/**
  * Password recovery routine. The User will receive an email with an
  * activation link. If clicked, he will be prompted to enter his new
  * password.
  */
 public function actionRecovery($email = null, $key = null)
 {
     $form = new YumPasswordRecoveryForm();
     if ($email != null && $key != null) {
         if ($profile = YumProfile::model()->find('email = :email', array('email' => $email))) {
             $user = $profile->user;
             if ($user->status <= 0) {
                 throw new CHttpException(403, 'User is not active');
             } else {
                 if ($user->activationKey == urldecode($key)) {
                     $passwordform = new YumUserChangePassword();
                     if (isset($_POST['YumUserChangePassword'])) {
                         $passwordform->attributes = $_POST['YumUserChangePassword'];
                         if ($passwordform->validate()) {
                             $user->setPassword($passwordform->password);
                             $user->activationKey = CPasswordHelper::hashPassword(microtime() . $passwordform->password, Yum::module()->passwordHashCost);
                             $user->save();
                             Yum::setFlash('Your new password has been saved.');
                             if (Yum::module('registration')->loginAfterSuccessfulRecovery) {
                                 $login = new YumUserIdentity($user->username, false);
                                 $login->authenticate(true);
                                 Yii::app()->user->login($login);
                                 $this->redirect(Yii::app()->homeUrl);
                             } else {
                                 $this->redirect(Yum::module()->loginUrl);
                             }
                         }
                     }
                     $this->render(Yum::module('registration')->changePasswordView, array('form' => $passwordform));
                     Yii::app()->end();
                 } else {
                     $form->addError('login_or_email', Yum::t('Invalid recovery key'));
                     Yum::log(Yum::t('Someone tried to recover a password, but entered a wrong recovery key. Email is {email}, associated user is {username} (id: {uid})', array('{email}' => $email, '{uid}' => $user->id, '{username}' => $user->username)));
                 }
             }
         }
     } else {
         if (isset($_POST['YumPasswordRecoveryForm'])) {
             $form->attributes = $_POST['YumPasswordRecoveryForm'];
             if ($form->validate()) {
                 if ($form->user instanceof YumUser) {
                     if ($form->user->status <= 0) {
                         throw new CHttpException(403, 'User is not active');
                     }
                     $form->user->generateActivationKey();
                     $recovery_url = $this->createAbsoluteUrl(Yum::module('registration')->recoveryUrl[0], array('key' => urlencode($form->user->activationKey), 'email' => $form->user->profile->email));
                     Yum::log(Yum::t('{username} successfully requested a new password in the password recovery form. A email with the password recovery url {recovery_url} has been sent to {email}', array('{email}' => $form->user->profile->email, '{recovery_url}' => $recovery_url, '{username}' => $form->user->username)));
                     $mail = array('from' => Yii::app()->params['adminEmail'], 'to' => $form->user->profile->email, 'subject' => 'You requested a new password', 'body' => strtr('You have requested a new password. Please use this URL to continue: {recovery_url}', array('{recovery_url}' => $recovery_url)));
                     $sent = YumMailer::send($mail);
                     Yum::setFlash('Instructions have been sent to you. Please check your email.');
                 } else {
                     Yum::log(Yum::t('A password has been requested, but no associated user was found in the database. Requested user/email is: {username}', array('{username}' => $form->login_or_email)));
                 }
                 $this->redirect(Yum::module()->loginUrl);
             }
         }
     }
     $this->render(Yum::module('registration')->recoverPasswordView, array('form' => $form));
 }
 public function loginByFacebook()
 {
     if (!Yum::module()->loginType & UserModule::LOGIN_BY_FACEBOOK) {
         throw new Exception('actionFacebook was called, but is not activated in application configuration');
     }
     Yii::app()->user->logout();
     Yii::import('application.modules.user.vendors.facebook.*');
     $facebook = new Facebook(Yum::module()->facebookConfig);
     $fb_uid = $facebook->getUser();
     if ($fb_uid) {
         $profile = YumProfile::model()->findByAttributes(array('facebook_id' => $fb_uid));
         $user = $profile ? YumUser::model()->findByPk($profile->user_id) : null;
         try {
             $fb_user = $facebook->api('/me');
             if (isset($fb_user['email'])) {
