/**
* @param InputInterface $input
* @param OutputInterface $output
* @throws \Exception
* @return int|void
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$this->detectContao($output);
if ($this->initContao()) {
$dialog = $this->getHelperSet()->get('dialog');
if (($id = $input->getArgument('id')) == null) {
$id = $dialog->ask($output, '<question>Username or Email:</question>');
}
$user = \UserModel::findBy('username', $id);
if (!$user) {
$user = \UserModel::findBy('email', $id);
}
if (!$user) {
$output->writeln('<error>User was not found</error>');
return;
}
// Password
if (($password = $input->getArgument('password')) == null) {
$password = $dialog->ask($output, '<question>Password:</question>');
}
try {
$user->password = \Encryption::hash($password);
$user->save();
$output->writeln('<info>Password successfully changed</info>');
} catch (\Exception $e) {
$output->writeln('<error>' . $e->getMessage() . '</error>');
}
}
}
/**
* @param \Symfony\Component\Console\Input\InputInterface $input
* @param \Symfony\Component\Console\Output\OutputInterface $output
* @return int|void
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$this->detectContao($output, true);
if ($this->initContao()) {
// Username
if (($username = $input->getArgument('username')) === null) {
$dialog = $this->getHelperSet()->get('dialog');
$username = $dialog->ask($output, '<question>Username:</question>');
}
// Email
if (($email = $input->getArgument('email')) === null) {
$dialog = $this->getHelperSet()->get('dialog');
$email = $dialog->ask($output, '<question>Email:</question>');
}
// Password
if (($password = $input->getArgument('password')) === null) {
$dialog = $this->getHelperSet()->get('dialog');
$password = $dialog->ask($output, '<question>Password:</question>');
}
// Name
if (($name = $input->getArgument('name')) === null) {
$dialog = $this->getHelperSet()->get('dialog');
$name = $dialog->ask($output, '<question>Name:</question>');
}
// create new user
$user = new \UserModel();
$user->setRow(array('username' => $username, 'name' => $name, 'email' => $email, 'password' => \Encryption::hash($password), 'admin' => 1))->save();
$user->save();
$output->writeln('<info>User <comment>' . $username . '</comment> successfully created</info>');
}
}
/**
* Run the controller and parse the password template
*/
public function run()
{
/** @var \BackendTemplate|object $objTemplate */
$objTemplate = new \BackendTemplate('be_password');
if (\Input::post('FORM_SUBMIT') == 'tl_password') {
$pw = \Input::postUnsafeRaw('password');
$cnf = \Input::postUnsafeRaw('confirm');
// The passwords do not match
if ($pw != $cnf) {
\Message::addError($GLOBALS['TL_LANG']['ERR']['passwordMatch']);
} elseif (utf8_strlen($pw) < \Config::get('minPasswordLength')) {
\Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], \Config::get('minPasswordLength')));
} elseif ($pw == $this->User->username) {
\Message::addError($GLOBALS['TL_LANG']['ERR']['passwordName']);
} else {
// Make sure the password has been changed
if (\Encryption::verify($pw, $this->User->password)) {
\Message::addError($GLOBALS['TL_LANG']['MSC']['pw_change']);
} else {
$this->loadDataContainer('tl_user');
// Trigger the save_callback
if (is_array($GLOBALS['TL_DCA']['tl_user']['fields']['password']['save_callback'])) {
foreach ($GLOBALS['TL_DCA']['tl_user']['fields']['password']['save_callback'] as $callback) {
if (is_array($callback)) {
$this->import($callback[0]);
$pw = $this->{$callback[0]}->{$callback[1]}($pw);
} elseif (is_callable($callback)) {
$pw = $callback($pw);
}
}
}
$objUser = \UserModel::findByPk($this->User->id);
$objUser->pwChange = '';
$objUser->password = \Encryption::hash($pw);
$objUser->save();
