/**
* Change the password
*
* @param array $data The user submitted data
* @return HTTPResponse
*/
public function doChangePassword(array $data)
{
if ($member = Member::currentUser()) {
// The user was logged in, check the current password
if (empty($data['OldPassword']) || !$member->checkPassword($data['OldPassword'])->valid()) {
$this->clearMessage();
$this->sessionMessage(_t('Member.ERRORPASSWORDNOTMATCH', "Your current password does not match, please try again"), "bad");
// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
return $this->controller->redirect($this->controller->Link('changepassword'));
}
}
if (!$member) {
if (Session::get('AutoLoginHash')) {
$member = Member::member_from_autologinhash(Session::get('AutoLoginHash'));
}
// The user is not logged in and no valid auto login hash is available
if (!$member) {
Session::clear('AutoLoginHash');
return $this->controller->redirect($this->controller->Link('login'));
}
}
// Check the new password
if (empty($data['NewPassword1'])) {
$this->clearMessage();
$this->sessionMessage(_t('Member.EMPTYNEWPASSWORD', "The new password can't be empty, please try again"), "bad");
// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
return $this->controller->redirect($this->controller->Link('changepassword'));
} else {
if ($data['NewPassword1'] == $data['NewPassword2']) {
$isValid = $member->changePassword($data['NewPassword1']);
if ($isValid->valid()) {
// Clear locked out status
$member->LockedOutUntil = null;
$member->FailedLoginCount = null;
$member->write();
if ($member->canLogIn()->valid()) {
$member->logIn();
}
// TODO Add confirmation message to login redirect
Session::clear('AutoLoginHash');
if (!empty($_REQUEST['BackURL']) && Director::is_site_url($_REQUEST['BackURL'])) {
$url = Director::absoluteURL($_REQUEST['BackURL']);
return $this->controller->redirect($url);
} else {
// Redirect to default location - the login form saying "You are logged in as..."
$redirectURL = HTTP::setGetVar('BackURL', Director::absoluteBaseURL(), $this->controller->Link('login'));
return $this->controller->redirect($redirectURL);
}
} else {
$this->clearMessage();
$this->sessionMessage(_t('Member.INVALIDNEWPASSWORD', "We couldn't accept that password: {password}", array('password' => nl2br("\n" . Convert::raw2xml($isValid->starredList())))), "bad", false);
// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
return $this->controller->redirect($this->controller->Link('changepassword'));
}
} else {
$this->clearMessage();
$this->sessionMessage(_t('Member.ERRORNEWPASSWORD', "You have entered your new password differently, try again"), "bad");
// redirect back to the form, instead of using redirectBack() which could send the user elsewhere.
return $this->controller->redirect($this->controller->Link('changepassword'));
}
}
}
/**
* Returns a link to the previous page, if the first page is not currently
* active.
*
* @return string
*/
public function PrevLink()
{
if ($this->NotFirstPage()) {
return HTTP::setGetVar($this->getPaginationGetVar(), $this->getPageStart() - $this->getPageLength());
}
}
/**
* Tests {@link HTTP::setGetVar()}
*/
public function testSetGetVar()
{
// Hackery to work around volatile URL formats in test invocation,
// and the inability of Director::absoluteBaseURL() to produce consistent URLs.
$origURI = $_SERVER['REQUEST_URI'];
$_SERVER['REQUEST_URI'] = 'relative/url/';
$this->assertContains('relative/url/?foo=bar', HTTP::setGetVar('foo', 'bar'), 'Omitting a URL falls back to current URL');
$_SERVER['REQUEST_URI'] = $origURI;
$this->assertEquals('relative/url?foo=bar', HTTP::setGetVar('foo', 'bar', 'relative/url'), 'Relative URL without existing query params');
$this->assertEquals('relative/url?baz=buz&foo=bar', HTTP::setGetVar('foo', 'bar', '/relative/url?baz=buz'), 'Relative URL with existing query params, and new added key');
$this->assertEquals('http://test.com/?foo=new&buz=baz', HTTP::setGetVar('foo', 'new', 'http://test.com/?foo=old&buz=baz'), 'Absolute URL without path and multipe existing query params, overwriting an existing parameter');
$this->assertContains('http://test.com/?foo=new', HTTP::setGetVar('foo', 'new', 'http://test.com/?foo=&foo=old'), 'Absolute URL and empty query param');
// http_build_query() escapes angular brackets, they should be correctly urldecoded by the browser client
$this->assertEquals('http://test.com/?foo%5Btest%5D=one&foo%5Btest%5D=two', HTTP::setGetVar('foo[test]', 'two', 'http://test.com/?foo[test]=one'), 'Absolute URL and PHP array query string notation');
$urls = array('http://www.test.com:8080', 'http://test.com:3000/', 'http://test.com:3030/baz/', 'http://*****:*****@test.com', 'http://baz@test.com/', 'http://*****:*****@test.com:8080', 'http://baz@test.com:8080');
foreach ($urls as $testURL) {
$this->assertEquals($testURL . '?foo=bar', HTTP::setGetVar('foo', 'bar', $testURL), 'Absolute URL and Port Number');
}
}