                 $profile = YumProfile::model()->findByAttributes(array('email' => $fb_user['email']));
             } else {
                 return false;
             }
             if ($user === null && $profile === null) {
                 // New account
                 $user = new YumUser();
                 $user->username = '******' . YumRegistrationForm::genRandomString(Yum::module()->usernameRequirements['maxLen'] - 3);
                 $user->password = YumUser::encrypt(YumUserChangePassword::createRandomPassword());
                 $user->activationKey = YumUser::encrypt(microtime() . $user->password);
                 $user->createtime = time();
                 $user->superuser = 0;
                 if ($user->save()) {
                     $profile = new YumProfile();
                     $profile->user_id = $user->id;
                     $profile->facebook_id = $fb_user['id'];
                     $profile->email = $fb_user['email'];
                     $profile->save(false);
                 }
             } else {
                 //No superuser account can log in using Facebook
                 $user = $profile->user;
                 if ($user->superuser) {
                     Yum::log('A superuser tried to login by facebook', 'error');
                     return false;
                 }
                 //Current account and FB account blending
                 $profile->facebook_id = $fb_uid;
                 $profile->save(false);
                 $user->username = '******' . YumRegistrationForm::genRandomString(Yum::module()->usernameRequirements['maxLen'] - 3);
                 $user->superuser = 0;
                 $user->save();
             }
             $identity = new YumUserIdentity($fb_uid, $user->id);
             $identity->authenticateFacebook(true);
             switch ($identity->errorCode) {
                 case YumUserIdentity::ERROR_NONE:
                     $duration = 3600 * 24 * 30;
                     //30 days
                     Yii::app()->user->login($identity, $duration);
                     Yum::log('User ' . $user->username . ' logged in via facebook');
                     return $user;
                     break;
                 case YumUserIdentity::ERROR_STATUS_INACTIVE:
                     $user->addError('status', Yum::t('Your account is not activated.'));
                     break;
                 case YumUserIdentity::ERROR_STATUS_BANNED:
                     $user->addError('status', Yum::t('Your account is blocked.'));
                     break;
                 case YumUserIdentity::ERROR_PASSWORD_INVALID:
                     Yum::log(Yum::t('Failed login attempt for {username} via facebook', array('{username}' => $user->username)), 'error');
                     $user->addError('status', Yum::t('Password incorrect.'));
                     break;
             }
             return false;
         } catch (FacebookApiException $e) {
             /* FIXME: Workaround for avoiding the 'Error validating access token.'
              * inmediatly after a user logs out. This is nasty. Any other
              * approach to solve this issue is more than welcomed.
              */
             Yum::log('Failed login attempt for ' . $user->username . ' via facebook', 'error');
             return false;
         }
     } else {
         return false;
     }
 }
 public function actionUpdate($id)
 {
     $user = $this->loadUser($id);
     $profile = false;
     if (Yum::hasModule('profile')) {
         $profile = $user->profile;
     }
     $passwordform = new YumUserChangePassword();
     if (isset($_POST['YumUser'])) {
         $user->attributes = $_POST['YumUser'];
         $user->validate();
         if ($profile && isset($_POST['YumProfile'])) {
             $profile->attributes = $_POST['YumProfile'];
         }
         if (!$user->hasErrors()) {
             if (isset($_POST['YumUser']['roles'])) {
                 $user->syncRoles($_POST['YumUser']['roles']);
             } else {
                 $user->syncRoles();
             }
             // Password change is requested ?
             if (isset($_POST['YumUserChangePassword']) && $_POST['YumUserChangePassword']['password'] != '') {
                 $passwordform->attributes = $_POST['YumUserChangePassword'];
                 if ($passwordform->validate()) {
                     $user->setPassword($_POST['YumUserChangePassword']['password']);
                 }
             }
             if (!$passwordform->hasErrors() && $user->save()) {
                 if (isset($profile) && $profile) {
                     $profile->save();
                 }
                 $this->redirect(array('admin'));
             }
         }
     }
     $this->render('update', array('user' => $user, 'passwordform' => $passwordform, 'profile' => $profile));
 }
Exemplo n.º 4
0
	public function actionUpdate() {
		$model = $this->loadUser();
		$passwordform = new YumUserChangePassword();