\Message::addConfirmation($GLOBALS['TL_LANG']['MSC']['pw_changed']);
$this->redirect('' . $GLOBALS['TL_CONFIG']['backendPath'] . '/main.php');
}
}
$this->reload();
}
$objTemplate->theme = \Backend::getTheme();
$objTemplate->messages = \Message::generate();
$objTemplate->base = \Environment::get('base');
$objTemplate->language = $GLOBALS['TL_LANGUAGE'];
$objTemplate->title = specialchars($GLOBALS['TL_LANG']['MSC']['pw_new']);
$objTemplate->charset = \Config::get('characterSet');
$objTemplate->action = ampersand(\Environment::get('request'));
$objTemplate->headline = $GLOBALS['TL_LANG']['MSC']['pw_change'];
$objTemplate->submitButton = specialchars($GLOBALS['TL_LANG']['MSC']['continue']);
$objTemplate->password = $GLOBALS['TL_LANG']['MSC']['password'][0];
$objTemplate->confirm = $GLOBALS['TL_LANG']['MSC']['confirm'][0];
$objTemplate->output();
}
/**
* Run the controller and parse the password template
*/
public function run()
{
$this->Template = new BackendTemplate('be_password');
if (Input::post('FORM_SUBMIT') == 'tl_password') {
$pw = Input::post('password', true);
$cnf = Input::post('confirm', true);
// The passwords do not match
if ($pw != $cnf) {
Message::addError($GLOBALS['TL_LANG']['ERR']['passwordMatch']);
} elseif (utf8_strlen($pw) < $GLOBALS['TL_CONFIG']['minPasswordLength']) {
Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], $GLOBALS['TL_CONFIG']['minPasswordLength']));
} elseif ($pw == $this->User->username) {
Message::addError($GLOBALS['TL_LANG']['ERR']['passwordName']);
} else {
// Make sure the password has been changed
if (crypt($pw, $this->User->password) == $this->User->password) {
Message::addError($GLOBALS['TL_LANG']['MSC']['pw_change']);
} else {
$objUser = UserModel::findByPk($this->User->id);
$objUser->pwChange = '';
$objUser->password = Encryption::hash($pw);
$objUser->save();
Message::addConfirmation($GLOBALS['TL_LANG']['MSC']['pw_changed']);
$this->redirect('contao/main.php');
}
}
$this->reload();
}
$this->Template->theme = $this->getTheme();
$this->Template->messages = Message::generate();
$this->Template->base = Environment::get('base');
$this->Template->language = $GLOBALS['TL_LANGUAGE'];
$this->Template->title = specialchars($GLOBALS['TL_LANG']['MSC']['pw_new']);
$this->Template->charset = $GLOBALS['TL_CONFIG']['characterSet'];
$this->Template->action = ampersand(Environment::get('request'));
$this->Template->headline = $GLOBALS['TL_LANG']['MSC']['pw_change'];
$this->Template->submitButton = specialchars($GLOBALS['TL_LANG']['MSC']['continue']);
$this->Template->password = $GLOBALS['TL_LANG']['MSC']['password'][0];
$this->Template->confirm = $GLOBALS['TL_LANG']['MSC']['confirm'][0];
$this->Template->output();
}
/**
* @param null $dc
* @throws \Exception
*/
public function setAutoPassword($dc = null)
{
// Front end call
if (!$dc instanceof \DataContainer) {
return;
}
if ($this->isDisabledAccountMail($dc)) {
return;
}
$intId = $dc->id;
if (\Input::get('act') == 'overrideAll' && \Input::get('fields') && $intId === null) {
// Define indicator for given or not given password on overrideAll mode
if (!isset($GLOBALS['ACCOUNTMAIL']['AUTO_PASSWORD'])) {
$strPassword = $this->getPostPassword();
$GLOBALS['ACCOUNTMAIL']['AUTO_PASSWORD'] = $strPassword == '' || $strPassword == '*****' ? true : false;
if ($GLOBALS['ACCOUNTMAIL']['AUTO_PASSWORD'] === true) {
// Set password, that no error occurs with "password not set"
$strNewPassword = substr(str_shuffle('abcdefghkmnpqrstuvwxyzABCDEFGHKMNOPQRSTUVWXYZ0123456789'), 0, 8);
$this->setPostPassword($strNewPassword);
}
\Message::addConfirmation($GLOBALS['TL_LANG']['MSC']['pw_changed']);
}
return;
}
$strPassword = $this->getPostPassword($intId);
if ($strPassword !== null && $strPassword == '') {
