2008-09-26 04:22:51 +02:00
< ? php
/**
* Log - in form for the " member " authentication method
* @ package sapphire
* @ subpackage security
*/
class MemberLoginForm extends LoginForm {
2008-10-08 04:00:12 +02:00
protected $authenticator_class = 'MemberAuthenticator' ;
2008-09-26 04:22:51 +02:00
/**
* Constructor
*
* @ param Controller $controller The parent controller , necessary to
* create the appropriate form action tag .
* @ param string $name The method on the controller that will return this
* form object .
* @ param FieldSet | FormField $fields All of the fields in the form - a
* { @ link FieldSet } of { @ link FormField }
* objects .
* @ param FieldSet | FormAction $actions All of the action buttons in the
* form - a { @ link FieldSet } of
* { @ link FormAction } objects
* @ param bool $checkCurrentUser If set to TRUE , it will be checked if a
* the user is currently logged in , and if
* so , only a logout button will be rendered
2008-10-08 04:00:12 +02:00
* @ param string $authenticatorClassName Name of the authenticator class that this form uses .
2008-09-26 04:22:51 +02:00
*/
function __construct ( $controller , $name , $fields = null , $actions = null ,
$checkCurrentUser = true ) {
2008-10-08 04:00:12 +02:00
// This is now set on the class directly to make it easier to create subclasses
// $this->authenticator_class = $authenticatorClassName;
2008-09-26 04:22:51 +02:00
$customCSS = project () . '/css/member_login.css' ;
if ( Director :: fileExists ( $customCSS )) {
Requirements :: css ( $customCSS );
}
if ( isset ( $_REQUEST [ 'BackURL' ])) {
$backURL = $_REQUEST [ 'BackURL' ];
} else {
$backURL = Session :: get ( 'BackURL' );
}
if ( $checkCurrentUser && Member :: currentUserID ()) {
$fields = new FieldSet ();
$actions = new FieldSet ( new FormAction ( " logout " , _t ( 'Member.BUTTONLOGINOTHER' , " Log in as someone else " )));
} else {
if ( ! $fields ) {
$fields = new FieldSet (
new HiddenField ( " AuthenticationMethod " , null , $this -> authenticator_class , $this ),
new TextField ( " Email " , _t ( 'Member.EMAIL' ),
Session :: get ( 'SessionForms.MemberLoginForm.Email' ), null , $this ),
2008-10-16 15:43:31 +02:00
new PasswordField ( " Password " , _t ( 'Member.PASSWORD' ), null , $this )
2008-09-26 04:22:51 +02:00
);
2008-10-08 04:00:12 +02:00
if ( Security :: $autologin_enabled ) {
$fields -> push ( new CheckboxField (
" Remember " ,
_t ( 'Member.REMEMBERME' , " Remember me next time? " ),
Session :: get ( 'SessionForms.MemberLoginForm.Remember' ),
$this
));
}
2008-09-26 04:22:51 +02:00
}
if ( ! $actions ) {
$actions = new FieldSet (
2008-10-16 13:10:56 +02:00
new FormAction ( 'dologin' , _t ( 'Member.BUTTONLOGIN' , " Log in " )),
2008-10-16 13:35:43 +02:00
new LiteralField ( 'forgotPassword' , '<p id="ForgotPassword"><a href="Security/lostpassword">' . _t ( 'Member.BUTTONLOSTPASSWORD' , " I've lost my password " ) . '</a></p>' )
2008-09-26 04:22:51 +02:00
);
}
}
if ( isset ( $backURL )) {
$fields -> push ( new HiddenField ( 'BackURL' , 'BackURL' , $backURL ));
}
parent :: __construct ( $controller , $name , $fields , $actions );
}
/**
* Get message from session
*/
protected function getMessageFromSession () {
parent :: getMessageFromSession ();
if (( $member = Member :: currentUser ()) &&
! Session :: get ( 'MemberLoginForm.force_message' )) {
$this -> message = sprintf ( _t ( 'Member.LOGGEDINAS' , " You're logged in as %s. " ), $member -> FirstName );
}
Session :: set ( 'MemberLoginForm.force_message' , false );
}
/**
* Login form handler method
*
* This method is called when the user clicks on " Log in "
*
* @ param array $data Submitted data
*/
public function dologin ( $data ) {
if ( $this -> performLogin ( $data )) {
Session :: clear ( 'SessionForms.MemberLoginForm.Email' );
Session :: clear ( 'SessionForms.MemberLoginForm.Remember' );
if ( Member :: currentUser () -> isPasswordExpired ()) {
