2007-07-19 12:40:28 +02:00
|
|
|
<?php
|
2007-09-16 02:32:48 +02:00
|
|
|
/**
|
|
|
|
* Standard Change Password Form
|
2008-02-25 03:10:37 +01:00
|
|
|
* @package sapphire
|
|
|
|
* @subpackage security
|
2007-09-16 02:32:48 +02:00
|
|
|
*/
|
|
|
|
class ChangePasswordForm extends Form {
|
2007-07-19 12:40:28 +02:00
|
|
|
|
2007-09-16 02:44:30 +02:00
|
|
|
/**
|
|
|
|
* Constructor
|
|
|
|
*
|
|
|
|
* @param Controller $controller The parent controller, necessary to
|
|
|
|
* create the appropriate form action tag.
|
|
|
|
* @param string $name The method on the controller that will return this
|
|
|
|
* form object.
|
|
|
|
* @param FieldSet|FormField $fields All of the fields in the form - a
|
|
|
|
* {@link FieldSet} of {@link FormField}
|
|
|
|
* objects.
|
|
|
|
* @param FieldSet|FormAction $actions All of the action buttons in the
|
|
|
|
* form - a {@link FieldSet} of
|
|
|
|
*/
|
2007-07-19 12:40:28 +02:00
|
|
|
function __construct($controller, $name, $fields = null, $actions = null) {
|
|
|
|
if(!$fields) {
|
2007-09-16 02:32:48 +02:00
|
|
|
$fields = new FieldSet();
|
2008-11-03 04:41:14 +01:00
|
|
|
if(Member::currentUser() && (!isset($_REQUEST['h']) || !Member::member_from_autologinhash($_REQUEST['h']))) {
|
2008-10-16 15:43:31 +02:00
|
|
|
$fields->push(new PasswordField("OldPassword",_t('Member.YOUROLDPASSWORD', "Your old password")));
|
2007-09-16 02:32:48 +02:00
|
|
|
}
|
|
|
|
|
2008-10-16 15:43:31 +02:00
|
|
|
$fields->push(new PasswordField("NewPassword1", _t('Member.NEWPASSWORD', "New Password")));
|
|
|
|
$fields->push(new PasswordField("NewPassword2", _t('Member.CONFIRMNEWPASSWORD', "Confirm New Password")));
|
2007-07-19 12:40:28 +02:00
|
|
|
}
|
|
|
|
if(!$actions) {
|
|
|
|
$actions = new FieldSet(
|
2008-04-26 08:31:52 +02:00
|
|
|
new FormAction("doChangePassword", _t('Member.BUTTONCHANGEPASSWORD', "Change Password"))
|
2007-07-19 12:40:28 +02:00
|
|
|
);
|
|
|
|
}
|
2007-09-16 02:32:48 +02:00
|
|
|
|
2007-07-19 12:40:28 +02:00
|
|
|
parent::__construct($controller, $name, $fields, $actions);
|
|
|
|
}
|
2007-09-16 02:32:48 +02:00
|
|
|
|
2007-09-16 02:44:30 +02:00
|
|
|
|
2007-09-16 02:32:48 +02:00
|
|
|
/**
|
|
|
|
* Change the password
|
|
|
|
*
|
|
|
|
* @param array $data The user submitted data
|
|
|
|
*/
|
2008-04-26 08:31:52 +02:00
|
|
|
function doChangePassword(array $data) {
|
2007-09-16 02:32:48 +02:00
|
|
|
if($member = Member::currentUser()) {
|
|
|
|
// The user was logged in, check the current password
|
2008-11-03 04:41:14 +01:00
|
|
|
if(isset($data['OldPassword']) && $member->checkPassword($data['OldPassword']) == false) {
|
2007-07-19 12:40:28 +02:00
|
|
|
$this->clearMessage();
|
2007-09-16 02:32:48 +02:00
|
|
|
$this->sessionMessage(
|
2007-10-25 04:47:45 +02:00
|
|
|
_t('Member.ERRORPASSWORDNOTMATCH', "Your current password does not match, please try again"),
|
|
|
|
"bad"
|
|
|
|
);
|
2007-07-19 12:40:28 +02:00
|
|
|
Director::redirectBack();
|
2008-04-26 08:31:52 +02:00
|
|
|
return;
|
2007-07-19 12:40:28 +02:00
|
|
|
}
|
2007-09-16 02:32:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if(!$member) {
|
|
|
|
if(Session::get('AutoLoginHash')) {
|
2008-08-11 08:11:33 +02:00
|
|
|
$member = Member::member_from_autologinhash(Session::get('AutoLoginHash'));
|
2007-09-16 02:32:48 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// The user is not logged in and no valid auto login hash is available
|
|
|
|
if(!$member) {
|
|
|
|
Session::clear('AutoLoginHash');
|
|
|
|
Director::redirect('loginpage');
|
2008-04-26 08:31:52 +02:00
|
|
|
return;
|
2007-07-19 12:40:28 +02:00
|
|
|
}
|
|
|
|
}
|
2007-09-16 02:32:48 +02:00
|
|
|
|
|
|
|
// Check the new password
|
|
|
|
if($data['NewPassword1'] == $data['NewPassword2']) {
|
2008-04-26 08:31:52 +02:00
|
|
|
$isValid = $member->changePassword($data['NewPassword1']);
|
|
|
|
if($isValid->valid()) {
|
|
|
|
$this->clearMessage();
|
|
|
|
$this->sessionMessage(
|
|
|
|
_t('Member.PASSWORDCHANGED', "Your password has been changed, and a copy emailed to you."),
|
|
|
|
"good");
|
|
|
|
Session::clear('AutoLoginHash');
|
2008-05-24 03:17:20 +02:00
|
|
|
$redirectURL = HTTP::setGetVar('BackURL', urlencode(Director::absoluteBaseURL()), Security::Link('login'));
|
|
|
|
Director::redirect($redirectURL);
|
2007-09-16 02:32:48 +02:00
|
|
|
|
2008-04-26 08:31:52 +02:00
|
|
|
} else {
|
|
|
|
$this->clearMessage();
|
|
|
|
$this->sessionMessage(nl2br("We couldn't accept that password:\n" . $isValid->starredList()), "bad");
|
|
|
|
Director::redirectBack();
|
|
|
|
}
|
2007-09-16 02:32:48 +02:00
|
|
|
|
|
|
|
} else {
|
|
|
|
$this->clearMessage();
|
|
|
|
$this->sessionMessage(
|
2007-10-25 04:47:45 +02:00
|
|
|
_t('Member.ERRORNEWPASSWORD', "Your have entered your new password differently, try again"),
|
2007-09-16 02:32:48 +02:00
|
|
|
"bad");
|
|
|
|
Director::redirectBack();
|
2007-07-19 12:40:28 +02:00
|
|
|
}
|
|
|
|
}
|
2007-09-16 02:32:48 +02:00
|
|
|
|
2007-07-19 12:40:28 +02:00
|
|
|
}
|
|
|
|
|
2007-09-16 02:32:48 +02:00
|
|
|
|
2007-07-19 12:40:28 +02:00
|
|
|
?>
|