$strModel = \Model::getClassFromTable($dc->table);
$objAccount = $strModel::findByPk($intId);
if ($objAccount !== null) {
$strNewPassword = substr(str_shuffle('abcdefghkmnpqrstuvwxyzABCDEFGHKMNOPQRSTUVWXYZ0123456789'), 0, 8);
$this->setPostPassword($strNewPassword, $intId);
\Message::addConfirmation($GLOBALS['TL_LANG']['MSC']['pw_changed']);
$objAccount->password = \Encryption::hash($strNewPassword);
$objAccount->save();
}
}
}
/**
* Create an admin user
*/
protected function createAdminUser()
{
try {
$objAdmin = $this->Database->execute("SELECT COUNT(*) AS count FROM tl_user WHERE admin=1");
if ($objAdmin->count > 0) {
$this->Template->adminCreated = true;
} elseif (\Input::post('FORM_SUBMIT') == 'tl_admin') {
// Do not allow special characters in usernames
if (preg_match('/[#()\\/<=>]/', \Input::post('username', true))) {
$this->Template->usernameError = $GLOBALS['TL_LANG']['ERR']['extnd'];
} elseif (strpos(\Input::post('username', true), ' ') !== false) {
$this->Template->usernameError = sprintf($GLOBALS['TL_LANG']['ERR']['noSpace'], $GLOBALS['TL_LANG']['MSC']['username']);
} elseif (!\Validator::isEmail(\Input::post('email', true))) {
$this->Template->emailError = $GLOBALS['TL_LANG']['ERR']['email'];
} elseif (\Input::post('pass', true) != \Input::post('confirm_pass', true)) {
$this->Template->passwordError = $GLOBALS['TL_LANG']['ERR']['passwordMatch'];
} elseif (utf8_strlen(\Input::post('pass', true)) < \Config::get('minPasswordLength')) {
$this->Template->passwordError = sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], \Config::get('minPasswordLength'));
} elseif (\Input::post('pass', true) == \Input::post('username', true)) {
$this->Template->passwordError = $GLOBALS['TL_LANG']['ERR']['passwordName'];
} elseif (\Input::post('name') != '' && \Input::post('email', true) != '' && \Input::post('username', true) != '') {
$time = time();
$strPassword = \Encryption::hash(\Input::post('pass', true));
$this->Database->prepare("INSERT INTO tl_user (tstamp, name, email, username, password, language, backendTheme, admin, showHelp, useRTE, useCE, thumbnails, dateAdded) VALUES ({$time}, ?, ?, ?, ?, ?, ?, 1, 1, 1, 1, 1, {$time})")->execute(\Input::post('name'), \Input::post('email', true), \Input::post('username', true), $strPassword, str_replace('-', '_', $GLOBALS['TL_LANGUAGE']), \Config::get('backendTheme'));
\Config::persist('adminEmail', \Input::post('email', true));
// Scan the upload folder (see #6134)
if ($this->Database->tableExists('tl_files') && $this->Database->query("SELECT COUNT(*) AS count FROM tl_files")->count < 1) {
$this->import('Database\\Updater', 'Updater');
$this->Updater->scanUploadFolder();
}
$this->reload();
}
$this->Template->adminName = \Input::post('name');
$this->Template->adminEmail = \Input::post('email', true);
$this->Template->adminUser = \Input::post('username', true);
}
} catch (\Exception $e) {
$this->Template->adminCreated = false;
}
}
public static function updatePersonalInfo($info)
{
global $CFG;
if (!($CFG->session_active && ($CFG->token_verified || $CFG->email_2fa_verified))) {
return false;
}
if (!is_array($info)) {
return false;
}
$update['pass'] = !empty($info['pass']) ? preg_replace($CFG->pass_regex, "", $info['pass']) : false;
//$update['first_name'] = preg_replace("/[^\pL a-zA-Z0-9@\s\._-]/u", "",$info['first_name']);
//$update['last_name'] = preg_replace("/[^\pL a-zA-Z0-9@\s\._-]/u", "",$info['last_name']);
//$update['country'] = preg_replace("/[^0-9]/", "",$info['country']);
$update['email'] = preg_replace("/[^0-9a-zA-Z@\\.\\!#\$%\\&\\*+_\\~\\?\\-]/", "", $info['email']);
$update['default_currency'] = preg_replace("/[^0-9]/", "", $info['default_currency']);
if (!$update['pass']) {