if ( isset ( $_REQUEST [ 'BackURL' ]) && $backURL = $_REQUEST [ 'BackURL' ]) {
Session :: set ( 'BackURL' , $backURL );
}
$cp = new ChangePasswordForm ( $this -> controller , 'ChangePasswordForm' );
$cp -> sessionMessage ( 'Your password has expired. Please choose a new one.' , 'good' );
Director :: redirect ( 'Security/changepassword' );
} else if ( isset ( $_REQUEST [ 'BackURL' ]) && $backURL = $_REQUEST [ 'BackURL' ]) {
Session :: clear ( " BackURL " );
Director :: redirect ( $backURL );
} else {
2008-11-10 04:51:35 +01:00
$firstname = Convert :: raw2xml ( $member -> FirstName );
Session :: set ( " Security.Message.message " ,
sprintf ( _t ( 'Member.WELCOMEBACK' , " Welcome Back, %s " ), $firstname )
);
Session :: set ( " Security.Message.type " , " good " );
2008-10-08 04:00:12 +02:00
Director :: redirectBack ();
2008-09-26 04:22:51 +02:00
}
} else {
Session :: set ( 'SessionForms.MemberLoginForm.Email' , $data [ 'Email' ]);
Session :: set ( 'SessionForms.MemberLoginForm.Remember' , isset ( $data [ 'Remember' ]));
2008-11-10 04:51:35 +01:00
if ( isset ( $_REQUEST [ 'BackURL' ])) $backURL = $_REQUEST [ 'BackURL' ];
else $backURL = null ;
if ( $backURL ) Session :: set ( 'BackURL' , $backURL );
2008-09-26 04:22:51 +02:00
if ( $badLoginURL = Session :: get ( " BadLoginURL " )) {
Director :: redirect ( $badLoginURL );
} else {
// Show the right tab on failed login
2008-11-10 04:51:35 +01:00
$loginLink = Director :: absoluteURL ( Security :: Link ( " login " ));
if ( $backURL ) $loginLink .= '?BackURL=' . urlencode ( $backURL );
Director :: redirect ( $loginLink . '#' . $this -> FormName () . '_tab' );
2008-09-26 04:22:51 +02:00
}
}
}
/**
* Log out form handler method
*
* This method is called when the user clicks on " logout " on the form
* created when the parameter < i > $checkCurrentUser </ i > of the
* { @ link __construct constructor } was set to TRUE and the user was
* currently logged in .
*/
public function logout () {
$s = new Security ();
$s -> logout ();
}
/**
* Try to authenticate the user
*
* @ param array Submitted data
* @ return Member Returns the member object on successful authentication
* or NULL on failure .
*/
public function performLogin ( $data ) {
if ( $member = MemberAuthenticator :: authenticate ( $data , $this )) {
$member -> LogIn ( isset ( $data [ 'Remember' ]));
return $member ;
} else {
$this -> extend ( 'authenticationFailed' , $data );
return null ;
}
}
/**
* Forgot password form handler method
*
* This method is called when the user clicks on " I've lost my password "
*
* @ param array $data Submitted data
*/
function forgotPassword ( $data ) {
$SQL_data = Convert :: raw2sql ( $data );
2008-10-16 13:29:43 +02:00
$SQL_email = $SQL_data [ 'Email' ];
$member = DataObject :: get_one ( 'Member' , " Email = ' { $SQL_email } ' " );
2008-09-26 04:22:51 +02:00
2008-10-16 13:29:43 +02:00
if ( $member ) {
2008-09-26 04:22:51 +02:00
$member -> generateAutologinHash ();
2008-10-16 13:29:43 +02:00
$member -> sendInfo (
'forgotPassword' ,
array (
'PasswordResetLink' => Security :: getPasswordResetLink ( $member -> AutoLoginHash )
)
);
2008-09-26 04:22:51 +02:00
2008-10-08 04:00:12 +02:00
Director :: redirect ( 'Security/passwordsent/' . urlencode ( $data [ 'Email' ]));
2008-10-16 13:29:43 +02:00
} elseif ( $data [ 'Email' ]) {
2008-09-26 04:22:51 +02:00
$this -> sessionMessage (
2008-10-16 13:29:43 +02:00
_t ( 'Member.ERRORSIGNUP' , 'Sorry, but I don\'t recognise the e-mail address. Maybe you need ' .
'to sign up, or perhaps you used another e-mail address?'
),
'bad'
);
2008-09-26 04:22:51 +02:00
Director :: redirectBack ();
} else {
2008-10-16 13:29:43 +02:00
$this -> sessionMessage (
_t ( 'Member.ENTEREMAIL' , 'Please enter an email address to get a password reset link.' ),
'bad'
);
Director :: redirect ( 'Security/lostpassword' );
2008-09-26 04:22:51 +02:00
}
}
}
?>