/** * @Request({"user", "key"}) * @Response("extension://system/views/user/reset/confirm.razr") */ public function confirmAction($username = "", $activation = "") { if (empty($username) or empty($activation) or !($user = $this->users->where(compact('username', 'activation'))->first())) { $this['message']->error(__('Invalid key.')); return $this->redirect('/'); } if ($user->isBlocked()) { $this['message']->error(__('Your account has not been activated or is blocked.')); return $this->redirect('/'); } if ('POST' === $this['request']->getMethod()) { try { if (!$this['csrf']->validate($this['request']->request->get('_csrf'))) { throw new Exception(__('Invalid token. Please try again.')); } $password = $this['request']->request->get('password'); if (empty($password)) { throw new Exception(__('Enter password.')); } if ($password != trim($password)) { throw new Exception(__('Invalid password.')); } $user->setPassword($this['auth.password']->hash($password)); $user->setActivation(null); $this->users->save($user); $this['message']->success(__('Your password has been reset.')); return $this->redirect('/'); } catch (Exception $e) { $this['message']->error($e->getMessage()); } } return ['head.title' => __('Reset Confirm'), 'username' => $username, 'activation' => $activation]; }
/** * @Request({"id": "int", "user": "******", "password", "roles": "array"}, csrf=true) * @Response("json") */ public function saveAction($id, $data, $password, $roles = null) { try { // is new ? if (!($user = $this->users->find($id))) { if ($id) { throw new Exception(__('User not found.')); } if (empty($password)) { throw new Exception(__('Password required.')); } $user = new User(); $user->setRegistered(new \DateTime()); } $self = $this->user->getId() == $user->getId(); if ($self && $user->isBlocked()) { throw new Exception(__('Unable to block yourself.')); } $name = trim(@$data['username']); $email = trim(@$data['email']); if (strlen($name) < 3 || !preg_match('/^[a-zA-Z0-9_\\-]+$/', $name)) { throw new Exception(__('Username is invalid.')); } if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { throw new Exception(__('Email is invalid.')); } if ($this->users->where(['id <> :id'], compact('id'))->where(function ($query) use($name) { $query->orWhere(['username = :username', 'email = :username'], ['username' => $name]); })->first()) { throw new Exception(__('Username not available.')); } if ($this->users->where(['id <> :id'], compact('id'))->where(function ($query) use($email) { $query->orWhere(['username = :email', 'email = :email'], ['email' => $email]); })->first()) { throw new Exception(__('Email not available.')); } $data['username'] = $name; $data['email'] = $email; if ($email != $user->getEmail()) { $user->set('verified', false); } if (!empty($password)) { $user->setPassword($this['auth.password']->hash($password)); } if ($this->user->hasAccess('system: manage user permissions')) { if ($self && $user->hasRole(RoleInterface::ROLE_ADMINISTRATOR) && (!$roles || !in_array(RoleInterface::ROLE_ADMINISTRATOR, $roles))) { $roles[] = RoleInterface::ROLE_ADMINISTRATOR; } $user->setRoles($roles ? $this->roles->query()->whereIn('id', $roles)->get() : []); } $this->users->save($user, $data); return ['message' => $id ? __('User saved.') : __('User created.'), 'user' => $this->getInfo($user)]; } catch (Exception $e) { return ['error' => $e->getMessage()]; } }
/** * @Request({"user": "******"}, csrf=true) */ public function saveAction($data) { if (!$this->user->isAuthenticated()) { $this->getApplication()->abort(404); } try { $user = $this->users->find($this->user->getId()); $name = trim(@$data['name']); $email = trim(@$data['email']); $passNew = @$data['password_new']; $passOld = @$data['password_old']; if (strlen($name) < 3) { throw new Exception(__('Name is invalid.')); } if (!filter_var($email, FILTER_VALIDATE_EMAIL)) { throw new Exception(__('Email is invalid.')); } if ($this->users->where(['email = ?', 'id <> ?'], [$email, $user->getId()])->first()) { throw new Exception(__('Email not available.')); } if ($passNew) { if (!$this['auth']->getUserProvider()->validateCredentials($this->user, ['password' => $passOld])) { throw new Exception(__('Invalid Password.')); } if (trim($passNew) != $passNew || strlen($passNew) < 3) { throw new Exception(__('New Password is invalid.')); } $user->setPassword($this['auth.password']->hash($passNew)); } if ($email != $user->getEmail()) { $user->set('verified', false); } $user->setName($name); $user->setEmail($email); $this['events']->dispatch('system.user.profile.save', new ProfileSaveEvent($user, $data)); $this->users->save($user); $this['events']->dispatch('system.user.profile.saved', new ProfileSaveEvent($user, $data)); $this['message']->success(__('Profile updated.')); } catch (Exception $e) { $this['message']->error($e->getMessage()); } return $this->redirect('@system/profile'); }
/** * @Request({"user", "key"}) */ public function activateAction($username, $activation) { if (empty($username) or empty($activation) or !($user = $this->users->where(['username' => $username, 'activation' => $activation, 'status' => UserInterface::STATUS_BLOCKED, 'access IS NULL'])->first())) { $this['message']->error(__('Invalid key.')); return $this->redirect('/'); } if ($admin = $this['option']->get('system:user.registration') == 'approval' and !$user->get('verified')) { $user->setActivation($this['auth.random']->generateString(32)); $this->sendApproveMail($user); $this['message']->success(__('Your email has been verified. Once an administrator approves your account, you will be notified by email.')); } else { $user->set('verified', true); $user->setStatus(UserInterface::STATUS_ACTIVE); $user->setActivation(''); $this->sendWelcomeEmail($user); if ($admin) { $this['message']->success(__('The user\'s account has been activated and the user has been notified about it.')); } else { $this['message']->success(__('Your account has been activated.')); } } $this->users->save($user); return $this->redirect('@system/auth/login'); }