unset($update['pass']);
}
if (!empty($update['pass']) && mb_strlen($update['pass'], 'utf-8') < $CFG->pass_min_chars || !$update['email']) {
return false;
}
self::deleteCache();
if ($CFG->session_id) {
$sql = "DELETE FROM sessions WHERE user_id = " . User::$info['id'] . " AND session_id != {$CFG->session_id}";
db_query($sql);
$sql = "DELETE FROM change_settings WHERE site_user = " . User::$info['id'];
db_query($sql);
}
if (!empty($update['pass'])) {
$update['pass'] = Encryption::hash($update['pass']);
}
return db_update('site_users', User::$info['id'], $update);
}
protected function createNewUser($arrData)
{
$arrData['tstamp'] = time();
$arrData['login'] = $this->reg_allowLogin;
$arrData['activation'] = md5(uniqid(mt_rand(), true));
$arrData['dateAdded'] = $arrData['tstamp'];
$pw = $this->getRandomPassword(6);
$arrData['password'] = \Encryption::hash($pw["clear"]);
$arrData['username'] = strtolower($arrData['email']);
$arrData['email'] = strtolower($arrData['email']);
// Set default groups
if (!array_key_exists('groups', $arrData)) {
$arrData['groups'] = $this->reg_groups;
}
// // Disable account
// $arrData['disable'] = 1;
// Send activation e-mail
if ($this->reg_activate) {
$arrChunks = array();
$strConfirmation = $this->reg_text;
preg_match_all('/##[^#]+##/', $strConfirmation, $arrChunks);
foreach ($arrChunks[0] as $strChunk) {
$strKey = substr($strChunk, 2, -2);
switch ($strKey) {
case 'domain':
$strConfirmation = str_replace($strChunk, \Idna::decode(\Environment::get('host')), $strConfirmation);
break;
case 'gen_pw':
$strConfirmation = str_replace($strChunk, $pw["clear"], $strConfirmation);
break;
case 'link':
$strConfirmation = str_replace($strChunk, \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $arrData['activation'], $strConfirmation);
break;
// HOOK: support newsletter subscriptions
// HOOK: support newsletter subscriptions
case 'channel':
case 'channels':
if (!in_array('newsletter', \ModuleLoader::getActive())) {
break;
}
// Make sure newsletter is an array
if (!is_array($arrData['newsletter'])) {
if ($arrData['newsletter'] != '') {
$arrData['newsletter'] = array($arrData['newsletter']);
} else {
$arrData['newsletter'] = array();
}
}
// Replace the wildcard
if (!empty($arrData['newsletter'])) {
$objChannels = \NewsletterChannelModel::findByIds($arrData['newsletter']);
if ($objChannels !== null) {
$strConfirmation = str_replace($strChunk, implode("\n", $objChannels->fetchEach('title')), $strConfirmation);
}
} else {
$strConfirmation = str_replace($strChunk, '', $strConfirmation);
}
break;
default:
$strConfirmation = str_replace($strChunk, $arrData[$strKey], $strConfirmation);
break;
}
}
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['emailSubject'], \Idna::decode(\Environment::get('host')));
$objEmail->text = $strConfirmation;
$objEmail->sendTo($arrData['email']);
}
// Make sure newsletter is an array
if (isset($arrData['newsletter']) && !is_array($arrData['newsletter'])) {
$arrData['newsletter'] = array($arrData['newsletter']);
}
// Create the user
$objNewUser = new \MemberModel();
$objNewUser->setRow($arrData);
$objNewUser->save();
$insertId = $objNewUser->id;
// Assign home directory
if ($this->reg_assignDir) {
$objHomeDir = \FilesModel::findByUuid($this->reg_homeDir);
if ($objHomeDir !== null) {
$this->import('Files');
$strUserDir = standardize($arrData['username']) ?: 'user_' . $insertId;
// Add the user ID if the directory exists
while (is_dir(TL_ROOT . '/' . $objHomeDir->path . '/' . $strUserDir)) {
$strUserDir .= '_' . $insertId;
}
// Create the user folder
new \Folder($objHomeDir->path . '/' . $strUserDir);
$objUserDir = \FilesModel::findByPath($objHomeDir->path . '/' . $strUserDir);
// Save the folder ID
