/** * Set new password for current user. * * @since 2.0.0 * @access public */ public function password() { $this->permission('Garden.SignIn.Allow'); // Don't allow password editing if using SSO Connect ONLY. // This is for security. We encountered the case where a customer charges // for membership using their external application and use SSO to let // their customers into Vanilla. If you allow those people to change their // password in Vanilla, they will then be able to log into Vanilla using // Vanilla's login form regardless of the state of their membership in the // external app. if (c('Garden.Registration.Method') == 'Connect') { Gdn::dispatcher()->dispatch('DefaultPermission'); exit; } Gdn::userModel()->addPasswordStrength($this); // Get user data and set up form $this->getUserInfo(); $this->Form->setModel($this->UserModel); $this->addDefinition('Username', $this->User->Name); if ($this->Form->authenticatedPostBack() === true) { $this->Form->setFormValue('UserID', $this->User->UserID); $this->UserModel->defineSchema(); // $this->UserModel->Validation->AddValidationField('OldPassword', $this->Form->formValues()); // No password may have been set if they have only signed in with a connect plugin if (!$this->User->HashMethod || $this->User->HashMethod == "Vanilla") { $this->UserModel->Validation->applyRule('OldPassword', 'Required'); $this->UserModel->Validation->applyRule('OldPassword', 'OldPassword', 'Your old password was incorrect.'); } $this->UserModel->Validation->applyRule('Password', 'Required'); $this->UserModel->Validation->applyRule('Password', 'Strength'); $this->UserModel->Validation->applyRule('Password', 'Match'); if ($this->Form->save()) { $this->informMessage(sprite('Check', 'InformSprite') . t('Your password has been changed.'), 'Dismissable AutoDismiss HasSprite'); $this->Form->clearInputs(); Logger::event('password_change', Logger::INFO, '{InsertName} changed password.'); } else { Logger::event('password_change_failure', Logger::INFO, '{InsertName} failed to change password.', array('Error' => $this->Form->errorString())); } } $this->title(t('Change My Password')); $this->_setBreadcrumbs(t('Change My Password'), '/profile/password'); $this->render(); }
/** * * * @param bool $UserID * @throws Exception * @throws Gdn_UserException */ public function sso($UserID = false) { $this->permission('Garden.Users.Edit'); $ProviderModel = new Gdn_AuthenticationProviderModel(); $Form = new Gdn_Form(); if ($this->Request->isAuthenticatedPostBack()) { // Make sure everything has been posted. $Form->validateRule('ClientID', 'ValidateRequired'); $Form->validateRule('UniqueID', 'ValidateRequired'); if (!validateRequired($Form->getFormValue('Username')) && !validateRequired($Form->getFormValue('Email'))) { $Form->addError('Username or Email is required.'); } $Provider = $ProviderModel->getProviderByKey($Form->getFormValue('ClientID')); if (!$Provider) { $Form->addError(sprintf('%1$s "%2$s" not found.', t('Provider'), $Form->getFormValue('ClientID'))); } if ($Form->errorCount() > 0) { throw new Gdn_UserException($Form->errorString()); } // Grab the user. $User = false; if ($Email = $Form->getFormValue('Email')) { $User = Gdn::userModel()->GetByEmail($Email); } if (!$User && ($Username = $Form->getFormValue('Username'))) { $User = Gdn::userModel()->GetByUsername($Username); } if (!$User) { throw new Gdn_UserException(sprintf(t('User not found.'), strtolower(t(UserModel::SigninLabelCode()))), 404); } // Validate the user's password. $PasswordHash = new Gdn_PasswordHash(); $Password = $this->Form->getFormValue('Password', null); if ($Password !