00001 <?php
00007 namespace Habari;
00008
00013 class UserHandler extends ActionHandler
00014 {
00015
00020 public function act_login()
00021 {
00022
00023 $this->login_form();
00024 }
00025
00026 public function loginform_do_reset($form)
00027 {
00028 $name = $form->habari_username->value;
00029 if ( empty($name) ) {
00030 Session::error( _t( 'You must supply a username to reset its password.' ) );
00031 }
00032 else {
00033 if ( !is_numeric( $name ) && $user = User::get( $name ) ) {
00034 $hash = Utils::random_password();
00035
00036 $user->info->password_reset = md5( $hash );
00037 $user->info->commit();
00038 $message = _t( 'Please visit %1$s to reset your password.', array( URL::get( 'auth', array( 'page' => 'password_reset', 'id' => $user->id, 'hash' => $hash ) ) ) );
00039
00040 Utils::mail( $user->email, _t( '[%1$s] Password reset request for %2$s', array( Options::get( 'title' ), $user->displayname ) ), $message );
00041 }
00042
00043 Session::notice( _t( 'A password reset request has been sent to the user.' ) );
00044 }
00045 }
00046
00047 public function loginform_do_login($form)
00048 {
00049 $name = $form->habari_username->value;
00050 $pass = $form->habari_password->value;
00051
00052 if ( ( null != $name ) || ( null != $pass ) ) {
00053 $user = User::authenticate( $name, $pass );
00054
00055 if ( ( $user instanceOf User ) && ( $user != false ) ) {
00056
00057
00058 if ( isset( $user->info->password_reset ) ) {
00059 unset( $user->info->password_reset );
00060 }
00061
00062
00063
00064 $user->info->authenticate_time = DateTime::create()->format( 'Y-m-d H:i:s' );
00065 $user->update();
00066
00067
00068 if ( Session::has_errors( 'expired_session' ) ) {
00069 Session::remove_error( 'expired_session' );
00070 }
00071
00072 $login_session = Session::get_set( 'login' );
00073 if ( ! empty( $login_session ) ) {
00074
00075 if ( ! empty( $login_session['post_data'] ) ) {
00076 Session::add_to_set( 'last_form_data', $last_form_data['post'], 'post' );
00077 }
00078 if ( ! empty( $login_session['get_data'] ) ) {
00079 Session::add_to_set( 'last_form_data', $last_form_data['get'], 'get' );
00080 }
00081
00082
00083 $dest = explode( '/', MultiByte::substr( $login_session['original'], MultiByte::strpos( $login_session['original'], 'admin/' ) ) );
00084 if ( '' == $dest[0] ) {
00085 $login_dest = Site::get_url( 'admin' );
00086 }
00087 else {
00088
00089
00090 $dest[1] = str_replace( '?', '&', $dest[1] );
00091 $login_dest = URL::get( 'admin', 'page=' . $dest[1] );
00092 }
00093 }
00094 else {
00095 $login_session = null;
00096 $login_dest = Site::get_url( 'admin' );
00097 }
00098
00099
00100 $login_dest = Plugins::filter( 'login_redirect_dest', $login_dest, $user, $login_session );
00101
00102
00103 Utils::redirect( $login_dest );
00104
00105 return true;
00106 }
00107
00108
00109
00110 $form->habari_password->value = '';
00111 $this->handler_vars['error'] = _t( 'Bad credentials' );
00112 }
00113 }
00114
00121 public function act_logout()
00122 {
00123 Utils::check_request_method( array( 'GET', 'HEAD', 'POST' ) );
00124
00125
00126 $user = User::identify();
00127 if ( $user->loggedin ) {
00128 Plugins::act( 'user_logout', $user );
00129
00130 $user->forget();
00131 $user = null;
00132 }
00133 Utils::redirect( Site::get_url( 'site' ) );
00134 }
00135
00141 protected function login_form()
00142 {
00143
00144 $this->setup_theme();
00145 if ( !$this->theme->template_exists( 'login' ) ) {
00146 $this->theme = Themes::create( 'admin', 'RawPHPEngine', Site::get_dir( 'admin_theme', true ) );
00147 $this->theme->assign( 'admin_page', 'login' );
00148 }
00149
00150
00151 $form = new FormUI( 'habari_login' );
00152