$objNewUser->assignDir = 1;
$objNewUser->homeDir = $objUserDir->uuid;
$objNewUser->save();
}
}
// HOOK: send insert ID and user data
if (isset($GLOBALS['TL_HOOKS']['createNewUser']) && is_array($GLOBALS['TL_HOOKS']['createNewUser'])) {
foreach ($GLOBALS['TL_HOOKS']['createNewUser'] as $callback) {
$this->import($callback[0]);
$this->{$callback}[0]->{$callback}[1]($insertId, $arrData, $this);
}
}
// Inform admin if no activation link is sent
if (!$this->reg_activate) {
$this->sendAdminNotification($insertId, $arrData);
}
// Check whether there is a jumpTo page
if (($objJumpTo = $this->objModel->getRelated('jumpTo')) !== null) {
$this->jumpToOrReload($objJumpTo->row());
}
$this->reload();
}
/**
* Validate input and set value
*
* @param mixed $varInput
*
* @return string
*/
protected function validator($varInput)
{
$this->blnSubmitInput = false;
if (($varInput == '' || $varInput == '*****') && $this->varValue != '') {
return '*****';
}
if (utf8_strlen($varInput) < \Config::get('minPasswordLength')) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], \Config::get('minPasswordLength')));
}
if ($varInput != $this->getPost($this->strName . '_confirm')) {
$this->addError($GLOBALS['TL_LANG']['ERR']['passwordMatch']);
}
if ($varInput == $GLOBALS['TL_USERNAME']) {
$this->addError($GLOBALS['TL_LANG']['ERR']['passwordName']);
}
$varInput = parent::validator($varInput);
if (!$this->hasErrors()) {
$this->blnSubmitInput = true;
\Message::addConfirmation($GLOBALS['TL_LANG']['MSC']['pw_changed']);
return \Encryption::hash($varInput);
}
return '';
}
/**
* Try to login the current user
*
* @return boolean True if the user could be logged in
*/
public function login()
{
\System::loadLanguageFile('default');
// Do not continue if username or password are missing
if (empty($_POST['username']) || empty($_POST['password'])) {
return false;
}
// Load the user object
if ($this->findBy('username', \Input::post('username', true)) == false) {
$blnLoaded = false;
// HOOK: pass credentials to callback functions
if (isset($GLOBALS['TL_HOOKS']['importUser']) && is_array($GLOBALS['TL_HOOKS']['importUser'])) {
foreach ($GLOBALS['TL_HOOKS']['importUser'] as $callback) {
$this->import($callback[0], 'objImport', true);
$blnLoaded = $this->objImport->{$callback[1]}(\Input::post('username', true), \Input::postUnsafeRaw('password'), $this->strTable);
// Load successfull
if ($blnLoaded === true) {
break;
}
}
}
// Return if the user still cannot be loaded
if (!$blnLoaded || $this->findBy('username', \Input::post('username', true)) == false) {
\Message::addError($GLOBALS['TL_LANG']['ERR']['invalidLogin']);
$this->log('Could not find user "' . \Input::post('username', true) . '"', __METHOD__, TL_ACCESS);
return false;
}
}
$time = time();
// Set the user language
if (\Input::post('language')) {
$this->language = \Input::post('language');
}
// Lock the account if there are too many login attempts
if ($this->loginCount < 1) {
$this->locked = $time;
$this->loginCount = \Config::get('loginCount');
$this->save();
// Add a log entry and the error message, because checkAccountStatus() will not be called (see #4444)
$this->log('User "' . $this->username . '" has been locked for ' . ceil(\Config::get('lockPeriod') / 60) . ' minutes', __METHOD__, TL_ACCESS);
\Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['accountLocked'], ceil(($this->locked + \Config::get('lockPeriod') - $time) / 60)));
// Send admin notification
if (\Config::get('adminEmail') != '') {
$objEmail = new \Email();
$objEmail->subject = $GLOBALS['TL_LANG']['MSC']['lockedAccount'][0];
$objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['lockedAccount'][1], $this->username, TL_MODE == 'FE' ? $this->firstname . " " . $this->lastname : $this->name, \Idna::decode(\Environment::get('base')), ceil(\Config::get('lockPeriod') / 60));
