/**
* Attempt to find and authenticate member if possible from the given data
*
* @param array $data
* @param Form $form
* @param bool &$success Success flag
* @return Member Found member, regardless of successful login
*/
protected static function authenticate_member($data, $form, &$success)
{
// Default success to false
$success = false;
// Attempt to identify by temporary ID
$member = null;
$email = null;
if (!empty($data['tempid'])) {
// Find user by tempid, in case they are re-validating an existing session
$member = Member::member_from_tempid($data['tempid']);
if ($member) {
$email = $member->Email;
}
}
// Otherwise, get email from posted value instead
/** @skipUpgrade */
if (!$member && !empty($data['Email'])) {
$email = $data['Email'];
}
// Check default login (see Security::setDefaultAdmin())
$asDefaultAdmin = $email === Security::default_admin_username();
if ($asDefaultAdmin) {
// If logging is as default admin, ensure record is setup correctly
$member = Member::default_admin();
$success = !$member->isLockedOut() && Security::check_default_admin($email, $data['Password']);
//protect against failed login
if ($success) {
return $member;
}
}
// Attempt to identify user by email
if (!$member && $email) {
// Find user by email
$member = Member::get()->filter(Member::config()->unique_identifier_field, $email)->first();
}
// Validate against member if possible
if ($member && !$asDefaultAdmin) {
$result = $member->checkPassword($data['Password']);
$success = $result->valid();
} else {
$result = new ValidationResult(false, _t('Member.ERRORWRONGCRED'));
}
// Emit failure to member and form (if available)
if (!$success) {
if ($member) {
$member->registerFailedLogin();
}
if ($form) {
$form->sessionMessage($result->message(), 'bad');
}
} else {
if ($member) {
$member->registerSuccessfulLogin();
}
}
return $member;
}
public function testGetStateWithFormMessages()
{
$fields = new FieldList();
$actions = new FieldList();
$form = new Form(new Controller(), 'TestForm', $fields, $actions);
$form->sessionMessage('All saved', 'good');
$formSchema = new FormSchema();
$expected = ['id' => 'Form_TestForm', 'fields' => [['id' => 'Form_TestForm_SecurityID', 'value' => $form->getSecurityToken()->getValue(), 'data' => [], 'message' => null, 'name' => 'SecurityID']], 'messages' => [['value' => ['html' => 'All saved'], 'type' => 'good']], 'valid' => null];
$state = $formSchema->getState($form);
$this->assertInternalType('array', $state);
$this->assertJsonStringEqualsJsonString(json_encode($expected), json_encode($state));
}
/**
* @param Form $form
* @param string $message
*/
protected function setFormMessage($form, $message)
{
$form->sessionMessage($message, 'good', false);
$controller = $this->getToplevelController();
if ($controller->hasMethod('getEditForm')) {
$backForm = $controller->getEditForm();
$backForm->sessionMessage($message, 'good', false);
}
}
/**
* Imports the submitted CSV file based on specifications given in
* {@link self::model_importers}.
* Redirects back with a success/failure message.
*
* @todo Figure out ajax submission of files via jQuery.form plugin
*
* @param array $data
* @param Form $form
* @param HTTPRequest $request
* @return bool|HTTPResponse
*/
public function import($data, $form, $request)
{
if (!$this->showImportForm || is_array($this->showImportForm) && !in_array($this->modelClass, $this->showImportForm)) {
return false;
}
$importers = $this->getModelImporters();
/** @var BulkLoader $loader */
$loader = $importers[$this->modelClass];
// File wasn't properly uploaded, show a reminder to the user
if (empty($_FILES['_CsvFile']['tmp_name']) || file_get_contents($_FILES['_CsvFile']['tmp_name']) == '') {
$form->sessionMessage(_t('ModelAdmin.NOCSVFILE', 'Please browse for a CSV file to import'), 'good');
$this->redirectBack();
return false;
}
if (!empty($data['EmptyBeforeImport']) && $data['EmptyBeforeImport']) {
//clear database before import
$loader->deleteExistingRecords = true;
}
$results = $loader->load($_FILES['_CsvFile']['tmp_name']);
$message = '';
if ($results->CreatedCount()) {
$message .= _t('ModelAdmin.IMPORTEDRECORDS', "Imported {count} records.", array('count' => $results->CreatedCount()));
}
if ($results->UpdatedCount()) {
$message .= _t('ModelAdmin.UPDATEDRECORDS', "Updated {count} records.", array('count' => $results->UpdatedCount()));
}
if ($results->DeletedCount()) {
$message .= _t('ModelAdmin.DELETEDRECORDS', "Deleted {count} records.", array('count' => $results->DeletedCount()));
}
if (!$results->CreatedCount() && !$results->UpdatedCount()) {
$message .= _t('ModelAdmin.NOIMPORT', "Nothing to import");
}
$form->sessionMessage($message, 'good');
return $this->redirectBack();
}
/**
* @param array $data
* @param Form $form
* @param HTTPRequest $request
* @return DBHTMLText
*/
public function doEdit(array $data, Form $form, HTTPRequest $request)
{
// Check form field state
if ($this->parent->isDisabled() || $this->parent->isReadonly()) {
return $this->httpError(403);
}
// Check item permissions
$item = $this->getItem();
if (!$item) {
return $this->httpError(404);
}
if ($item instanceof Folder) {
return $this->httpError(403);
}
if (!$item->canEdit()) {
return $this->httpError(403);
}
$form->saveInto($item);
$item->write();
$form->sessionMessage(_t('UploadField.Saved', 'Saved'), 'good');
return $this->edit($request);
}
/**
* @param array $data
* @param Form $form
* @return HTTPResponse
*/
public function doDelete($data, $form)
{
$title = $this->record->Title;
try {
if (!$this->record->canDelete()) {
throw new ValidationException(_t('GridFieldDetailForm.DeletePermissionsFailure', "No delete permissions"), 0);
}
$this->record->delete();
} catch (ValidationException $e) {
$form->sessionMessage($e->getResult()->message(), 'bad', false);
return $this->getToplevelController()->redirectBack();
}
$message = sprintf(_t('GridFieldDetailForm.Deleted', 'Deleted %s %s'), $this->record->i18n_singular_name(), htmlspecialchars($title, ENT_QUOTES));
$toplevelController = $this->getToplevelController();
if ($toplevelController && $toplevelController instanceof LeftAndMain) {
$backForm = $toplevelController->getEditForm();
$backForm->sessionMessage($message, 'good', false);
} else {
$form->sessionMessage($message, 'good', false);
}
//when an item is deleted, redirect to the parent controller
$controller = $this->getToplevelController();
$controller->getRequest()->addHeader('X-Pjax', 'Content');
// Force a content refresh
return $controller->redirect($this->getBackLink(), 302);
//redirect back to admin section
}