		if(isset($_POST['YumUser'])) {
			$model->attributes = $_POST['YumUser'];
			if(Yum::hasModule('role')) {
				Yii::import('application.modules.role.models.*');
				// Assign the roles and belonging Users to the model
				$model->roles = Relation::retrieveValues($_POST);
			}

			if(Yum::hasModule('profile')) {
				$profile = $model->profile;

				if(isset($_POST['YumProfile']) )
					$profile->attributes = $_POST['YumProfile'];
			}

			// Password change is requested ?
			if(isset($_POST['YumUserChangePassword'])
					&& $_POST['YumUserChangePassword']['password'] != '') {
				$passwordform->attributes = $_POST['YumUserChangePassword'];
				if($passwordform->validate())
					$model->setPassword($_POST['YumUserChangePassword']['password']);
			}

			if(!$passwordform->hasErrors() && $model->save()) {
				if(isset($profile)) 
					$profile->save();

				$this->redirect(array('//user/user/view', 'id' => $model->id));
			}
		}

		$this->render('update', array(
					'model'=>$model,
					'passwordform' =>$passwordform,
					'profile' => isset($profile) ? $profile : false,
					));
	}
	/**
	 * Password recovery routine. The User will receive an email with an
	 * activation link. If clicked, he will be prompted to enter his new
	 * password.
	 */
	public function actionRecovery($email = null, $key = null) {
		$form = new YumPasswordRecoveryForm;

		if ($email != null && $key != null) {
			if($profile = YumProfile::model()->find('email = :email', array(
							'email' =>  $email))) {
				$user = $profile->user;
				if($user->activationKey == $key) {
					$passwordform = new YumUserChangePassword;
					if (isset($_POST['YumUserChangePassword'])) {
						$passwordform->attributes = $_POST['YumUserChangePassword'];
						if ($passwordform->validate()) {
							$user->password = YumUser::encrypt($passwordform->password);
							$user->activationKey = YumUser::encrypt(microtime() . $passwordform->password);
							$user->save();
							Yum::setFlash('Your new password has been saved.');
							$this->redirect(Yum::module()->loginUrl);
						}
					}
					$this->render(
							Yum::module('registration')->changePasswordView, array(
								'form' => $passwordform));
					Yii::app()->end();
				} else {
					$form->addError('login_or_email', Yum::t('Invalid recovery key'));
					Yum::log(Yum::t(
								'Someone tried to recover a password, but entered a wrong recovery key. Email is {email}, associated user is {username} (id: {uid})', array(
									'{email}' => $email,
									'{uid}' => $user->id,
									'{username}' => $user->username)));
				}
			}
		} else {
			if (isset($_POST['YumPasswordRecoveryForm'])) {
				$form->attributes = $_POST['YumPasswordRecoveryForm'];

				if ($form->validate()) {
					Yum::setFlash(
							'Instructions have been sent to you. Please check your email.');

					if($form->user instanceof YumUser) {
						$form->user->generateActivationKey();
						$recovery_url = $this->createAbsoluteUrl(
								Yum::module('registration')->recoveryUrl[0], array(
									'key' => $form->user->activationKey,
									'email' => $form->user->profile->email));

						Yum::log(Yum::t(
									'{username} successfully requested a new password in the password recovery form. A email with the password recovery url {recovery_url} has been sent to {email}', array(
										'{email}' => $form->user->profile->email,
										'{recovery_url}' => $recovery_url,
										'{username}' => $form->user->username)));

						$content = YumTextSettings::model()->find(
								'language = :lang', array('lang' => Yii::app()->language));
						$sent = null;

						if (is_object($content)) {
							$mail = array(
									'from' => Yii::app()->params['adminEmail'],
									'to' => $form->user->profile->email,
									'subject' => $content->subject_email_registration,
									'body' => strtr($content->text_email_recovery, array(
											'{recovery_url}' => $recovery_url)),
									);
							$sent = YumMailer::send($mail);
						} else {
							throw new CException(Yum::t('The messages for your application language are not defined.'));
						}
					} else
						Yum::log(Yum::t(
									'A password has been requested, but no associated user was found in the database. Requested user/email is: {username}', array(
										'{username}' => $form->login_or_email)));
					$this->redirect(Yum::module()->loginUrl);
				}
			}
		}
		$this->render(Yum::module('registration')->recoverPasswordView, array(
					'form' => $form));

	}