== null && !$PasswordHash->CheckPassword($Password, val('Password', $User), val('HashMethod', $User))) { throw new Gdn_UserException(t('Invalid password.'), 401); } // Okay. We've gotten this far. Let's save the authentication. $User = (array) $User; Gdn::userModel()->saveAuthentication(array('UserID' => $User['UserID'], 'Provider' => $Form->getFormValue('ClientID'), 'UniqueID' => $Form->getFormValue('UniqueID'))); $Row = Gdn::userModel()->getAuthentication($Form->getFormValue('UniqueID'), $Form->getFormValue('ClientID')); if ($Row) { $this->setData('Result', $Row); } else { throw new Gdn_UserException(t('There was an error saving the data.')); } } else { $User = Gdn::userModel()->getID($UserID); if (!$User) { throw notFoundException('User'); } $Result = Gdn::sql()->select('ua.ProviderKey', '', 'ClientID')->select('ua.ForeignUserKey', '', 'UniqueID')->select('ua.UserID')->select('p.Name')->select('p.AuthenticationSchemeAlias', '', 'Type')->from('UserAuthentication ua')->join('UserAuthenticationProvider p', 'ua.ProviderKey = p.AuthenticationKey')->where('UserID', $UserID)->get()->resultArray(); $this->setData('Result', $Result); } $this->render('Blank', 'Utility', 'Dashboard'); }
/** * Mobile Themes management screen. * * @since 2.2.10.3 * @access public * @param string $ThemeName Unique ID. * @param string $TransientKey Security token. */ public function mobileThemes($ThemeName = '', $TransientKey = '') { $IsMobile = true; $this->addJsFile('addons.js'); $this->addJsFile('addons.js'); $this->setData('Title', t('Mobile Themes')); $this->permission('Garden.Settings.Manage'); $this->addSideMenu('dashboard/settings/mobilethemes'); // Get currently enabled theme. $EnabledThemeName = Gdn::ThemeManager()->MobileTheme(); $ThemeInfo = Gdn::themeManager()->getThemeInfo($EnabledThemeName); $this->setData('EnabledThemeInfo', $ThemeInfo); $this->setData('EnabledThemeFolder', val('Folder', $ThemeInfo)); $this->setData('EnabledTheme', $ThemeInfo); $this->setData('EnabledThemeName', val('Name', $ThemeInfo, val('Index', $ThemeInfo))); // Get all themes. $Themes = Gdn::themeManager()->availableThemes(); // Filter themes. foreach ($Themes as $ThemeKey => $ThemeData) { // Only show mobile themes. if (empty($ThemeData['IsMobile'])) { unset($Themes[$ThemeKey]); } // Remove themes that are archived if (!empty($ThemeData['Archived'])) { unset($Themes[$ThemeKey]); } } uasort($Themes, array('SettingsController', '_NameSort')); $this->setData('AvailableThemes', $Themes); // Process self-post. if ($ThemeName != '' && Gdn::session()->validateTransientKey($TransientKey)) { try { $ThemeInfo = Gdn::themeManager()->getThemeInfo($ThemeName); if ($ThemeInfo === false) { throw new Exception(sprintf(t("Could not find a theme identified by '%s'"), $ThemeName)); } Gdn::session()->setPreference(array('PreviewThemeName' => '', 'PreviewThemeFolder' => '')); // Clear out the preview Gdn::themeManager()->enableTheme($ThemeName, $IsMobile); $this->EventArguments['ThemeName'] = $ThemeName; $this->EventArguments['ThemeInfo'] = $ThemeInfo; $this->fireEvent('AfterEnableTheme'); } catch (Exception $Ex) { $this->Form->addError($Ex); } $AsyncRequest = $this->deliveryType() === DELIVERY_TYPE_VIEW ? true : false; if ($this->Form->errorCount() == 0) { if ($AsyncRequest) { echo 'Success'; $this->render('Blank', 'Utility', 'Dashboard'); exit; } else { redirect('/settings/mobilethemes'); } } else { if ($AsyncRequest) { echo $this->Form->errorString(); $this->render('Blank', 'Utility', 'Dashboard'); exit; } } } $this->render(); }