$objEmail->sendTo(\Config::get('adminEmail'));
}
return false;
}
// Check the account status
if ($this->checkAccountStatus() == false) {
return false;
}
// The password has been generated with crypt()
if (\Encryption::test($this->password)) {
$blnAuthenticated = \Encryption::verify(\Input::postUnsafeRaw('password'), $this->password);
} else {
list($strPassword, $strSalt) = explode(':', $this->password);
$blnAuthenticated = $strSalt == '' ? $strPassword === sha1(\Input::postUnsafeRaw('password')) : $strPassword === sha1($strSalt . \Input::postUnsafeRaw('password'));
// Store a SHA-512 encrpyted version of the password
if ($blnAuthenticated) {
$this->password = \Encryption::hash(\Input::postUnsafeRaw('password'));
}
}
// HOOK: pass credentials to callback functions
if (!$blnAuthenticated && isset($GLOBALS['TL_HOOKS']['checkCredentials']) && is_array($GLOBALS['TL_HOOKS']['checkCredentials'])) {
foreach ($GLOBALS['TL_HOOKS']['checkCredentials'] as $callback) {
$this->import($callback[0], 'objAuth', true);
$blnAuthenticated = $this->objAuth->{$callback[1]}(\Input::post('username', true), \Input::postUnsafeRaw('password'), $this);
// Authentication successfull
if ($blnAuthenticated === true) {
break;
}
}
}
// Redirect if the user could not be authenticated
if (!$blnAuthenticated) {
--$this->loginCount;
$this->save();
\Message::addError($GLOBALS['TL_LANG']['ERR']['invalidLogin']);
$this->log('Invalid password submitted for username "' . $this->username . '"', __METHOD__, TL_ACCESS);
return false;
}
$this->setUserFromDb();
// Update the record
$this->lastLogin = $this->currentLogin;
$this->currentLogin = $time;
$this->loginCount = \Config::get('loginCount');
$this->save();
// Generate the session
$this->generateSession();
$this->log('User "' . $this->username . '" has logged in', __METHOD__, TL_ACCESS);
// HOOK: post login callback
if (isset($GLOBALS['TL_HOOKS']['postLogin']) && is_array($GLOBALS['TL_HOOKS']['postLogin'])) {
foreach ($GLOBALS['TL_HOOKS']['postLogin'] as $callback) {
$this->import($callback[0], 'objLogin', true);
$this->objLogin->{$callback[1]}($this);
}
}
return true;
}
/**
* Validate input and set value
*
* @param mixed $varInput The user input
*
* @return mixed The validated user input
*/
protected function validator($varInput)
{
$this->blnSubmitInput = false;
if (!strlen($varInput) && (strlen($this->varValue) || !$this->mandatory)) {
return '';
}
if (utf8_strlen($varInput) < \Config::get('minPasswordLength')) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], \Config::get('minPasswordLength')));
}
if ($varInput != $this->getPost($this->strName . '_confirm')) {
$this->addError($GLOBALS['TL_LANG']['ERR']['passwordMatch']);
}
$varInput = parent::validator($varInput);
if (!$this->hasErrors()) {
$this->blnSubmitInput = true;
return \Encryption::hash($varInput);
}
return '';
}
protected function registerUser($username)
{
if (utf8_strlen(\Input::post('password')) < \Config::get('minPasswordLength')) {
$_SESSION['LOGIN_ERROR'] = sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], \Config::get('minPasswordLength'));
return;
}
$arrData = array('username' => $username, 'password' => \Encryption::hash(\Input::post('password')), 'email' => $username);
// clean up previous registrations
if (($objMember = MemberPlusMemberModel::findInactiveByUsername($username)) !== null) {
$objMember->delete();
}
// user with this username already exists
if (($objMember = MemberPlusMemberModel::findBy('username', $username)) !== null) {
$_SESSION['LOGIN_ERROR'] = $GLOBALS['TL_LANG']['MSC']['usernameTaken'];
return;
}
