/**
* Create an account
*
* @return void
*/
public function action_create()
{
$this->template->content = View::factory('pages/login/create')->bind('form_name', $form_name)->bind('form_nickname', $form_nickname)->bind('errors', $errors);
$email = $this->request->param('email');
$token = $this->request->param('token');
$user = ORM::factory('user', array('email' => $email));
if ($user->loaded()) {
$this->template->content = View::factory('pages/login/landing');
$this->template->content->errors = array(__('Email is already registered'));
$this->template->header->meta = '<meta HTTP-EQUIV="REFRESH" content="5; url=' . URL::site() . '">';
return;
} else {
// To retun user entered values in case of errors
$form_name = $this->request->post('name');
$form_nickname = $this->request->post('nickname');
}
if ($this->request->post() and !$user->loaded()) {
$post = Model_Auth_User::get_password_validation($this->request->post())->rule('name', 'not_empty')->rule('nickname', 'not_empty')->rule('nickname', 'alpha_dash');
if (!$post->check()) {
$errors = $post->errors('user');
} else {
// RiverID validation
if ($this->riverid_auth) {
$riverid_api = RiverID_API::instance();
$resp = $riverid_api->set_password($email, $token, $this->request->post('password'));
if (!$resp['status']) {
$errors = array($resp['error']);
}
} else {
// ORM auth validation
$token = Model_Auth_Token::get_token($token, 'new_registration');
if (!$token) {
$errors = array(__('Error'));
} else {
$data = json_decode($token->data);
$token->delete();
if ($email != $data->email) {
// The email in the request does not match
// the email in the token
$errors = array(__('Invalid email'));
}
}
}
// Is the nickname taken?
$nickname = strtolower($this->request->post('nickname'));
$account = ORM::factory('account', array('account_path' => $nickname));
if ($account->loaded()) {
$errors = array(__('Nickname is already taken'));
}
}
if (!$errors) {
// User entry
$user = ORM::factory('user');
$user->username = $user->email = $email;
$user->name = $this->request->post('name');
if (!$this->riverid_auth) {
// Password only needed locally for ORM auth
$user->password = $this->request->post('password');
}
$user->save();
// Account entry
$nickname = strtolower($this->request->post('nickname'));
$user->account->account_path = $nickname;
$user->account->user_id = $user->id;
$user->account->save();
// Allow the user be able to login immediately
$login_role = ORM::factory('role', array('name' => 'login'));
$user->add('roles', $login_role);
$user->save();
// Auto login
Auth::instance()->login($user->username, $this->request->post('password'), FALSE);
// Show a message and redirect to swift
$this->template->content = View::factory('pages/login/landing');
$this->template->content->messages = array(__('Account was created successfuly.'));
$this->template->header->meta = '<meta HTTP-EQUIV="REFRESH" content="5; url=' . URL::site() . '">';
}
}
}
private function _update_settings()
{
// Validate current password
$validated = FALSE;
$current_password = $_POST['current_password'];
if ($this->riverid_auth) {
$response = RiverID_API::instance()->signin($this->user->email, $_POST['current_password']);
$validated = ($response and $response['status']);
} else {
$validated = Auth::instance()->hash($current_password) == $this->user->password;
}
if (!$validated) {
$this->errors = __('Current password is incorrect');
return;
}
$messages = array();
// Password is changing and we are using RiverID authentication
if (!empty($_POST['password']) or !empty($_POST['password_confirm'])) {
$post = Model_Auth_User::get_password_validation($_POST);
if (!$post->check()) {
$this->errors = $post->errors('user');
return;
}
// Are we using RiverID?
if ($this->riverid_auth) {
$resp = RiverID_API::instance()->change_password($this->user->email, $_POST['current_password'], $_POST['password']);
if (!$resp['status']) {
$this->errors = $resp['error'];
return;
}
// For API calls below, use this new password
$current_password = $_POST['password'];
unset($_POST['password'], $_POST['password_confirm']);
}
}
// Email address is changing
if ($_POST['email'] != $this->user->email) {
$new_email = $_POST['email'];
if (!Valid::email($new_email)) {
$this->errors = __('Invalid email address');
return;
}
if ($this->riverid_auth) {
// RiverID email change process
$mail_body = View::factory('emails/changeemail')->bind('secret_url', $secret_url);
$secret_url = url::site('login/changeemail/' . urlencode($this->user->email) . '/' . urlencode($new_email) . '/%token%', TRUE, TRUE);
$site_email = Kohana::$config->load('useradmin.email_address');
$mail_subject = __(':sitename: Email Change', array(':sitename' => Model_Setting::get_setting('site_name')));
$resp = RiverID_API::instance()->change_email($this->user->email, $new_email, $current_password, $mail_body, $mail_subject, $site_email);
if (!$resp['status']) {
$this->errors = $resp['error'];
return;
}
} else {
// Make sure the new email address is not yet registered
$user = ORM::factory('user', array('email' => $new_email));
if ($user->loaded()) {
$this->errors = __('The new email address has already been registered');
return;
}
$auth_token = Model_Auth_Token::create_token('change_email', array('new_email' => $new_email, 'old_email' => $this->user->email));
if ($auth_token->loaded()) {
// Send an email with a secret token URL
$mail_body = View::factory('emails/changeemail')->bind('secret_url', $secret_url);
$secret_url = URL::site('login/changeemail/' . urlencode($this->user->email) . '/' . urlencode($new_email) . '/' . $auth_token->token, TRUE, TRUE);
// Send email to the user using the new address
$mail_subject = __(':sitename: Email Change', array(':sitename' => Model_Setting::get_setting('site_name')));
Swiftriver_Mail::send($new_email, $mail_subject, $mail_body);
} else {
$this->errors = __('Error');
return;
}
$messages[] = __("A confirmation email has been sent to :email", array(':email' => $new_email));
}
// Don't change email address immediately.
// Only do so after the tokens sent above are validated
unset($_POST['email']);
}
// END if - email address change
// Nickname is changing
if ($_POST['nickname'] != $this->user->account->account_path) {
$nickname = $_POST['nickname'];
// Make sure the account path is not already taken
$account = ORM::factory('account', array('account_path' => $nickname));
if ($account->loaded()) {
$this->errors = __('Nickname is already taken');
return;
}
// Update
$this->user->account->account_path = $nickname;
$this->user->account->save();
}
$this->user->update_user($_POST, array('name', 'password', 'email'));
$messages[] = __("Account settings were saved successfully.");
Session::instance()->set("messages", $messages);
$this->request->redirect(URL::site($this->user->account->account_path . '/settings'));
}