00153 $login_form_title = sprintf('<h1><a href="%s" title="%s"><img src="%s" style="height:1em;margin-right:10px;vertical-align:top;">%s</a></h1>', Site::get_url('site'), _t('Go to Site'), Site::get_url('habari', '/system/admin/images/habari.logo.png'), Options::get('title') );
00154 $form->append( FormControlStatic::create('title')->set_static($login_form_title) );
00155 $form->append( FormControlStatic::create('reset_message')->set_static('<p id="reset_message" class="on_reset">' . _t('Please enter the username you wish to reset the password for. A unique password reset link will be emailed to that user.') . '</p>' ) );
00156 $form->append( FormControlLabel::wrap(_t('Name'), FormControlText::create('habari_username'))->set_template('control.label.outsideleft'));
00157 $form->append(
00158 FormControlLabel::wrap(
00159 _t('Password'),
00160 FormControlPassword::create(
00161 'habari_password',
00162 null,
00163 array(
00164 'class'=>'off_reset',
00165 )
00166 )
00167 )->set_template('control.label.outsideleft')
00168 ->set_properties(array('class'=>'off_reset'))
00169 );
00170 $form->append( $drop_button = FormControlDropbutton::create('submit_button')->add_template_class('ul', 'off_reset'));
00171 $drop_button->append(FormControlSubmit::create('login')->on_success(array($this, 'loginform_do_login'))->set_caption(_t('Login')));
00172 $form->append( FormControlStatic::create('reset_link')->set_static('<a href="#" class="off_reset reset_link">' . _t('Reset password') . '</a>') );
00173 $form->append( FormControlStatic::create('login_link')->set_static('<a href="#" class="on_reset reset_link">' . _t('Login') . '</a>') );
00174 $form->append( FormControlSubmit::create('reset_button')->set_caption(_t('Reset password'))->set_properties(array('class'=>'on_reset'))->on_success(array($this, 'loginform_do_reset')) );
00175
00176
00177 $form->set_settings(array(
00178 'prefix_html' => '<script>$(function(){$("body").on("keypress", "form[name=' . $form->input_name() . ']", function(e){if(e.which==13){$(this).find("#' . $form->submit_button->get_visualizer() . ' .primary").click();return e.preventDefault()&&false;}});})</script>',
00179 ));
00180
00181
00182 Plugins::act( 'form_login', $form );
00183
00184
00185 $this->theme->form = $form;
00186 $this->display( 'login' );
00187
00188 return true;
00189 }
00190
00197 protected function display( $template_name )
00198 {
00199 $this->theme->display( $template_name );
00200 }
00201
00205 public function act_password_reset()
00206 {
00207 Utils::check_request_method( array( 'GET', 'HEAD', 'POST' ) );
00208
00209 $id = $this->handler_vars['id'];
00210 $hash = $this->handler_vars['hash'];
00211
00212 if ( $user = User::get( $id ) ) {
00213 if ( is_string( $hash ) && ( $user->info->password_reset == md5( $hash ) ) ) {
00214
00215 $password = Utils::random_password();
00216
00217 $user->password = Utils::crypt( $password );
00218 if ( $user->update() ) {
00219 $message = _t( "Your password for %1\$s has been reset. Your credentials are as follows---\nUsername: %2\$s\nPassword: %3\$s", array( Site::get_url( 'habari' ), $user->username, $password ) );
00220
00221 Utils::mail( $user->email, _t( '[%1$s] Password has been reset for %2$s', array( Options::get( 'title' ), $user->displayname ) ), $message );
00222 Session::notice( _t( 'A new password has been sent to the user.' ) );
00223 }
00224 else {
00225 Session::notice( _t( 'There was a problem resetting the password. It was not reset.' ) );
00226 }
00227
00228
00229 unset( $user->info->password_reset );
00230 $user->info->commit();
00231 }
00232 else {
00233 Session::notice( _t( 'The supplied password reset token has expired or is invalid.' ) );
00234 }
00235 }
00236
00237 Utils::redirect( URL::get( 'auth', array( 'page' => 'login' ) ) );
00238 }
00239
00240 }
00241 ?>