$_SESSION['LOGIN_INFO'] = sprintf($GLOBALS['TL_LANG']['MSC']['activationEmailSent'], $username);
$this->createNewUser($arrData);
}
/**
* Create an admin user
*/
protected function createAdminUser()
{
try {
$objAdmin = $this->Database->execute("SELECT COUNT(*) AS count FROM tl_user WHERE admin=1");
if ($objAdmin->count > 0) {
$this->Template->adminCreated = true;
} elseif (Input::post('FORM_SUBMIT') == 'tl_admin') {
// Do not allow special characters in usernames
if (preg_match('/[#\\(\\)\\/<=>]/', Input::post('username', true))) {
$this->Template->usernameError = $GLOBALS['TL_LANG']['ERR']['extnd'];
} elseif (strpos(Input::post('username', true), ' ') !== false) {
$this->Template->usernameError = sprintf($GLOBALS['TL_LANG']['ERR']['noSpace'], $GLOBALS['TL_LANG']['MSC']['username']);
} elseif (Input::post('pass', true) != Input::post('confirm_pass', true)) {
$this->Template->passwordError = $GLOBALS['TL_LANG']['ERR']['passwordMatch'];
} elseif (utf8_strlen(Input::post('pass', true)) < $GLOBALS['TL_CONFIG']['minPasswordLength']) {
$this->Template->passwordError = sprintf($GLOBALS['TL_LANG']['ERR']['passwordLength'], $GLOBALS['TL_CONFIG']['minPasswordLength']);
} elseif (Input::post('pass', true) == Input::post('username', true)) {
$this->Template->passwordError = $GLOBALS['TL_LANG']['ERR']['passwordName'];
} elseif (Input::post('name') != '' && Input::post('email', true) != '' && Input::post('username', true) != '') {
$time = time();
$strPassword = Encryption::hash(Input::post('pass', true));
$this->Database->prepare("INSERT INTO tl_user (tstamp, name, email, username, password, admin, showHelp, useRTE, useCE, thumbnails, dateAdded) VALUES ({$time}, ?, ?, ?, ?, 1, 1, 1, 1, 1, {$time})")->execute(Input::post('name'), Input::post('email', true), Input::post('username', true), $strPassword);
$this->Config->update("\$GLOBALS['TL_CONFIG']['adminEmail']", Input::post('email', true));
// Scan the upload folder
$this->import('Database\\Updater', 'Updater');
$this->Updater->scanUploadFolder();
$this->reload();
}
$this->Template->adminName = Input::post('name');
$this->Template->adminEmail = Input::post('email', true);
$this->Template->adminUser = Input::post('username', true);
}
} catch (Exception $e) {
$this->Template->adminCreated = false;
}
}
public static function savePassword($info)
{
global $CFG;
if (!$CFG->session_active || !is_array($info)) {
return false;
}
$status = false;
$errors = array();
$error_fields = array();
$invalid_login = false;
$info['pass'] = preg_replace($CFG->pass_regex, '', $info['pass']);
$info['pass1'] = preg_replace($CFG->pass_regex, '', $info['pass1']);
$info['current_pass'] = preg_replace($CFG->pass_regex, '', $info['current_pass']);
$invalid_pass = !Encryption::verify_hash($info['current_pass'], User::$info['pass']);
if ($invalid_pass) {
$errors[] = 'Su contraseña actual no es la correcta.';
$error_fields[] = 'current_pass';
}
if (!empty($info['pass']) && $info['pass'] != $info['pass1']) {
$errors[] = 'La contraseña no es idéntica a su verificación.';
$error_fields[] = 'pass';
$error_fields[] = 'pass1';
}
if (empty($info['pass']) || mb_strlen($info['pass'], 'utf-8') < $CFG->pass_min_chars) {
$errors[] = 'Su contraseña debe tener más de ' . $CFG->pass_min_chars . ' caracteres.';
$error_fields[] = 'pass';
}
if (count($errors) > 0) {
return array('errors' => $errors, 'error_fields' => $error_fields);
}
db_update('site_users', User::$info['id'], array('pass' => Encryption::hash($info['pass'])));
$email = SiteEmail::getRecord('update-password');
Email::send($CFG->contact_email, $info['email'], $email['title'], $CFG->form_email_from, false, $email['content'], $info);
return array('messages' => array('¡Su contraseña ha sido actualizada!'));
}
