft()->userSession->isLoggedIn()) {
         craft()->userSession->logout();
     }
     $code = craft()->request->getRequiredParam('code');
     $id = craft()->request->getRequiredParam('id');
     $user = craft()->users->getUserByUid($id);
     if ($user) {
         $isCodeValid = craft()->users->isVerificationCodeValidForUser($user, $code);
     }
     if (!$user || !$isCodeValid) {
         throw new HttpException('200', Craft::t('Invalid verification code.'));
     }
     $url = craft()->config->getSetPasswordPath($code, $id, $user);
     if (craft()->request->isPostRequest()) {
         $newPassword = craft()->request->getRequiredPost('newPassword');
         $passwordModel = new PasswordModel();
         $passwordModel->password = $newPassword;
         if ($passwordModel->validate()) {
             $user->newPassword = $newPassword;
             if (craft()->users->changePassword($user)) {
                 // Do we need to auto-login?
                 if (craft()->config->get('autoLoginAfterAccountActivation') === true) {
                     craft()->userSession->impersonate($user->id);
                 }
                 // If the user can't access the CP, then send them to the front-end setPasswordSuccessPath.
                 if (!$user->can('accessCp')) {
                     $setPasswordSuccessPath = craft()->config->getLocalized('setPasswordSuccessPath');
                     $url = UrlHelper::getSiteUrl($setPasswordSuccessPath);
                 } else {
                     $postCpLoginRedirect = craft()->config->get('postCpLoginRedirect');
                     $url = UrlHelper::getCpUrl($postCpLoginRedirect);
                 }
                 $this->redirect($url);
             }
         }
         craft()->userSession->setNotice(Craft::t('Couldn’t update password.'));
         $this->_processSetPasswordPath($user);
         $errors = array();
         $errors = array_merge($errors, $user->getErrors('newPassword'));
         $errors = array_merge($errors, $passwordModel->getErrors('password'));
         $this->renderTemplate($url, array('errors' => $errors, 'code' => $code, 'id' => $id, 'newUser' => $user->password ? false : true));
     } else {
         $this->_processSetPasswordPath($user);
         $this->renderTemplate($url, array('code' => $code, 'id' => $id, 'newUser' => $user->password ? false : true));
     }
 }
Exemplo n.º 2
0
 /**
  * Sets a user record up for a new password without saving it.
  *
  * @param UserModel  $user                        The user who is getting a new password.
  * @param UserRecord $userRecord                  The user’s record.
  * @param bool       $updatePasswordResetRequired Whether the user’s
  *                                                {@link UserModel::passwordResetRequired passwordResetRequired}
  *                                                attribute should be set `false`. Default is `true`.
  * @param bool       $forceDifferentPassword      Whether to force a new password to be different from any existing
  *                                                password.
  *
  * @return bool
  */
 private function _setPasswordOnUserRecord(UserModel $user, UserRecord $userRecord, $updatePasswordResetRequired = true, $forceDifferentPassword = false)
 {
     // Validate the password first
     $passwordModel = new PasswordModel();
     $passwordModel->password = $user->newPassword;
     $validates = false;
     // If it's a new user AND we allow public registration, set it on the 'password' field and not 'newpassword'.
     if (!$user->id && craft()->systemSettings->getSetting('users', 'allowPublicRegistration')) {
         $passwordErrorField = 'password';
     } else {
         $passwordErrorField = 'newPassword';
     }
     if ($passwordModel->validate()) {
         if ($forceDifferentPassword) {
             // See if the passwords are the same.
             if (craft()->security->checkPassword($user->newPassword, $userRecord->password)) {
                 $user->addErrors(array($passwordErrorField => Craft::t('That password is the same as your old password. Please choose a new one.')));
             } else {
                 $validates = true;
             }
         } else {
             $validates = true;
         }
         if ($validates) {
             // Fire an 'onBeforeSetPassword' event
             $event = new Event($this, array('password' => $user->newPassword, 'user' => $user));
             $this->onBeforeSetPassword($event);
             // Is the event is giving us the go-ahead?
             $validates = $event->performAction;
         }
     }
     if ($validates) {
         $hash = craft()->security->hashPassword($user->newPassword);
         $userRecord->password = $user->password = $hash;
         $userRecord->invalidLoginWindowStart = null;
         $userRecord->invalidLoginCount = $user->invalidLoginCount = null;
         $userRecord->verificationCode = null;
         $userRecord->verificationCodeIssuedDate = null;
         // If it's an existing user, reset the passwordResetRequired bit.
         if ($updatePasswordResetRequired && $user->id) {
             $userRecord->passwordResetRequired = $user->passwordResetRequired = false;
         }
         $userRecord->lastPasswordChangeDate = $user->lastPasswordChangeDate = DateTimeHelper::currentUTCDateTime();
         $user->newPassword = null;
         $success = true;
     } else {
         $user->addErrors(array($passwordErrorField => $passwordModel->getErrors('password')));
         $success = false;
     }
     if ($success) {
         // Fire an 'onSetPassword' event
         $this->onSetPassword(new Event($this, array('user' => $user)));
     }
     return $success;
 }
Exemplo n.º 3
0
 /**
  * Sets a user record up for a new password without saving it.
  *
  * @access private
  * @param UserModel $user
  * @param UserRecord $userRecord
  * @return bool
  */
 private function _setPasswordOnUserRecord(UserModel $user, UserRecord $userRecord)
 {
     // Validate the password first
     $passwordModel = new PasswordModel();
     $passwordModel->password = $user->newPassword;
     if ($passwordModel->validate()) {
         $hashAndType = craft()->security->hashString($user->newPassword);
         $userRecord->password = $user->password = $hashAndType['hash'];
         $userRecord->encType = $user->encType = $hashAndType['encType'];
         $userRecord->status = $user->status = UserStatus::Active;
         $userRecord->invalidLoginWindowStart = null;
         $userRecord->invalidLoginCount = $user->invalidLoginCount = null;
         $userRecord->verificationCode = null;
         $userRecord->verificationCodeIssuedDate = null;
         // If it's an existing user, reset the passwordResetRequired bit.
         if ($user->id) {
             $userRecord->passwordResetRequired = $user->passwordResetRequired = false;
         }
         $userRecord->lastPasswordChangeDate = $user->lastPasswordChangeDate = DateTimeHelper::currentUTCDateTime();
         $user->newPassword = null;
         return true;
     } else {
         // If it's a new user AND we allow public registration, set it on the 'password' field and not 'newpassword'.
         if (!$user->id && craft()->systemSettings->getSetting('users', 'allowPublicRegistration', false)) {
             $user->addErrors(array('password' => $passwordModel->getErrors('password')));
         } else {
             $user->addErrors(array('newPassword' => $passwordModel->getErrors('password')));
         }
         return false;
     }
 }